3212aa98f6c8d67aa997a074578010b36d3df5d1a6d2055f5434ba8632fc260e

Analysis

max time kernel
315s
max time network
314s
platform
windows10-2004_x64
resource
win10v2004-20221111-de
resource tags

arch:x64arch:x86image:win10v2004-20221111-delocale:de-deos:windows10-2004-x64systemwindows
submitted
22-01-2023 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x64_setup.exe
Size

34.0MB
MD5

ca2ead342a22fcd891f73f99cba91005
SHA1

6e6470b49e9e9791acc6854b3d3823e97b058407
SHA256

3212aa98f6c8d67aa997a074578010b36d3df5d1a6d2055f5434ba8632fc260e
SHA512

39e8e285f3bc169ce3306cecf7a06317a93126dfce2d128acbb0a82d693d98ba0297601e258e4fa48ab8d2f235c6f8b5b648b48f15c02022e22893095a470bc6
SSDEEP

786432:5fzVFV7zFAsPBoyK32MlH8CSC9xSWEjh/dlCBS1Y/qemqa:/fWyKGMlcnelEdlO0YLa

Score

10^/10

discovery evasion persistence

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

svchost.exe

description pid process target process

PID 628 created 2940 628 svchost.exe fdm.exe

description	pid	process	target process
PID 628 created 2940	628	svchost.exe	fdm.exe

Executes dropped EXE 10 IoCs

Processes:

fdm_x64_setup.tmphelperservice.exefdm.exeimportwizard.exefdm5rhwin.exefdm5rhwin.exefdm.exeimportwizard.exefdm.exeFlashpoint 11.1 Infinity.exe

pid	process
1132	fdm_x64_setup.tmp
2296	helperservice.exe
2940	fdm.exe
3420	importwizard.exe
4780	fdm5rhwin.exe
3100	fdm5rhwin.exe
1308	fdm.exe
4440	importwizard.exe
3932	fdm.exe
776	Flashpoint 11.1 Infinity.exe

Modifies Windows Firewall 1 TTPs 2 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exe

pid process

1596 netsh.exe
216 netsh.exe
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

fdm.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation fdm.exe

pid	process
1596	netsh.exe
216	netsh.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	fdm.exe

Loads dropped DLL 64 IoCs

Processes:

fdm.exehelperservice.exeimportwizard.exefdm.exe

pid	process
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2296	helperservice.exe
2296	helperservice.exe
2940	fdm.exe
2296	helperservice.exe
2296	helperservice.exe
2296	helperservice.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
3420	importwizard.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

fdm.exemsedge.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-398SI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-R45DE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-76EHG.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-MUG9E.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-KO5RC.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-9CNPU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\is-NUC2H.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-5NIOS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-HG9UL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-OJOM6.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-5KAVJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Layouts\is-65B5H.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-7VUH4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-5E7QB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-865HT.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-JUMUS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-LBH3R.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-7I26Q.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-BDKVT.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\iconengines\is-UE32B.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-0IDJS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\is-1OGO4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-NBC1J.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQml\Models.2\is-4R7DD.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-05D6M.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-3PU9S.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-5HJ60.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-MSVKT.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-EABTV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-AR28I.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\XmlListModel\is-NO2AJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-KCPDO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\Qt\labs\folderlistmodel\is-10NDJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQml\RemoteObjects\is-AVPIP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-O0LMB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Extras\is-3FLI2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-JNO0O.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-6SIMQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-D6HQ4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-NG7LE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-NVTHL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-GSJN4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-CDHGD.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\LocalStorage\is-PK1AK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-G8SRR.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-L09HI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-GOMKA.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-2TPD4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-V0KM3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-6H979.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Window.2\is-CELCP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\is-JNIR7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-4O39H.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-T8H7Q.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-B4QSM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Scene2D\is-7DQUS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\platforms\is-O76HQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-9U698.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-IKK02.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-5JQGK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-EPE8M.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Extras\Private\is-GULDF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\imageformats\is-1IKH9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-DCIT3.tmp	fdm_x64_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exetaskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

5116 schtasks.exe

pid	process
5116	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

fdm_x64_setup.tmp

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp

Modifies registry class 53 IoCs

Processes:

fdm.exefirefox.exemsedge.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\Content Type	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	fdm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\ = "URL:fdm link"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\shell\open	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\URL Protocol	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 3a002e8005398e082303024b98265d99428e115f260001002600efbe11000000274bcb87d2f5d8018156207e6b2ed9018156207e6b2ed90114000000	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\DefaultIcon\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\", 1"	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\shell\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\shell\open\command\	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\shell\open\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\shell	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\DefaultIcon\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\shell\open\command\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	fdm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\icon	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\fdm\shell\ = "open"	fdm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	fdm.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

fdm.exefdm.exefdm.exe

pid process

2940 fdm.exe
1308 fdm.exe
3932 fdm.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

fdm.exefdm5rhwin.exefdm5rhwin.exemsedge.exemsedge.exefdm.exetaskmgr.exe

pid	process
2940	fdm.exe
2940	fdm.exe
4780	fdm5rhwin.exe
4780	fdm5rhwin.exe
3100	fdm5rhwin.exe
3100	fdm5rhwin.exe
1392	msedge.exe
1392	msedge.exe
4748	msedge.exe
4748	msedge.exe
1308	fdm.exe
1308	fdm.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

fdm.exe

pid process

1308 fdm.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

4748 msedge.exe
4748 msedge.exe

pid	process
4748	msedge.exe
4748	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

fdm.exesvchost.exefirefox.exetaskmgr.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2940	fdm.exe
Token: SeTcbPrivilege	628	svchost.exe
Token: SeTcbPrivilege	628	svchost.exe
Token: SeDebugPrivilege	2932	firefox.exe
Token: SeDebugPrivilege	2932	firefox.exe
Token: SeDebugPrivilege	2932	firefox.exe
Token: SeDebugPrivilege	2932	firefox.exe
Token: SeDebugPrivilege	5012	taskmgr.exe
Token: SeSystemProfilePrivilege	5012	taskmgr.exe
Token: SeCreateGlobalPrivilege	5012	taskmgr.exe
Token: 33	5012	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5012	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

fdm_x64_setup.tmpmsedge.exefdm.exefirefox.exetaskmgr.exe

pid	process
1132	fdm_x64_setup.tmp
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe

Suspicious use of SendNotifyMessage 56 IoCs

Processes:

fdm.exefirefox.exetaskmgr.exe

pid	process
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
5012	taskmgr.exe
1308	fdm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

fdm.exehelperservice.exefdm.exefdm.exefirefox.exe

pid	process
2940	fdm.exe
2296	helperservice.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
2940	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
3932	fdm.exe
3932	fdm.exe
3932	fdm.exe
3932	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
2932	firefox.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe
1308	fdm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpfdm.exesvchost.exemsedge.exe

description	pid	process	target process
PID 616 wrote to memory of 1132	616	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 616 wrote to memory of 1132	616	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 616 wrote to memory of 1132	616	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 1132 wrote to memory of 4176	1132	fdm_x64_setup.tmp	schtasks.exe
PID 1132 wrote to memory of 4176	1132	fdm_x64_setup.tmp	schtasks.exe
PID 1132 wrote to memory of 5116	1132	fdm_x64_setup.tmp	schtasks.exe
PID 1132 wrote to memory of 5116	1132	fdm_x64_setup.tmp	schtasks.exe
PID 1132 wrote to memory of 2652	1132	fdm_x64_setup.tmp	schtasks.exe
PID 1132 wrote to memory of 2652	1132	fdm_x64_setup.tmp	schtasks.exe
PID 1132 wrote to memory of 4852	1132	fdm_x64_setup.tmp	schtasks.exe
PID 1132 wrote to memory of 4852	1132	fdm_x64_setup.tmp	schtasks.exe
PID 1132 wrote to memory of 2940	1132	fdm_x64_setup.tmp	fdm.exe
PID 1132 wrote to memory of 2940	1132	fdm_x64_setup.tmp	fdm.exe
PID 2940 wrote to memory of 3420	2940	fdm.exe	importwizard.exe
PID 2940 wrote to memory of 3420	2940	fdm.exe	importwizard.exe
PID 628 wrote to memory of 4748	628	svchost.exe	msedge.exe
PID 628 wrote to memory of 4748	628	svchost.exe	msedge.exe
PID 4748 wrote to memory of 1728	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1728	4748	msedge.exe	msedge.exe
PID 1132 wrote to memory of 4780	1132	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 1132 wrote to memory of 4780	1132	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 1132 wrote to memory of 3100	1132	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 1132 wrote to memory of 3100	1132	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 1132 wrote to memory of 1596	1132	fdm_x64_setup.tmp	netsh.exe
PID 1132 wrote to memory of 1596	1132	fdm_x64_setup.tmp	netsh.exe
PID 1132 wrote to memory of 216	1132	fdm_x64_setup.tmp	netsh.exe
PID 1132 wrote to memory of 216	1132	fdm_x64_setup.tmp	netsh.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 1528	4748	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:616

C:\Users\Admin\AppData\Local\Temp\is-QR4CS.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QR4CS.tmp\fdm_x64_setup.tmp" /SL5="$B011E,34943088,780288,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1132

C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:4176

C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Creates scheduled task(s)
PID:5116

C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:2652

C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:4852

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=10&osarchitecture=x86_64&architecture=x86_64&version=6.18.1.4920&uuid=8888b509-9e2a-4544-986e-09310bc6aeff&locale=de_DE&ac=1&au=1
4⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff85d7046f8,0x7ff85d704708,0x7ff85d704718
5⤵
PID:1728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6583476036422331745,16443764147632197365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
5⤵
PID:1528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6583476036422331745,16443764147632197365,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6583476036422331745,16443764147632197365,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
5⤵
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6583476036422331745,16443764147632197365,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
5⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6583476036422331745,16443764147632197365,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
5⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,6583476036422331745,16443764147632197365,131072 --lang=de --service-sandbox-type=service --mojo-platform-channel-handle=5200 /prefetch:8
5⤵
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,6583476036422331745,16443764147632197365,131072 --lang=de --service-sandbox-type=service --mojo-platform-channel-handle=5544 /prefetch:8
5⤵
PID:2440

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4780

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3100

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
3⤵
- Modifies Windows Firewall
PID:1596

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
3⤵
- Modifies Windows Firewall
PID:216

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
4⤵
- Executes dropped EXE
PID:4440

C:\Users\Admin\Downloads\Flashpoint 11.1 Infinity.exe
"C:\Users\Admin\Downloads\Flashpoint 11.1 Infinity.exe"
4⤵
- Executes dropped EXE
PID:776

C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.0.382559193\2140187815" -parentBuildID 20200403170909 -prefsHandle 1692 -prefMapHandle 1612 -prefsLen 1 -prefMapSize 220117 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 1784 gpu
3⤵
PID:5088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.3.216154936\1154989559" -childID 1 -isForBrowser -prefsHandle 1544 -prefMapHandle 2444 -prefsLen 112 -prefMapSize 220117 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 2456 tab
3⤵
PID:2920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.13.180880758\1807710811" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 6894 -prefMapSize 220117 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 3576 tab
3⤵
PID:4712

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Softdeluxe\Free Download Manager\MSVCP140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Gui.dll

Filesize
6.2MB

MD5
1273c387e80db82ee6a96ac4788da8f7

SHA1
d0ba5c2c54e535254fb1ac5866c32b4c1398e045

SHA256
90b1a7c47965eafcc896b99e9520198c097f60975b74884f1c2bc91a5ce88160

SHA512
3356e4da246a05aaa959002463835afc4154077e112acde6531b78bcaf32272f1d81d8b8aa8407d31bee48b1f439b57427874660386147729749efe790a2ada2

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Gui.dll

Filesize
6.2MB

MD5
1273c387e80db82ee6a96ac4788da8f7

SHA1
d0ba5c2c54e535254fb1ac5866c32b4c1398e045

SHA256
90b1a7c47965eafcc896b99e9520198c097f60975b74884f1c2bc91a5ce88160

SHA512
3356e4da246a05aaa959002463835afc4154077e112acde6531b78bcaf32272f1d81d8b8aa8407d31bee48b1f439b57427874660386147729749efe790a2ada2

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Gui.dll

Filesize
6.2MB

MD5
1273c387e80db82ee6a96ac4788da8f7

SHA1
d0ba5c2c54e535254fb1ac5866c32b4c1398e045

SHA256
90b1a7c47965eafcc896b99e9520198c097f60975b74884f1c2bc91a5ce88160

SHA512
3356e4da246a05aaa959002463835afc4154077e112acde6531b78bcaf32272f1d81d8b8aa8407d31bee48b1f439b57427874660386147729749efe790a2ada2

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Multimedia.dll

Filesize
713KB

MD5
d51ad7b8a4f98a8f584989c2e72679e5

SHA1
4f8bfb1a5ff09cd29b11dbd7acb805061d416dee

SHA256
e36cde2154a75b2267cf5ba8ae659d7e0750e9ac985d6923db0335c1ed734b10

SHA512
aed79d5bd7f197af96e02f11de289c9062f64c3956b4c6d66098c6f78b3d0159e180a5afb1e7baa58ac0a7dca98a98f147bb1a9e1fa8a4b1bdf5da06f583e064

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Multimedia.dll

Filesize
713KB

MD5
d51ad7b8a4f98a8f584989c2e72679e5

SHA1
4f8bfb1a5ff09cd29b11dbd7acb805061d416dee

SHA256
e36cde2154a75b2267cf5ba8ae659d7e0750e9ac985d6923db0335c1ed734b10

SHA512
aed79d5bd7f197af96e02f11de289c9062f64c3956b4c6d66098c6f78b3d0159e180a5afb1e7baa58ac0a7dca98a98f147bb1a9e1fa8a4b1bdf5da06f583e064

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Qml.dll

Filesize
3.8MB

MD5
bb53b42e1676fcdb5d5e71664ca592ba

SHA1
a781aaf2600658e868ba6950721ad8ced6ffb6d4

SHA256
a473856364e00c6fc9c25508089f078665464a64d5b50c8a1b48a853709bcf23

SHA512
53e6f72516f71b54179935829d1b425a43e5e65a211759bb2f1ef44815d6cc0e09cc651919436402983b41e51dc683d45c4683ae7131a0aa056244d3508e4e48

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Qml.dll

Filesize
3.8MB

MD5
bb53b42e1676fcdb5d5e71664ca592ba

SHA1
a781aaf2600658e868ba6950721ad8ced6ffb6d4

SHA256
a473856364e00c6fc9c25508089f078665464a64d5b50c8a1b48a853709bcf23

SHA512
53e6f72516f71b54179935829d1b425a43e5e65a211759bb2f1ef44815d6cc0e09cc651919436402983b41e51dc683d45c4683ae7131a0aa056244d3508e4e48

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Quick.dll

Filesize
3.6MB

MD5
c01cab6389a0b21d61bb77e56fd898aa

SHA1
84153b02aec718ae0881158dec3c5de257ef89f7

SHA256
d93f6a371e4fd92740d0c46dbf4a9ac82f2e79444a34a36d0be82266ed4fd93a

SHA512
3a351b5d71a7b0711d9117bb0ed04ca194e77684bd57314939e5dcbc4430b0f6fb8865f2f3427e0c9c0a1e662048fbd79f020b7e64bd3e3e4759f83fab103d16

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Quick.dll

Filesize
3.6MB

MD5
c01cab6389a0b21d61bb77e56fd898aa

SHA1
84153b02aec718ae0881158dec3c5de257ef89f7

SHA256
d93f6a371e4fd92740d0c46dbf4a9ac82f2e79444a34a36d0be82266ed4fd93a

SHA512
3a351b5d71a7b0711d9117bb0ed04ca194e77684bd57314939e5dcbc4430b0f6fb8865f2f3427e0c9c0a1e662048fbd79f020b7e64bd3e3e4759f83fab103d16

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5QuickControls2.dll

Filesize
175KB

MD5
83d2d8058e2beecfacecea3f773684ae

SHA1
410f95d0a5f550ed98ec072d1d039923b3b85cff

SHA256
c27ff75badc2ca3d60da3d5878aa777ae7ca2fb41ffd3931d65c390227a4bb3d

SHA512
b895eea653997753aca88c2df2dea8c79dd65314f38fc841103e5c286e2dc313063b9dfd951c4cf293ea18e38086d0a1f6714f5232d96d925acd1b0bc6ad5ab0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5QuickControls2.dll

Filesize
175KB

MD5
83d2d8058e2beecfacecea3f773684ae

SHA1
410f95d0a5f550ed98ec072d1d039923b3b85cff

SHA256
c27ff75badc2ca3d60da3d5878aa777ae7ca2fb41ffd3931d65c390227a4bb3d

SHA512
b895eea653997753aca88c2df2dea8c79dd65314f38fc841103e5c286e2dc313063b9dfd951c4cf293ea18e38086d0a1f6714f5232d96d925acd1b0bc6ad5ab0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5QuickTemplates2.dll

Filesize
1010KB

MD5
4760f98a8a40e6d07db6b8506553fb80

SHA1
a9ddcddf81358253dfdf86e210a63ff28d556587

SHA256
4f3267d1871cfcda6c9cdf7240c2189eaa7f96aa4967d98a660c4d5e9cc0b101

SHA512
1860ae685868b554008a1dab2e8d4fa34588cb503509fddcfb5366bd49143fcacd2ff8141023146787a55f5a1b0d1bab09b5f436035f26e3b48c463c4c58e1d1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5QuickTemplates2.dll

Filesize
1010KB

MD5
4760f98a8a40e6d07db6b8506553fb80

SHA1
a9ddcddf81358253dfdf86e210a63ff28d556587

SHA256
4f3267d1871cfcda6c9cdf7240c2189eaa7f96aa4967d98a660c4d5e9cc0b101

SHA512
1860ae685868b554008a1dab2e8d4fa34588cb503509fddcfb5366bd49143fcacd2ff8141023146787a55f5a1b0d1bab09b5f436035f26e3b48c463c4c58e1d1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Sql.dll

Filesize
209KB

MD5
d780e35d89a9d5389b03e5181832af75

SHA1
23ffc88e2026871a299065d55eb21d3b67546418

SHA256
1b9435197ea13aac313106822d61f36ab107a48341e5d09408918bd0fc3bbe44

SHA512
bba506404e85243098aba6a39ad6dceb06669058842b5e0ddc884f95c749a722c4ed15b9f22f3810f73b0605343f39ff82ca71e4da9e8c4d8a95eb42d18cca45

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Sql.dll

Filesize
209KB

MD5
d780e35d89a9d5389b03e5181832af75

SHA1
23ffc88e2026871a299065d55eb21d3b67546418

SHA256
1b9435197ea13aac313106822d61f36ab107a48341e5d09408918bd0fc3bbe44

SHA512
bba506404e85243098aba6a39ad6dceb06669058842b5e0ddc884f95c749a722c4ed15b9f22f3810f73b0605343f39ff82ca71e4da9e8c4d8a95eb42d18cca45

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Widgets.dll

Filesize
5.3MB

MD5
91439f0387898388cb1a3150c5848d73

SHA1
d57b3c8bb6ae88f98add39890c9a8c3fdc2a0f55

SHA256
9e38324e796eb66200498dbfdcda8ac92f92155a9accdc6c97f92f475ea4c8c2

SHA512
8a282440d5b2ba67ef4d9f490c0ef93946b60351b4019cb247eac67da92398b55745f6325fe6ab7f62088132614cc9f6332726e532e692f0b709bdcaa3999bac

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Widgets.dll

Filesize
5.3MB

MD5
91439f0387898388cb1a3150c5848d73

SHA1
d57b3c8bb6ae88f98add39890c9a8c3fdc2a0f55

SHA256
9e38324e796eb66200498dbfdcda8ac92f92155a9accdc6c97f92f475ea4c8c2

SHA512
8a282440d5b2ba67ef4d9f490c0ef93946b60351b4019cb247eac67da92398b55745f6325fe6ab7f62088132614cc9f6332726e532e692f0b709bdcaa3999bac

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll

Filesize
87KB

MD5
162788a111c3ee1937295a3827f68b7c

SHA1
d999f5ca96474f518faf371d3f63843114c80614

SHA256
cd147aefcd9339a24cc6cff4a961dfc6842423a503eb6f50284a6a3eaafc17f2

SHA512
08d9b858d7afa32776bed868a0787078a108deaf49cde71d03f8f2aa9beeb74e25002e328b1497d4ab418ebe9b96b15c15c6ca5e0906e1bbf256358825d8f7ac

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll

Filesize
87KB

MD5
162788a111c3ee1937295a3827f68b7c

SHA1
d999f5ca96474f518faf371d3f63843114c80614

SHA256
cd147aefcd9339a24cc6cff4a961dfc6842423a503eb6f50284a6a3eaafc17f2

SHA512
08d9b858d7afa32776bed868a0787078a108deaf49cde71d03f8f2aa9beeb74e25002e328b1497d4ab418ebe9b96b15c15c6ca5e0906e1bbf256358825d8f7ac

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll

Filesize
496KB

MD5
56693e67d67908997d885ce0bdacfa97

SHA1
f5cecfa55765ee4115beb21473fbd5975b15b6fd

SHA256
44ad96a7a555ccc19e07fb507b7a274194c4c7435ebd798019218175dc30c810

SHA512
65bb46eed9c4bb5f5f21f549251ae67e578164176afc2438396fc8e75a10fb5dece19d93036f5bb4515a3e91bbc7a16625438e2d208bdd8d5d5814e7f2b7c525

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll

Filesize
496KB

MD5
56693e67d67908997d885ce0bdacfa97

SHA1
f5cecfa55765ee4115beb21473fbd5975b15b6fd

SHA256
44ad96a7a555ccc19e07fb507b7a274194c4c7435ebd798019218175dc30c810

SHA512
65bb46eed9c4bb5f5f21f549251ae67e578164176afc2438396fc8e75a10fb5dece19d93036f5bb4515a3e91bbc7a16625438e2d208bdd8d5d5814e7f2b7c525

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe

Filesize
125KB

MD5
7cf96519fbb09c34d31cac4d272cfb76

SHA1
47da0b81bee168efd8e43598b739002d62c8a492

SHA256
1401ecd7535e0d38455b3229806525086021904b95336438d4c851347e2cf215

SHA512
af2a0bc3bc0f94650b4e7603bc20dcbfee74064a2b8d0f66108b2b01645a87008170f69d693d4f96f0438a41d9c627ec09ee5085ad4cd05a0fc8fb2af55bd8d2

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe

Filesize
125KB

MD5
7cf96519fbb09c34d31cac4d272cfb76

SHA1
47da0b81bee168efd8e43598b739002d62c8a492

SHA256
1401ecd7535e0d38455b3229806525086021904b95336438d4c851347e2cf215

SHA512
af2a0bc3bc0f94650b4e7603bc20dcbfee74064a2b8d0f66108b2b01645a87008170f69d693d4f96f0438a41d9c627ec09ee5085ad4cd05a0fc8fb2af55bd8d2

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\iconengines\qsvgicon.dll

Filesize
44KB

MD5
54f9023c9f25fc683f1b442c0b5a5734

SHA1
4c19a7aea2fa942ce54c4771af826a6ec97ea485

SHA256
d651ad610745fcc04f53d148bf1f592894688d9a8db2a4c6c0f7886a77a31df5

SHA512
9a76de4c0ef818609d5ed132b473009bad67451d0bd55aa24584a208902ca28b04e2fc40e609a845f3d1173c0bcd6e82ce73b7eb09f3e739caec6a180a2ba894

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\imageformats\qgif.dll

Filesize
40KB

MD5
1eea75d8c80d0863a1c31921eee4601c

SHA1
a534ebff8f14a3bd629cedd40acd81f7cddf7fbc

SHA256
eb52fb17a02f760565236987909c23c905baf2d0cdb876a13791edada6c563e1

SHA512
d2be14b97c9758d8185d586dd35df30f90c94252bf24d5f9e82db4cb623fdd7b234d6d97ba4951b263a1a210433a8eaf38d82238e29e34b516f09960d21be398

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\imageformats\qicns.dll

Filesize
49KB

MD5
411cc6b11eb112fe54b39685778cf3c9

SHA1
02b44edb0faf891be5d4a6dde767f8f8897c007e

SHA256
40c3798b27811fc27a1cbfba4c60bf32491c98c9ae2bca973ce3fcd2e11124bc

SHA512
a0953c004c0ff095683a6874638ec0bc06becb94a8d9b9636b8d748302c16615875df3b160eefc0f614007ac56dea555024a963abb0ea70012d657f11e6f549e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\imageformats\qico.dll

Filesize
41KB

MD5
34af9a4b24c8f3fb83cb0d263693cab0

SHA1
d39c9835c9e2ac2d15e04ab5cedf1596847edd66

SHA256
5f77bdc72e5024cd8cca51ca1905a8d77cce99399ae7a0686d98abd3df5eb455

SHA512
b4a7d383e90bae66edca7641dd0b6d02972f37b5f58a4218c51f305a868da2efdc91dc394f1ebc8fb7a404181a4024fcbc55f280a0dc04841b2bc656c3a0a9f2

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
8bf7134fd7c7b9f79fbaa46a820565fd

SHA1
c82732c10a0f03ef1868d2ca6a8c42ec430a8a02

SHA256
a8f38398b8e95919ce4f4eb4ce9e2db432b5b8da00b531e2f1633795b3fa622a

SHA512
9d48c50a08236df337ace9f7546d3db392d980d6b86111da0f1b72848d9a7e74aa05ec9eb83f35c4c0570334f5c3b8460e1864eb2ad9a7ff5dc67d0206616e61

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
8bf7134fd7c7b9f79fbaa46a820565fd

SHA1
c82732c10a0f03ef1868d2ca6a8c42ec430a8a02

SHA256
a8f38398b8e95919ce4f4eb4ce9e2db432b5b8da00b531e2f1633795b3fa622a

SHA512
9d48c50a08236df337ace9f7546d3db392d980d6b86111da0f1b72848d9a7e74aa05ec9eb83f35c4c0570334f5c3b8460e1864eb2ad9a7ff5dc67d0206616e61

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libssl-1_1-x64.dll

Filesize
669KB

MD5
8915e476444729db9f0a1c2ec7501c87

SHA1
01aecb1cc1e6821132729e6eb366b37c7933b8d5

SHA256
9a99670dcb874b67b47927611a1546c590b07d0580b62be57b1fa9a3df7934e7

SHA512
e1e7c9142339260811d31a32b9e2b0a7a44959f778b898e03ae968d26c98d72ea0bf3cfbac054520d3fa7808088391abca4c5f96db0114ff8b27a146b4d0fe03

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libssl-1_1-x64.dll

Filesize
669KB

MD5
8915e476444729db9f0a1c2ec7501c87

SHA1
01aecb1cc1e6821132729e6eb366b37c7933b8d5

SHA256
9a99670dcb874b67b47927611a1546c590b07d0580b62be57b1fa9a3df7934e7

SHA512
e1e7c9142339260811d31a32b9e2b0a7a44959f778b898e03ae968d26c98d72ea0bf3cfbac054520d3fa7808088391abca4c5f96db0114ff8b27a146b4d0fe03

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll

Filesize
32KB

MD5
f86d67751f21fdf101048da34d3de812

SHA1
6a99f27ef16ce1025bde7c8a0e9780739b22adc0

SHA256
b4e28856c976425995e79f08fe39de72c6fddb6b53ece7c25bd3cc2b7ac43a5f

SHA512
e0829655fb0b5e17bda36bf93b5e1293efd88b86fca07a7e88f715996ff263b9ee3a72dd57f0cc0b0a5bf7856f17e6f9ecb71871c6f01deae361b87a86d82932

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll

Filesize
32KB

MD5
f86d67751f21fdf101048da34d3de812

SHA1
6a99f27ef16ce1025bde7c8a0e9780739b22adc0

SHA256
b4e28856c976425995e79f08fe39de72c6fddb6b53ece7c25bd3cc2b7ac43a5f

SHA512
e0829655fb0b5e17bda36bf93b5e1293efd88b86fca07a7e88f715996ff263b9ee3a72dd57f0cc0b0a5bf7856f17e6f9ecb71871c6f01deae361b87a86d82932

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\platforms\qwindows.dll

Filesize
1.4MB

MD5
ac584cbeb327e9d2364873f451e074be

SHA1
eb2d7b7f38c880ae4bc4f32c50e10e73ee15c816

SHA256
1fa4d2f13d22d9a859503d7b7c87ba39d379d9a14afcea7299d572eabb2bdf57

SHA512
4fca1fa9494799f382318d329a3040bc067d55e7cd99be6d768e975fb585f61f8c1360908284bb04c055dcf21a164464305e9255d52b1c57a0cfc49eea003203

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\platforms\qwindows.dll

Filesize
1.4MB

MD5
ac584cbeb327e9d2364873f451e074be

SHA1
eb2d7b7f38c880ae4bc4f32c50e10e73ee15c816

SHA256
1fa4d2f13d22d9a859503d7b7c87ba39d379d9a14afcea7299d572eabb2bdf57

SHA512
4fca1fa9494799f382318d329a3040bc067d55e7cd99be6d768e975fb585f61f8c1360908284bb04c055dcf21a164464305e9255d52b1c57a0cfc49eea003203

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\quazip.dll

Filesize
203KB

MD5
9a08a2b7ec7edd0150e236104aa4d1f3

SHA1
b7ba88484afe6ad111f64db81519a1dc2ec68508

SHA256
d373c86239b2cb562f05dde6aa2086c7276239e138fafaad99ce8b3bd4ea2582

SHA512
684cc71fd090b24909e6bdfafb2bcb97e29450ea73f924cc3e9f5489d43ab86c310cd45056e31f387f59fe549fe19cc009fc2ba9f7e882f3e6d116cef26adb12

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\quazip.dll

Filesize
203KB

MD5
9a08a2b7ec7edd0150e236104aa4d1f3

SHA1
b7ba88484afe6ad111f64db81519a1dc2ec68508

SHA256
d373c86239b2cb562f05dde6aa2086c7276239e138fafaad99ce8b3bd4ea2582

SHA512
684cc71fd090b24909e6bdfafb2bcb97e29450ea73f924cc3e9f5489d43ab86c310cd45056e31f387f59fe549fe19cc009fc2ba9f7e882f3e6d116cef26adb12

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\service.xml

Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\styles\qwindowsvistastyle.dll

Filesize
142KB

MD5
085087d668776333d78d87ff579fce87

SHA1
861af820e28c6070fa22defbb527e55cdbe3590f

SHA256
59f3183245e4ea6a93f04eb3dc7460b3911397cb5a9f7aa429921b7957b62684

SHA512
10b2492ec88f0682264169478b966cb6584276d4dfb6a49d62ce21dff68013b3d1e17cfc51c658f5773d5cb9b374ec90205f1ebd07db70e8f0c76a96cda80e2e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\styles\qwindowsvistastyle.dll

Filesize
142KB

MD5
085087d668776333d78d87ff579fce87

SHA1
861af820e28c6070fa22defbb527e55cdbe3590f

SHA256
59f3183245e4ea6a93f04eb3dc7460b3911397cb5a9f7aa429921b7957b62684

SHA512
10b2492ec88f0682264169478b966cb6584276d4dfb6a49d62ce21dff68013b3d1e17cfc51c658f5773d5cb9b374ec90205f1ebd07db70e8f0c76a96cda80e2e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QR4CS.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QR4CS.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
memory/216-216-0x0000000000000000-mapping.dmp

Download
memory/616-136-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/616-139-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/616-234-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/616-132-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/776-242-0x0000000000000000-mapping.dmp

Download
memory/1132-134-0x0000000000000000-mapping.dmp

Download
memory/1308-237-0x00000210FBCB0000-0x00000210FBCC0000-memory.dmp

Filesize
64KB

Download
memory/1308-233-0x00007FF85C630000-0x00007FF85CB85000-memory.dmp

Filesize
5.3MB

Download
memory/1308-232-0x00007FF85CCD0000-0x00007FF85D078000-memory.dmp

Filesize
3.7MB

Download
memory/1308-231-0x00007FF67CB40000-0x00007FF67D0B4000-memory.dmp

Filesize
5.5MB

Download
memory/1308-230-0x0000000000000000-mapping.dmp

Download
memory/1392-219-0x0000000000000000-mapping.dmp

Download
memory/1528-218-0x0000000000000000-mapping.dmp

Download
memory/1596-215-0x0000000000000000-mapping.dmp

Download
memory/1728-212-0x0000000000000000-mapping.dmp

Download
memory/2388-221-0x0000000000000000-mapping.dmp

Download
memory/2440-229-0x0000000000000000-mapping.dmp

Download
memory/2652-142-0x0000000000000000-mapping.dmp

Download
memory/2920-225-0x0000000000000000-mapping.dmp

Download
memory/2940-189-0x00007FF85BC30000-0x00007FF85C185000-memory.dmp

Filesize
5.3MB

Download
memory/2940-188-0x00007FF85C6D0000-0x00007FF85CA78000-memory.dmp

Filesize
3.7MB

Download
memory/2940-191-0x00007FF67CB40000-0x00007FF67D0B4000-memory.dmp

Filesize
5.5MB

Download
memory/2940-145-0x0000000000000000-mapping.dmp

Download
memory/3100-214-0x0000000000000000-mapping.dmp

Download
memory/3420-210-0x00007FF85BC30000-0x00007FF85C185000-memory.dmp

Filesize
5.3MB

Download
memory/3420-209-0x0000000000000000-mapping.dmp

Download
memory/3932-238-0x00007FF67CB40000-0x00007FF67D0B4000-memory.dmp

Filesize
5.5MB

Download
memory/3932-241-0x0000022B79B00000-0x0000022B79B10000-memory.dmp

Filesize
64KB

Download
memory/3932-240-0x00007FF85C630000-0x00007FF85CB85000-memory.dmp

Filesize
5.3MB

Download
memory/3932-239-0x00007FF85CCD0000-0x00007FF85D078000-memory.dmp

Filesize
3.7MB

Download
memory/4136-223-0x0000000000000000-mapping.dmp

Download
memory/4176-137-0x0000000000000000-mapping.dmp

Download
memory/4440-235-0x0000000000000000-mapping.dmp

Download
memory/4440-236-0x00007FF85C630000-0x00007FF85CB85000-memory.dmp

Filesize
5.3MB

Download
memory/4748-211-0x0000000000000000-mapping.dmp

Download
memory/4780-213-0x0000000000000000-mapping.dmp

Download
memory/4852-143-0x0000000000000000-mapping.dmp

Download
memory/4864-227-0x0000000000000000-mapping.dmp

Download
memory/5116-140-0x0000000000000000-mapping.dmp

Download