3212aa98f6c8d67aa997a074578010b36d3df5d1a6d2055f5434ba8632fc260e

Analysis

max time kernel
34s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24-03-2023 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x64_setup.exe
Size

34.0MB
MD5

ca2ead342a22fcd891f73f99cba91005
SHA1

6e6470b49e9e9791acc6854b3d3823e97b058407
SHA256

3212aa98f6c8d67aa997a074578010b36d3df5d1a6d2055f5434ba8632fc260e
SHA512

39e8e285f3bc169ce3306cecf7a06317a93126dfce2d128acbb0a82d693d98ba0297601e258e4fa48ab8d2f235c6f8b5b648b48f15c02022e22893095a470bc6
SSDEEP

786432:5fzVFV7zFAsPBoyK32MlH8CSC9xSWEjh/dlCBS1Y/qemqa:/fWyKGMlcnelEdlO0YLa

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

fdm_x64_setup.tmpfdm.exehelperservice.exeimportwizard.exe

pid process

1744 fdm_x64_setup.tmp
1552 fdm.exe
1740 helperservice.exe
676 importwizard.exe

pid	process
1744	fdm_x64_setup.tmp
1552	fdm.exe
1740	helperservice.exe
676	importwizard.exe

Loads dropped DLL 64 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpfdm.exetaskeng.exehelperservice.exe

pid	process
1228	fdm_x64_setup.exe
1744	fdm_x64_setup.tmp
1744	fdm_x64_setup.tmp
1744	fdm_x64_setup.tmp
1744	fdm_x64_setup.tmp
1264
1264
1264
1264
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1912	taskeng.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1740	helperservice.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-MOJ3M.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-AHGGH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-2M688.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-DJ19A.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-M3KPM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-19E1H.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-NC1VQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-IBBKR.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-3J3GL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-RN3A9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\images\is-K29TK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-40SO5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-1NBAR.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-5TD4K.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-MUGUK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-O1PLH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-LJJ7N.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Flat\is-0JR4D.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\is-VJ7M2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-9SMVP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-Q87T5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQml\is-LHCU4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-N2PHE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-IMART.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-7O460.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-1AARE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\qml\is-AAFI5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-4O5AM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-IB2UK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-F66M0.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-70BIN.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-23VJO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-T39T9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-Q747M.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-274EO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-KVVD3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-2VFHB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-GE2NA.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-UL8V6.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-H7LQB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-O7040.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-EM01N.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\is-EOQ40.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-265A4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-C7KRO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-Q8E6B.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\is-3C27C.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-FG3AS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-MNA4V.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\Qt\labs\platform\is-SD681.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-H923A.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-Q3UJG.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-71D7M.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\images\is-OONHS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-RGAEI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-VBVCK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Flat\is-CSL6V.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-PLAJM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-GR102.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-D6698.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-FSUO7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-OTU7R.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-U3FHF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-E7JGQ.tmp	fdm_x64_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

1608 schtasks.exe

pid	process
1608	schtasks.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

Processes:

fdm_x64_setup.tmp

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MAIN	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

fdm.exe

pid process

1552 fdm.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

fdm_x64_setup.tmp

pid process

1744 fdm_x64_setup.tmp
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

helperservice.exefdm.exe

pid process

1740 helperservice.exe
1552 fdm.exe
1552 fdm.exe

pid	process
1552	fdm.exe

pid	process
1744	fdm_x64_setup.tmp

pid	process
1740	helperservice.exe
1552	fdm.exe
1552	fdm.exe

Suspicious use of WriteProcessMemory 36 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpchrome.exetaskeng.exefdm.exe

description	pid	process	target process
PID 1228 wrote to memory of 1744	1228	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 1228 wrote to memory of 1744	1228	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 1228 wrote to memory of 1744	1228	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 1228 wrote to memory of 1744	1228	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 1228 wrote to memory of 1744	1228	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 1228 wrote to memory of 1744	1228	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 1228 wrote to memory of 1744	1228	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 1744 wrote to memory of 380	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 380	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 380	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 380	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1608	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1608	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1608	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1608	1744	fdm_x64_setup.tmp	schtasks.exe
PID 2044 wrote to memory of 1776	2044	chrome.exe	chrome.exe
PID 2044 wrote to memory of 1776	2044	chrome.exe	chrome.exe
PID 2044 wrote to memory of 1776	2044	chrome.exe	chrome.exe
PID 1744 wrote to memory of 1520	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1520	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1520	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1520	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1672	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1672	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1672	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1672	1744	fdm_x64_setup.tmp	schtasks.exe
PID 1744 wrote to memory of 1552	1744	fdm_x64_setup.tmp	fdm.exe
PID 1744 wrote to memory of 1552	1744	fdm_x64_setup.tmp	fdm.exe
PID 1744 wrote to memory of 1552	1744	fdm_x64_setup.tmp	fdm.exe
PID 1744 wrote to memory of 1552	1744	fdm_x64_setup.tmp	fdm.exe
PID 1912 wrote to memory of 1740	1912	taskeng.exe	helperservice.exe
PID 1912 wrote to memory of 1740	1912	taskeng.exe	helperservice.exe
PID 1912 wrote to memory of 1740	1912	taskeng.exe	helperservice.exe
PID 1552 wrote to memory of 676	1552	fdm.exe	importwizard.exe
PID 1552 wrote to memory of 676	1552	fdm.exe	importwizard.exe
PID 1552 wrote to memory of 676	1552	fdm.exe	importwizard.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1228

C:\Users\Admin\AppData\Local\Temp\is-AQP2H.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-AQP2H.tmp\fdm_x64_setup.tmp" /SL5="$80022,34943088,780288,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1744

C:\Windows\system32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:380

C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Creates scheduled task(s)
PID:1608

C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:1520

C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:1672

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1552

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
PID:676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b69758,0x7fef6b69768,0x7fef6b69778
2⤵
PID:1776

C:\Windows\system32\taskeng.exe
taskeng.exe {D24B4700-E641-48CB-9BCB-68BC4E6510A6} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1912

C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Softdeluxe\Free Download Manager\MSVCP140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
5c744d7fbbeb6d806051cf99767ac56d

SHA1
4cc050c10b5a6c6a4c07df1ddea57ea68c725e9e

SHA256
7f58f49a59c4c25c733b9745f52abd5b03e2c79625ce610550dbba8835bb5623

SHA512
becb336b1811e605f6eef7795f43a7dc0c2a8f428d7f9b6f4989f56f3869ead150fbfbfd468a68a9d4925b3e9a9fe52a2e45abd1fcc4aa0e001d8cd2021e9ca6

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
ae064c624063ed8cd25d646e6b481273

SHA1
a34516d15740c50bcf871aa0d45ab9383bd6f0ca

SHA256
e1fe386e5b0f7f56ff2982d6959269041ae618ad74506db5887ade31e500841c

SHA512
fd63022843489c7eb400c6bb64fed0eecba87ab92fb9062af771c1016950d9ef7fa9774316c73114ec9120e36c767d6a6cf7fd064e9d9a912212a1526350a0c8

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
01ad27ee677d4e344657378832a6ac90

SHA1
47121d3b6f94160f60e8d903358710b868ea5970

SHA256
8fd1d49ad7a04880004c5fdf9f88118f236d2d08fb2d09e9d6ba33143b3a69da

SHA512
386f4a183ddfdf2b24a4af447f61b6fdcc9dc39d28c70d3cf720f36b4582b7e9c500f81dcbe4cfcabcbad523f9adc9f2a38c142929a1528da905cca3236dec94

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
ebcd3d486cbd0b772f8c8f0edd2a8cab

SHA1
51f043631fa0fc622a3ef7f6b9bf30964ea620d0

SHA256
d20bf4086cd6bae61a2546e2aaf6a1b3fe4e7c24422d13c8c05e1853dcf08973

SHA512
d0e66a0318774ab0ad338f20d64a57fd041b037bf923d6443bead37acafdb8930fdc5e0ce15b2b4032eb0e8db7e781858271e15af835127b46fd9aeb2e4f00f8

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
23102af54db977d494b3692767cf140e

SHA1
25eb0bfa64179eabe3c0798534d05d160877294a

SHA256
68a36ccfb88ddba45e3c02190be4f2e09a37ba6883cb63c2418aa68ba0e13401

SHA512
ae494514013b55e0eb6b8d51c1621ac5b10f5e5534991d095b73445c8d024a7350d35ae36cbf7f1bb34fa60f55cdf29f13d2cb427be3a07d004b4ae598b7a8ac

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
9fab02f9997d60412f3f045e41ab6e1d

SHA1
a974a6014ac3c7b2c3f2e51cd0560dcaac5f7e98

SHA256
03faaac34a7d25b8829da2508a4f8b476b5d5b895267f2b9852fb02ccf31da42

SHA512
432298110e3d4a684a6445820e5fd27a5f6a4a6c7c3a681b6e4cbe5fc3c6b54a1d2faae56735eeb3a2ffe0907676b5ea68b01b0d3691e81032abea9c4e9e2e9e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
9e0b0be46897205489c1f62b8d500716

SHA1
66d787d63b84578a7fdd96e20027d9a5b9abed6e

SHA256
0dd70eb1936ca4cdf2d9f21798f85acfb6cb061cff04c60c9c7e4004cbc14c0e

SHA512
16414e72e720db401592adff08ab6e24eef5b7f2bfbd8a5976ab6f76b209bc24eeb06a3fdd27793c40646947819605e9b7fbc1f6fdefd47c4601cea279b794da

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
91ba5541723dcdcedeeb2ab802c9f602

SHA1
6fb8c87617ea3b7fea9905ad61c1ccd94adfd1e3

SHA256
dd6b5fbab8e14874e1d03757cec08df5ada023877377612911619f5b52e37709

SHA512
3eda6f948f66539d82fe9d4af9fbec79eef2fc19567ee4703d278122ade7540f0e7149a213731d9219c953ba9f0ca2dc5178603c2e25d39e24821147211b1405

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
ab1e031803c1518d2d50927dac99bf02

SHA1
7403c89b5ec1c7eca155acf035db77f75f3562d7

SHA256
3a2c1d0c99a9e49ad974508cd67587b0f017086973decbe787c779ae57f0e011

SHA512
3fb653e3a198c94f4d70c76b9800d7cdaac3c682c66406e2b585663bed632d6e632c25e3b4eebc6971e3b02c6cebb94c56fe9cc961043e70f3a48d41f969dd9a

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
7a8dd369b8a9ede2636db42939da05f8

SHA1
b2dcb61d7bb01afa9b2aa3fd72884e3059f58c17

SHA256
4e07b35c97f71fea5c93dbfdfc030bfbc05aff218855fda16d2856cb7153e98b

SHA512
641c744588ad032763240241172460dd0ca95e6d3d9697a2a91ccf4195c76c15c722db1705777d7405b0d8f366fa9c37b269e733f795d5a3bbbaba1858069234

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
1d821d741cfaf0d322f2483114d93188

SHA1
aa6ecd604d207bbae869225a1a7738433a4417d6

SHA256
9b299b18fe97191e3875d173b2d89295cfa8d006a0c9328fae867b8da9bdc23b

SHA512
3ff35106664fed3746dc00ed0bf85db853b047f736708c9a2587d9550581642a6837f1ff4a0275c54a42f6033fbd7567b233d3f832f25a241b321820bff8a971

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
79878844b0a1eb2b621286dad20bc4ab

SHA1
a64cfd5f9424bad329e2578168ee58a11ce14f36

SHA256
177779ff31d2977ea5bb583d3fc50209edb64bbce8c40d6d14e34ea4446266e3

SHA512
960a8d1cf1c447a77eb90ecf1e8171c8e01d6933b04ec18acb0f7bbfecebdff5cb3c972b9ace75715d2dfcb5faf4de7ecfe56b059ff8e1255272257ef905e35d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
3c2162f8f05b362dda8814505c555312

SHA1
2bbcbb984c909ada3ce8cc37bd910375c2d806f4

SHA256
b5a3c4681ff8c09ccf32e0e0bf7d183293b5171bbb6512fdb90585d6d88fbd70

SHA512
ca268cc8dc39bf025aa7612c4cbecc18cb8fce30855c76e46c6524243c52ed4daa34bd75b99a65c2fa46eaa1aa302b33bdc84630a074d53b91153a89b4539ade

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
759606f25742c0d3252a3b6bcf7a0098

SHA1
6f395025343beb970fb06207101d01a4144133bf

SHA256
e3c4e66be42bdba47b3186f1935bf852620b9f6c507cf56321e21714814d1ea2

SHA512
0d5a35780098620e275aa82bb962f5c1b85caac1eea2a52c83b6963b002faaaf5d25f5ef78b93f530e75329d33cc6297059df2ed00624ee9a6eaed856e2d3c70

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
fb8949d67cb7f83a407c762788d9ae54

SHA1
f22c3707e653a967060aa16dba9afd23267789ca

SHA256
0595b77b356f9a1dfba92515cb15d227b7039cb8beee3b0ca6be15b5f3913dd9

SHA512
b08b4c2b6d392623ae7d52ebb30700b57f666dfbbac813b640f574b15267fb902e96f684a6e3ce138ef7a3068095bb6d9e180b4dbd4243b40defaf822a31f2bb

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
b6758d08c062bf25125ab89de52010e7

SHA1
2c678741012bc4834a18b49d739bf903831ac3e7

SHA256
b724edd5f89b6c0b6d386d8283b3fd6fdb7563d4e886537d3d77cfa5e81128c6

SHA512
0f1d02744bf405288150f31e0106f536fe4719383cf1b5d4fae3e4fb71da005c1e324d5157572d2fd8862a2f78984104a7b0b40ff60f120e545b9cbd683f5059

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
fc3d9d7e98c1315e30586dc8ce9254cd

SHA1
77520a4a2eaf4929e8deaf1751393781b161b837

SHA256
a075f5c8dbd97be408da070324e661d0ecef76deeb8c77ac7a2161083140ccfb

SHA512
64ad909f2b98a86bab730ac25169ec06c7129df89027b9a65e5f8e370ced78f884a4518f2d650f2eff78aafbdd037fd20dd784bcfc12618c13d5b153a6f2c92d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
8bf7134fd7c7b9f79fbaa46a820565fd

SHA1
c82732c10a0f03ef1868d2ca6a8c42ec430a8a02

SHA256
a8f38398b8e95919ce4f4eb4ce9e2db432b5b8da00b531e2f1633795b3fa622a

SHA512
9d48c50a08236df337ace9f7546d3db392d980d6b86111da0f1b72848d9a7e74aa05ec9eb83f35c4c0570334f5c3b8460e1864eb2ad9a7ff5dc67d0206616e61

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll

Filesize
32KB

MD5
f86d67751f21fdf101048da34d3de812

SHA1
6a99f27ef16ce1025bde7c8a0e9780739b22adc0

SHA256
b4e28856c976425995e79f08fe39de72c6fddb6b53ece7c25bd3cc2b7ac43a5f

SHA512
e0829655fb0b5e17bda36bf93b5e1293efd88b86fca07a7e88f715996ff263b9ee3a72dd57f0cc0b0a5bf7856f17e6f9ecb71871c6f01deae361b87a86d82932

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\service.xml

Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\ucrtbase.DLL

Filesize
969KB

MD5
aeea6662f0f7819a077b99441c36178c

SHA1
c3a2ec7fd791235b8b1f2371e94f25a1670f7d00

SHA256
cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302

SHA512
b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AQP2H.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AQP2H.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
5c744d7fbbeb6d806051cf99767ac56d

SHA1
4cc050c10b5a6c6a4c07df1ddea57ea68c725e9e

SHA256
7f58f49a59c4c25c733b9745f52abd5b03e2c79625ce610550dbba8835bb5623

SHA512
becb336b1811e605f6eef7795f43a7dc0c2a8f428d7f9b6f4989f56f3869ead150fbfbfd468a68a9d4925b3e9a9fe52a2e45abd1fcc4aa0e001d8cd2021e9ca6

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
ae064c624063ed8cd25d646e6b481273

SHA1
a34516d15740c50bcf871aa0d45ab9383bd6f0ca

SHA256
e1fe386e5b0f7f56ff2982d6959269041ae618ad74506db5887ade31e500841c

SHA512
fd63022843489c7eb400c6bb64fed0eecba87ab92fb9062af771c1016950d9ef7fa9774316c73114ec9120e36c767d6a6cf7fd064e9d9a912212a1526350a0c8

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
01ad27ee677d4e344657378832a6ac90

SHA1
47121d3b6f94160f60e8d903358710b868ea5970

SHA256
8fd1d49ad7a04880004c5fdf9f88118f236d2d08fb2d09e9d6ba33143b3a69da

SHA512
386f4a183ddfdf2b24a4af447f61b6fdcc9dc39d28c70d3cf720f36b4582b7e9c500f81dcbe4cfcabcbad523f9adc9f2a38c142929a1528da905cca3236dec94

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
ebcd3d486cbd0b772f8c8f0edd2a8cab

SHA1
51f043631fa0fc622a3ef7f6b9bf30964ea620d0

SHA256
d20bf4086cd6bae61a2546e2aaf6a1b3fe4e7c24422d13c8c05e1853dcf08973

SHA512
d0e66a0318774ab0ad338f20d64a57fd041b037bf923d6443bead37acafdb8930fdc5e0ce15b2b4032eb0e8db7e781858271e15af835127b46fd9aeb2e4f00f8

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
23102af54db977d494b3692767cf140e

SHA1
25eb0bfa64179eabe3c0798534d05d160877294a

SHA256
68a36ccfb88ddba45e3c02190be4f2e09a37ba6883cb63c2418aa68ba0e13401

SHA512
ae494514013b55e0eb6b8d51c1621ac5b10f5e5534991d095b73445c8d024a7350d35ae36cbf7f1bb34fa60f55cdf29f13d2cb427be3a07d004b4ae598b7a8ac

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
9fab02f9997d60412f3f045e41ab6e1d

SHA1
a974a6014ac3c7b2c3f2e51cd0560dcaac5f7e98

SHA256
03faaac34a7d25b8829da2508a4f8b476b5d5b895267f2b9852fb02ccf31da42

SHA512
432298110e3d4a684a6445820e5fd27a5f6a4a6c7c3a681b6e4cbe5fc3c6b54a1d2faae56735eeb3a2ffe0907676b5ea68b01b0d3691e81032abea9c4e9e2e9e

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
9e0b0be46897205489c1f62b8d500716

SHA1
66d787d63b84578a7fdd96e20027d9a5b9abed6e

SHA256
0dd70eb1936ca4cdf2d9f21798f85acfb6cb061cff04c60c9c7e4004cbc14c0e

SHA512
16414e72e720db401592adff08ab6e24eef5b7f2bfbd8a5976ab6f76b209bc24eeb06a3fdd27793c40646947819605e9b7fbc1f6fdefd47c4601cea279b794da

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
91ba5541723dcdcedeeb2ab802c9f602

SHA1
6fb8c87617ea3b7fea9905ad61c1ccd94adfd1e3

SHA256
dd6b5fbab8e14874e1d03757cec08df5ada023877377612911619f5b52e37709

SHA512
3eda6f948f66539d82fe9d4af9fbec79eef2fc19567ee4703d278122ade7540f0e7149a213731d9219c953ba9f0ca2dc5178603c2e25d39e24821147211b1405

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
ab1e031803c1518d2d50927dac99bf02

SHA1
7403c89b5ec1c7eca155acf035db77f75f3562d7

SHA256
3a2c1d0c99a9e49ad974508cd67587b0f017086973decbe787c779ae57f0e011

SHA512
3fb653e3a198c94f4d70c76b9800d7cdaac3c682c66406e2b585663bed632d6e632c25e3b4eebc6971e3b02c6cebb94c56fe9cc961043e70f3a48d41f969dd9a

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
7a8dd369b8a9ede2636db42939da05f8

SHA1
b2dcb61d7bb01afa9b2aa3fd72884e3059f58c17

SHA256
4e07b35c97f71fea5c93dbfdfc030bfbc05aff218855fda16d2856cb7153e98b

SHA512
641c744588ad032763240241172460dd0ca95e6d3d9697a2a91ccf4195c76c15c722db1705777d7405b0d8f366fa9c37b269e733f795d5a3bbbaba1858069234

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
1d821d741cfaf0d322f2483114d93188

SHA1
aa6ecd604d207bbae869225a1a7738433a4417d6

SHA256
9b299b18fe97191e3875d173b2d89295cfa8d006a0c9328fae867b8da9bdc23b

SHA512
3ff35106664fed3746dc00ed0bf85db853b047f736708c9a2587d9550581642a6837f1ff4a0275c54a42f6033fbd7567b233d3f832f25a241b321820bff8a971

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
79878844b0a1eb2b621286dad20bc4ab

SHA1
a64cfd5f9424bad329e2578168ee58a11ce14f36

SHA256
177779ff31d2977ea5bb583d3fc50209edb64bbce8c40d6d14e34ea4446266e3

SHA512
960a8d1cf1c447a77eb90ecf1e8171c8e01d6933b04ec18acb0f7bbfecebdff5cb3c972b9ace75715d2dfcb5faf4de7ecfe56b059ff8e1255272257ef905e35d

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
3c2162f8f05b362dda8814505c555312

SHA1
2bbcbb984c909ada3ce8cc37bd910375c2d806f4

SHA256
b5a3c4681ff8c09ccf32e0e0bf7d183293b5171bbb6512fdb90585d6d88fbd70

SHA512
ca268cc8dc39bf025aa7612c4cbecc18cb8fce30855c76e46c6524243c52ed4daa34bd75b99a65c2fa46eaa1aa302b33bdc84630a074d53b91153a89b4539ade

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
759606f25742c0d3252a3b6bcf7a0098

SHA1
6f395025343beb970fb06207101d01a4144133bf

SHA256
e3c4e66be42bdba47b3186f1935bf852620b9f6c507cf56321e21714814d1ea2

SHA512
0d5a35780098620e275aa82bb962f5c1b85caac1eea2a52c83b6963b002faaaf5d25f5ef78b93f530e75329d33cc6297059df2ed00624ee9a6eaed856e2d3c70

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
fb8949d67cb7f83a407c762788d9ae54

SHA1
f22c3707e653a967060aa16dba9afd23267789ca

SHA256
0595b77b356f9a1dfba92515cb15d227b7039cb8beee3b0ca6be15b5f3913dd9

SHA512
b08b4c2b6d392623ae7d52ebb30700b57f666dfbbac813b640f574b15267fb902e96f684a6e3ce138ef7a3068095bb6d9e180b4dbd4243b40defaf822a31f2bb

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
b6758d08c062bf25125ab89de52010e7

SHA1
2c678741012bc4834a18b49d739bf903831ac3e7

SHA256
b724edd5f89b6c0b6d386d8283b3fd6fdb7563d4e886537d3d77cfa5e81128c6

SHA512
0f1d02744bf405288150f31e0106f536fe4719383cf1b5d4fae3e4fb71da005c1e324d5157572d2fd8862a2f78984104a7b0b40ff60f120e545b9cbd683f5059

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
fc3d9d7e98c1315e30586dc8ce9254cd

SHA1
77520a4a2eaf4929e8deaf1751393781b161b837

SHA256
a075f5c8dbd97be408da070324e661d0ecef76deeb8c77ac7a2161083140ccfb

SHA512
64ad909f2b98a86bab730ac25169ec06c7129df89027b9a65e5f8e370ced78f884a4518f2d650f2eff78aafbdd037fd20dd784bcfc12618c13d5b153a6f2c92d

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
8bf7134fd7c7b9f79fbaa46a820565fd

SHA1
c82732c10a0f03ef1868d2ca6a8c42ec430a8a02

SHA256
a8f38398b8e95919ce4f4eb4ce9e2db432b5b8da00b531e2f1633795b3fa622a

SHA512
9d48c50a08236df337ace9f7546d3db392d980d6b86111da0f1b72848d9a7e74aa05ec9eb83f35c4c0570334f5c3b8460e1864eb2ad9a7ff5dc67d0206616e61

Download Submit
\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
\Program Files\Softdeluxe\Free Download Manager\ucrtbase.dll

Filesize
969KB

MD5
aeea6662f0f7819a077b99441c36178c

SHA1
c3a2ec7fd791235b8b1f2371e94f25a1670f7d00

SHA256
cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302

SHA512
b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639

Download Submit
\Program Files\Softdeluxe\Free Download Manager\unins000.exe

Filesize
2.5MB

MD5
4aa99065bf80198db9ed6e2395e8fc3f

SHA1
a1d6596be22ea524d7cb12a6f1d9c466a9f45e21

SHA256
b39ff24189008a102c9cd114302769c83c31841e0f2c99d0530f242703188a65

SHA512
5fa1bcb83be7c043187a47004603e823cbc6bf4b5c7744b6cc47d019588d05d5cf356078f21e1f599ef9310adb87b2201efa80f380665aa9d893d584143e2207

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
\Users\Admin\AppData\Local\Temp\is-AQP2H.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
memory/1228-63-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1228-54-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1552-2029-0x000007FEF40F0000-0x000007FEF4498000-memory.dmp

Filesize
3.7MB

Download
memory/1552-2033-0x000000013F750000-0x000000013FCC4000-memory.dmp

Filesize
5.5MB

Download
memory/1552-2032-0x000007FEF3450000-0x000007FEF39A5000-memory.dmp

Filesize
5.3MB

Download
memory/1744-2031-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/1744-234-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/1744-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1744-64-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/1744-62-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/1744-151-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1744-152-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download