6b81e9096e235e9ddb85ef4e252c3cdb1a7ba59222ec0ba20b36240462dbf82e

Analysis

max time kernel
147s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2023 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x86_setup.exe
Size

29.6MB
MD5

98787369b9d98df577a0adb767d7b09f
SHA1

565a8fdded61f76628a2e897d450afb542860ec7
SHA256

6b81e9096e235e9ddb85ef4e252c3cdb1a7ba59222ec0ba20b36240462dbf82e
SHA512

3639b34cc7705f3d9dc61f1fed57770bd02df95c59759fc65ebe0a44d26fcd4df7cd67284284bacf3968d3bd99b5f4f558a43c1642cc36f9f8544766e2e157d9
SSDEEP

393216:8h5DlMt3JlOdMcH0VDEqGvj9hTG+e1vCEjdPG623TcEcnr2Hc5tYvyCNttU9AZa/:olo3CeVDVs5CdhIQnDuXm9aag07hMC

Score

8^/10

evasion persistence

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Processes:

netsh.exenetsh.exe

pid process

4364 netsh.exe
1324 netsh.exe

pid	process
4364	netsh.exe
1324	netsh.exe

Executes dropped EXE 11 IoCs

Processes:

fdm_x86_setup.tmpfdm.exehelperservice.exeimportwizard.exefdm5rhwin.exefdm5rhwin.exefdm.exefdm.exeimportwizard.exefdm.exefdm.exe

pid	process
5012	fdm_x86_setup.tmp
2580	fdm.exe
396	helperservice.exe
3996	importwizard.exe
1544	fdm5rhwin.exe
3216	fdm5rhwin.exe
1644	fdm.exe
4788	fdm.exe
2460	importwizard.exe
3612	fdm.exe
792	fdm.exe

Loads dropped DLL 64 IoCs

Processes:

fdm.exeimportwizard.exehelperservice.exefdm.exe

pid	process
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
3996	importwizard.exe
396	helperservice.exe
396	helperservice.exe
396	helperservice.exe
396	helperservice.exe
396	helperservice.exe
3996	importwizard.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

fdm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files (x86)\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden"	fdm.exe

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x86_setup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt\labs\platform\is-LKQ9L.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\is-K8GHD.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-16FEL.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-UNFH4.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-6GU0M.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-JL2BO.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-PE6V3.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-F4HQH.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-IDO43.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-6A7S1.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQml\RemoteObjects\is-US4FM.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-DCE3S.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-3EK9K.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-IOA03.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-JV4N9.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\gamepads\is-KK089.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-HKES1.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-P9QBQ.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtGraphicalEffects\is-JBT5Q.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\qmltooling\is-TC2IR.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-NFL9O.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-IDGDI.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-QP6M8.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Extras\Private\is-7D679.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-13IVC.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\is-7PH7E.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-PQ48O.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-113PB.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-FP9K9.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-DGEGT.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\styles\is-Q854D.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\is-FMD0A.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\is-A7KHD.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-T80PB.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-KASFG.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-FVMAD.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\translations\is-SVSUE.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-ICSFK.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-IO7QN.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-R5K2C.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-M9A1B.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\translations\is-GT7MN.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-IH0OF.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\mediaservice\is-CO2IU.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtGraphicalEffects\is-937DA.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\is-RP0GG.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\is-THN12.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-TTIGI.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-MA6EG.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-925T5.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\is-1M2RE.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-TVKJD.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-3DLKD.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-1NBSC.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-5HGIR.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-6UPDL.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\is-ISNUG.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-GFP41.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-FG1A7.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-KU735.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-KCMSJ.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\is-8J2TI.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\is-OUU1P.tmp	fdm_x86_setup.tmp
File created	C:\Program Files (x86)\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-P0VVI.tmp	fdm_x86_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

752 schtasks.exe

pid	process
752	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

fdm_x86_setup.tmp

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x86_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x86_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x86_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x86_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x86_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x86_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x86_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x86_setup.tmp

Modifies registry class 18 IoCs

Processes:

fdm.exefirefox.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\shell\open\command\ = "\"C:\\Program Files (x86)\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\icon	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\URL Protocol	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\DefaultIcon\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\DefaultIcon\ = "\"C:\\Program Files (x86)\\Softdeluxe\\Free Download Manager\\fdm.exe\", 1"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\shell\ = "open"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\shell\open	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\Content Type	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\shell\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\shell\open\command\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\shell\open\command	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\command	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\ = "URL:fdm link"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\shell	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 5 IoCs

Processes:

fdm.exefdm.exefdm.exefdm.exefdm.exe

pid process

2580 fdm.exe
1644 fdm.exe
4788 fdm.exe
3612 fdm.exe
792 fdm.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

fdm.exefdm5rhwin.exefdm5rhwin.exemsedge.exemsedge.exeidentity_helper.exefdm.exe

pid	process
2580	fdm.exe
2580	fdm.exe
1544	fdm5rhwin.exe
1544	fdm5rhwin.exe
3216	fdm5rhwin.exe
3216	fdm5rhwin.exe
1432	msedge.exe
1432	msedge.exe
2312	msedge.exe
2312	msedge.exe
3780	identity_helper.exe
3780	identity_helper.exe
1644	fdm.exe
1644	fdm.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1432 msedge.exe
1432 msedge.exe
1432 msedge.exe
1432 msedge.exe
1432 msedge.exe
1432 msedge.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

fdm.exefirefox.exe

description pid process

Token: SeIncreaseQuotaPrivilege 2580 fdm.exe
Token: SeDebugPrivilege 2284 firefox.exe
Token: SeDebugPrivilege 2284 firefox.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2580	fdm.exe
Token: SeDebugPrivilege	2284	firefox.exe
Token: SeDebugPrivilege	2284	firefox.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

fdm_x86_setup.tmpmsedge.exefdm.exefirefox.exe

pid	process
5012	fdm_x86_setup.tmp
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
2284	firefox.exe
2284	firefox.exe
2284	firefox.exe
2284	firefox.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exefdm.exefirefox.exe

pid	process
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
2284	firefox.exe
2284	firefox.exe
2284	firefox.exe

Suspicious use of SetWindowsHookEx 55 IoCs

Processes:

fdm.exehelperservice.exefdm.exefdm.exefdm.exefdm.exefirefox.exe

pid	process
2580	fdm.exe
2580	fdm.exe
396	helperservice.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
2580	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
4788	fdm.exe
4788	fdm.exe
4788	fdm.exe
4788	fdm.exe
1644	fdm.exe
3612	fdm.exe
792	fdm.exe
3612	fdm.exe
3612	fdm.exe
3612	fdm.exe
792	fdm.exe
792	fdm.exe
792	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
2284	firefox.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe
1644	fdm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fdm_x86_setup.exefdm_x86_setup.tmpfdm.exemsedge.exe

description	pid	process	target process
PID 4900 wrote to memory of 5012	4900	fdm_x86_setup.exe	fdm_x86_setup.tmp
PID 4900 wrote to memory of 5012	4900	fdm_x86_setup.exe	fdm_x86_setup.tmp
PID 4900 wrote to memory of 5012	4900	fdm_x86_setup.exe	fdm_x86_setup.tmp
PID 5012 wrote to memory of 60	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 60	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 60	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 752	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 752	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 752	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 2404	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 2404	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 2404	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 4432	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 4432	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 4432	5012	fdm_x86_setup.tmp	schtasks.exe
PID 5012 wrote to memory of 2580	5012	fdm_x86_setup.tmp	fdm.exe
PID 5012 wrote to memory of 2580	5012	fdm_x86_setup.tmp	fdm.exe
PID 5012 wrote to memory of 2580	5012	fdm_x86_setup.tmp	fdm.exe
PID 2580 wrote to memory of 3996	2580	fdm.exe	importwizard.exe
PID 2580 wrote to memory of 3996	2580	fdm.exe	importwizard.exe
PID 2580 wrote to memory of 3996	2580	fdm.exe	importwizard.exe
PID 1432 wrote to memory of 4744	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 4744	1432	msedge.exe	msedge.exe
PID 5012 wrote to memory of 1544	5012	fdm_x86_setup.tmp	fdm5rhwin.exe
PID 5012 wrote to memory of 1544	5012	fdm_x86_setup.tmp	fdm5rhwin.exe
PID 5012 wrote to memory of 1544	5012	fdm_x86_setup.tmp	fdm5rhwin.exe
PID 5012 wrote to memory of 3216	5012	fdm_x86_setup.tmp	fdm5rhwin.exe
PID 5012 wrote to memory of 3216	5012	fdm_x86_setup.tmp	fdm5rhwin.exe
PID 5012 wrote to memory of 3216	5012	fdm_x86_setup.tmp	fdm5rhwin.exe
PID 5012 wrote to memory of 4364	5012	fdm_x86_setup.tmp	netsh.exe
PID 5012 wrote to memory of 4364	5012	fdm_x86_setup.tmp	netsh.exe
PID 5012 wrote to memory of 4364	5012	fdm_x86_setup.tmp	netsh.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe
PID 1432 wrote to memory of 1768	1432	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\fdm_x86_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x86_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4900

C:\Users\Admin\AppData\Local\Temp\is-MTABV.tmp\fdm_x86_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-MTABV.tmp\fdm_x86_setup.tmp" /SL5="$150048,30099075,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x86_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5012

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:60

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files (x86)\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Creates scheduled task(s)
PID:752

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files (x86)\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:2404

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:4432

C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Program Files (x86)\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=10.0&osarchitecture=x86_64&architecture=i386&version=6.19.1.5263&uuid=d0010e7a-db3d-42f4-9c95-6cc630b4dfcf&locale=en_US&ac=1&au=1
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf07e46f8,0x7ffcf07e4708,0x7ffcf07e4718
5⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
5⤵
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
5⤵
PID:3876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
5⤵
PID:1368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
5⤵
PID:2940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
5⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
5⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:8
5⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
5⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15970558244803898034,13731038113338816877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
5⤵
PID:3296

C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1544

C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3216

C:\Windows\SysWOW64\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
3⤵
- Modifies Windows Firewall
PID:4364

C:\Windows\SysWOW64\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
3⤵
- Modifies Windows Firewall
PID:1324

C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Program Files (x86)\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
4⤵
- Executes dropped EXE
PID:2460

C:\Program Files (x86)\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\helperservice.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2076

C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4788

C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3612

C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.0.1515568019\1827458219" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff0d8fbd-587d-4690-8f46-2fa4ca579fd0} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 1864 205ec4e0c58 gpu
3⤵
PID:4124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.1.1591547657\998801321" -parentBuildID 20221007134813 -prefsHandle 2252 -prefMapHandle 2248 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75c42ab8-b759-43d9-9b88-1cf719c893e4} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 2264 205e0172858 socket
3⤵
PID:4952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.2.1899065951\383482748" -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3276 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5b261ef-39c0-4e2b-a923-b7574ee7028f} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 3292 205f0414a58 tab
3⤵
PID:4940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.3.1481831453\1591652582" -childID 2 -isForBrowser -prefsHandle 2596 -prefMapHandle 3548 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bd0bbf1-15b6-4363-adda-bba4895c77a9} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 1168 205e0171658 tab
3⤵
PID:4288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.4.1064004793\1245247460" -childID 3 -isForBrowser -prefsHandle 3740 -prefMapHandle 3736 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2231041-8cac-45e7-8a42-37a40dd1d511} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 3748 205f1289e58 tab
3⤵
PID:2108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.5.119096566\704971751" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4808 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5597cc7-d185-48c7-8e7c-cdbf9ad20b3d} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4772 205f032a858 tab
3⤵
PID:2440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.6.36993016\1322702526" -childID 5 -isForBrowser -prefsHandle 5040 -prefMapHandle 5036 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e44fa502-43f6-4ec3-b8c2-128edcdb3cb5} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5052 205f032bd58 tab
3⤵
PID:660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.7.1462745066\931938857" -childID 6 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d456fa5-95e9-4909-9e79-457c10e12907} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5184 205f28b0858 tab
3⤵
PID:3872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.8.1676404009\591603347" -childID 7 -isForBrowser -prefsHandle 5728 -prefMapHandle 5724 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c58829f-3959-49cb-be77-b04fa92bfd8f} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5736 205ec7f0058 tab
3⤵
PID:5040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.9.177446568\1226534074" -childID 8 -isForBrowser -prefsHandle 6020 -prefMapHandle 6012 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {347f503f-1d25-495a-bb3b-20ae9553aacd} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 6028 205f4bc2f58 tab
3⤵
PID:5512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.10.1734410558\1863581836" -parentBuildID 20221007134813 -prefsHandle 6028 -prefMapHandle 6016 -prefsLen 26831 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30edf4ef-731c-4f23-bce2-f767f69302ea} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 6196 205f4c59a58 rdd
3⤵
PID:5804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.11.1794321047\1218889163" -childID 9 -isForBrowser -prefsHandle 4520 -prefMapHandle 4516 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63a61a61-ed1d-403e-a8f9-edbd93b54848} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 6468 205f2b08e58 tab
3⤵
PID:5748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.12.289643319\880507316" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6592 -prefMapHandle 6596 -prefsLen 27096 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4044631a-6936-4660-b6d4-28d9fecfddf4} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5212 205f5107d58 utility
3⤵
PID:5784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.13.1960198765\76214481" -childID 10 -isForBrowser -prefsHandle 5180 -prefMapHandle 5032 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3efefa04-2716-4311-a3bb-b65a25a34c36} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5460 205e0171658 tab
3⤵
PID:5984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.14.774117897\1466612002" -childID 11 -isForBrowser -prefsHandle 5304 -prefMapHandle 5300 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e71a067e-c6c9-4fa5-b2b6-7d2989e85305} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 5292 205f4b13258 tab
3⤵
PID:5148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.15.1077023331\452559316" -childID 12 -isForBrowser -prefsHandle 10188 -prefMapHandle 10208 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {841caed8-e555-468d-a234-994a01eaa5b0} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 10328 205f4c59d58 tab
3⤵
PID:4320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.16.614453480\1712823072" -childID 13 -isForBrowser -prefsHandle 5300 -prefMapHandle 5344 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e25f457-0f08-45d9-b0de-80f6ed995057} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4864 205f5840058 tab
3⤵
PID:6064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Softdeluxe\Free Download Manager\MSVCP140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
4.9MB

MD5
aa6ce2c97b80c323cbe9f86dbd6d263e

SHA1
089f6915aa650b0cc7dcc53a7e4365310523dd68

SHA256
85e29fd8a95f23a8af5ed0d0e93d18fcc30f95affbb75a1fcb20b873e8e5d8b0

SHA512
dd3e1684306624dbf0398021b1fa8833a348dec9271b5eb224c9a59877f832ce1aedb9c4f6ef84c061bf3585f3a5628e9f49296deab542b36ae3fa2230f3b417

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
4.9MB

MD5
aa6ce2c97b80c323cbe9f86dbd6d263e

SHA1
089f6915aa650b0cc7dcc53a7e4365310523dd68

SHA256
85e29fd8a95f23a8af5ed0d0e93d18fcc30f95affbb75a1fcb20b873e8e5d8b0

SHA512
dd3e1684306624dbf0398021b1fa8833a348dec9271b5eb224c9a59877f832ce1aedb9c4f6ef84c061bf3585f3a5628e9f49296deab542b36ae3fa2230f3b417

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Gui.dll

Filesize
5.2MB

MD5
0906103e25f7349766fc6025c491aa5a

SHA1
350589ec1f12ba5f65afc263c10243e10a362287

SHA256
ba869785c14c4ace0924c123295a503a59cf90cc4da68e0c61c47187b3754fe6

SHA512
ab28b7c562a342c8cbc1dad5290c2c9d2e0678de871f8ae71163fdc6bd7458084481f84baeff3349f9f79c5f07fa3e20cea4553b163fcbec75709ddf599b808b

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Gui.dll

Filesize
5.2MB

MD5
0906103e25f7349766fc6025c491aa5a

SHA1
350589ec1f12ba5f65afc263c10243e10a362287

SHA256
ba869785c14c4ace0924c123295a503a59cf90cc4da68e0c61c47187b3754fe6

SHA512
ab28b7c562a342c8cbc1dad5290c2c9d2e0678de871f8ae71163fdc6bd7458084481f84baeff3349f9f79c5f07fa3e20cea4553b163fcbec75709ddf599b808b

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Multimedia.dll

Filesize
575KB

MD5
ae9eba1d84ce955cd87aad9aca63bec7

SHA1
a82127e1d5ea5598a933c429f07f3b301bbb0137

SHA256
7cfbbe1189ea41902c393b7471b6a0c5708faddc11c40a7f68e06e714ef89066

SHA512
c17cef89a87a88a455f4a7fff0ba5da6633acaecc067d02ab2cc9b8193272c4edad17cb5e108581e9229a2478773d1bb99c6033a85be7780ea2dfb921a51f76c

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Multimedia.dll

Filesize
575KB

MD5
ae9eba1d84ce955cd87aad9aca63bec7

SHA1
a82127e1d5ea5598a933c429f07f3b301bbb0137

SHA256
7cfbbe1189ea41902c393b7471b6a0c5708faddc11c40a7f68e06e714ef89066

SHA512
c17cef89a87a88a455f4a7fff0ba5da6633acaecc067d02ab2cc9b8193272c4edad17cb5e108581e9229a2478773d1bb99c6033a85be7780ea2dfb921a51f76c

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.0MB

MD5
11c016d03aefc9e124828cb7cd775cf3

SHA1
cfdcf0bf5834e507cf87c7e283d14a7c89aa2628

SHA256
10fabe35ca0b0b9c35c2f618c801fb999bde09572a7fa10415b2b3f6b6470a7d

SHA512
87cc26fee8033ce638828fb773f62704f48a20c042faf70c9f97e9f1d76a09e6060c818ad2d4cd6cccaf4464fb23e9bcfc77d53a6f24415aa0d83455260ce36d

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.0MB

MD5
11c016d03aefc9e124828cb7cd775cf3

SHA1
cfdcf0bf5834e507cf87c7e283d14a7c89aa2628

SHA256
10fabe35ca0b0b9c35c2f618c801fb999bde09572a7fa10415b2b3f6b6470a7d

SHA512
87cc26fee8033ce638828fb773f62704f48a20c042faf70c9f97e9f1d76a09e6060c818ad2d4cd6cccaf4464fb23e9bcfc77d53a6f24415aa0d83455260ce36d

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Qml.dll

Filesize
3.2MB

MD5
bd0157711ab3d30948b0d3c940495200

SHA1
12688c4bbe9645ffc25e5c8fc2e303c5dc82dfc8

SHA256
f04f46132e2cee2ecef4ea413e994c628357d00b18bb4990cea02d96300bfedb

SHA512
8e10f1e97b3d8f5030d61999e851e3c434bb07cdf7dda98d2e9bc7eba50109c2ad4961056959553ccdbf3d0e396a9190a9393e25d8315c9c8cf5f590efc31bc8

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Qml.dll

Filesize
3.2MB

MD5
bd0157711ab3d30948b0d3c940495200

SHA1
12688c4bbe9645ffc25e5c8fc2e303c5dc82dfc8

SHA256
f04f46132e2cee2ecef4ea413e994c628357d00b18bb4990cea02d96300bfedb

SHA512
8e10f1e97b3d8f5030d61999e851e3c434bb07cdf7dda98d2e9bc7eba50109c2ad4961056959553ccdbf3d0e396a9190a9393e25d8315c9c8cf5f590efc31bc8

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Quick.dll

Filesize
3.1MB

MD5
ff3b9e5a3aeb7a141ae287b7fd197046

SHA1
39d1c3549afade1bd06c12608ed50e6c5bb80e86

SHA256
c91b3b9e3c32535f1f9389fa88f8b9a172fc389d1d3f953d43347bc5c3f67ad3

SHA512
fdc8398661d8a227e2e15adb1bb9429009b239ab0018f4ba6bc8c0ae9876b8c52a648fd96a27189032c33b3595214b45a710deeedc63bea28db1a8ed10ea07c9

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Quick.dll

Filesize
3.1MB

MD5
ff3b9e5a3aeb7a141ae287b7fd197046

SHA1
39d1c3549afade1bd06c12608ed50e6c5bb80e86

SHA256
c91b3b9e3c32535f1f9389fa88f8b9a172fc389d1d3f953d43347bc5c3f67ad3

SHA512
fdc8398661d8a227e2e15adb1bb9429009b239ab0018f4ba6bc8c0ae9876b8c52a648fd96a27189032c33b3595214b45a710deeedc63bea28db1a8ed10ea07c9

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5QuickControls2.dll

Filesize
148KB

MD5
19fa488ec7a0291403ed59b4518a4a7d

SHA1
1296d556b6fe84e5bfd5ca3b443ca2bb28fd2181

SHA256
67f5f6f72a6ad3f2956882e5f310d1788e5f7375eb4cf6c5923d20ff4954be28

SHA512
c3ee998dd4176212549c8c791d5cde101608057cc877b932d12072520a69a15e11d3c556a4d6f9487bbeaa654187282287bc086996c8f25aab1ba6335807e15e

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5QuickControls2.dll

Filesize
148KB

MD5
19fa488ec7a0291403ed59b4518a4a7d

SHA1
1296d556b6fe84e5bfd5ca3b443ca2bb28fd2181

SHA256
67f5f6f72a6ad3f2956882e5f310d1788e5f7375eb4cf6c5923d20ff4954be28

SHA512
c3ee998dd4176212549c8c791d5cde101608057cc877b932d12072520a69a15e11d3c556a4d6f9487bbeaa654187282287bc086996c8f25aab1ba6335807e15e

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5QuickTemplates2.dll

Filesize
855KB

MD5
664561e74750a34dee001fba0a81af8b

SHA1
9e1d19b741078dc9af1f2b5ec3b7c9868685a974

SHA256
fb7c8245b8b913238cf9bd3491720fde0b9c5904d5dc565a32e7f57111e3a110

SHA512
8c6f466928d5d50e13d367266bc56266b47cd1b363088ce03b904c17f2ce88edbeb24d073ed9bdf2c42520714c94ce9b5035ddf6383772906904bde5f7bad1bd

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5QuickTemplates2.dll

Filesize
855KB

MD5
664561e74750a34dee001fba0a81af8b

SHA1
9e1d19b741078dc9af1f2b5ec3b7c9868685a974

SHA256
fb7c8245b8b913238cf9bd3491720fde0b9c5904d5dc565a32e7f57111e3a110

SHA512
8c6f466928d5d50e13d367266bc56266b47cd1b363088ce03b904c17f2ce88edbeb24d073ed9bdf2c42520714c94ce9b5035ddf6383772906904bde5f7bad1bd

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Sql.dll

Filesize
164KB

MD5
188939fd44d9e12ecdac2bc3b6b6f396

SHA1
af4e408535401580e2d03e2cde8d2fc418e146da

SHA256
38bbe922aa354003d0a3b23183561262d20aa3674bcbc31affeb70de29a736ff

SHA512
bf7e6980bf0ea1dbaa6ea271686cca3944ce21df0e790f08cce669bfbbbb64a3731abe9a8a5f4ab6a0760d56b0ea7b38d79370f0f4a179336bf3adc3ecaeac6d

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Sql.dll

Filesize
164KB

MD5
188939fd44d9e12ecdac2bc3b6b6f396

SHA1
af4e408535401580e2d03e2cde8d2fc418e146da

SHA256
38bbe922aa354003d0a3b23183561262d20aa3674bcbc31affeb70de29a736ff

SHA512
bf7e6980bf0ea1dbaa6ea271686cca3944ce21df0e790f08cce669bfbbbb64a3731abe9a8a5f4ab6a0760d56b0ea7b38d79370f0f4a179336bf3adc3ecaeac6d

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Widgets.dll

Filesize
4.4MB

MD5
07b30ed72326c030aae212224034bf28

SHA1
13283d6bd5e953a298ea2dd095bedb239dcd7961

SHA256
fae1cbde9e10955e8b0ff414e64020be20bf9d1d62e7c583b4510b60f363faf0

SHA512
228bf5d5adac1e6fb8eb4cdc75d60f44d1c81c2e5f44d1f04bb3929a06fc2ebbe33bc634a90d593d5892f75121d96a680fd988cb0b462bed82db7183c936fbf4

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\Qt5Widgets.dll

Filesize
4.4MB

MD5
07b30ed72326c030aae212224034bf28

SHA1
13283d6bd5e953a298ea2dd095bedb239dcd7961

SHA256
fae1cbde9e10955e8b0ff414e64020be20bf9d1d62e7c583b4510b60f363faf0

SHA512
228bf5d5adac1e6fb8eb4cdc75d60f44d1c81c2e5f44d1f04bb3929a06fc2ebbe33bc634a90d593d5892f75121d96a680fd988cb0b462bed82db7183c936fbf4

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\VCRUNTIME140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\downloadsjsp.dll

Filesize
77KB

MD5
b2f09cdce11d8846bdde4cd2e92e269f

SHA1
666294536a07a6b31b950b83d0b0db6f872999d8

SHA256
82bff2431f5598a3face8d88409cb9c90391e3fb1c16c462e808bd1b050c973d

SHA512
05932dfbca82399339557c33da76d602e0ac161f4413e24f32daf37044e535c5d6bd4516e53401b31c88c90a945ca8d8f88c2c69ac75c700112d1de8c73dcb74

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\downloadsjsp.dll

Filesize
77KB

MD5
b2f09cdce11d8846bdde4cd2e92e269f

SHA1
666294536a07a6b31b950b83d0b0db6f872999d8

SHA256
82bff2431f5598a3face8d88409cb9c90391e3fb1c16c462e808bd1b050c973d

SHA512
05932dfbca82399339557c33da76d602e0ac161f4413e24f32daf37044e535c5d6bd4516e53401b31c88c90a945ca8d8f88c2c69ac75c700112d1de8c73dcb74

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\downloadsms.dll

Filesize
459KB

MD5
a181cfc765221e16cfaf80b8969daeed

SHA1
970dee0a40491675e22d6db238e7849ea7fc362e

SHA256
2f88ac3eb7026aefbbbc3a1ad554044df0906020e61b6bea4917f2aac7348057

SHA512
2a441669f408c5886562b42b8fb5d5dfbb669572b23eb5c83333d646ab78dc6356774526eecb0e8a8311338ddfd78067f641b18444755d47615fc6247c3656bc

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\downloadsms.dll

Filesize
459KB

MD5
a181cfc765221e16cfaf80b8969daeed

SHA1
970dee0a40491675e22d6db238e7849ea7fc362e

SHA256
2f88ac3eb7026aefbbbc3a1ad554044df0906020e61b6bea4917f2aac7348057

SHA512
2a441669f408c5886562b42b8fb5d5dfbb669572b23eb5c83333d646ab78dc6356774526eecb0e8a8311338ddfd78067f641b18444755d47615fc6247c3656bc

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.6MB

MD5
96a67d2eafaa792bcdc5cf056b3557db

SHA1
f7f5b67110e4e11e14654df40f1a6ae5027d31e9

SHA256
fe68aee5b484898517ec0c084ab2c2420adb69acd1c7c20baab7828567099a0b

SHA512
eabdd0d8f83b6a419963c3033b76b32db453f1f2ac5c73c60d064ad7abd380a8bef57d553d9c047a489547073781a77095b1f7bbfb0c48172e13022965977486

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.6MB

MD5
96a67d2eafaa792bcdc5cf056b3557db

SHA1
f7f5b67110e4e11e14654df40f1a6ae5027d31e9

SHA256
fe68aee5b484898517ec0c084ab2c2420adb69acd1c7c20baab7828567099a0b

SHA512
eabdd0d8f83b6a419963c3033b76b32db453f1f2ac5c73c60d064ad7abd380a8bef57d553d9c047a489547073781a77095b1f7bbfb0c48172e13022965977486

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.6MB

MD5
96a67d2eafaa792bcdc5cf056b3557db

SHA1
f7f5b67110e4e11e14654df40f1a6ae5027d31e9

SHA256
fe68aee5b484898517ec0c084ab2c2420adb69acd1c7c20baab7828567099a0b

SHA512
eabdd0d8f83b6a419963c3033b76b32db453f1f2ac5c73c60d064ad7abd380a8bef57d553d9c047a489547073781a77095b1f7bbfb0c48172e13022965977486

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\helperservice.exe

Filesize
109KB

MD5
cea43de08ecc8f1457d508ec69b8655a

SHA1
136bed80f8ff8fd725fef532605d8c86944a52ea

SHA256
d6b8ac6792c3dd9c8ac24bf561556091e24130efc54f4318032519a7749e21e2

SHA512
6533ac3a91ea5757b96d7538c6789890ce7b96ea9f1bf4a010a89f371487bf50d03f57fe6999fee4ac93b56c912f7ade7fc9918c4a337b0c7f46172172e88546

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\helperservice.exe

Filesize
109KB

MD5
cea43de08ecc8f1457d508ec69b8655a

SHA1
136bed80f8ff8fd725fef532605d8c86944a52ea

SHA256
d6b8ac6792c3dd9c8ac24bf561556091e24130efc54f4318032519a7749e21e2

SHA512
6533ac3a91ea5757b96d7538c6789890ce7b96ea9f1bf4a010a89f371487bf50d03f57fe6999fee4ac93b56c912f7ade7fc9918c4a337b0c7f46172172e88546

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\iconengines\qsvgicon.dll

Filesize
38KB

MD5
eac65f03e9f9df34f8438162d9ad377a

SHA1
8bf9c07832614ade1f297ab49c646b01bc89eb81

SHA256
0537ce5368db4601239b5401d79f294366f7b3a9ee434d3a8d824f825dccd678

SHA512
c0f288fa833b1e2c9832738ab363d1e2af2e376089aa91036cc0db51f7dddb8edada79e8ac1bec45263479807a828a2a17cc63a6b41d132c7aaabc94cd5a80e5

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qgif.dll

Filesize
35KB

MD5
e070dbf1a9253bde7910e040dfd5d4bc

SHA1
43f396528d643bd2c9fd8e1b63c4151bbb23c980

SHA256
7ac66b0c813585b7cd3645ad3bcab0b225006cee9076b05a21cb6b8db176462d

SHA512
317af40137f8f1d475349a926067bfb6b776c0e26352e164d6cf1fa95293b865ca6e07cf3cb305eff122c1033cd3cd7e2931b8c0083424ebc91be111d6b89a8d

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qgif.dll

Filesize
35KB

MD5
e070dbf1a9253bde7910e040dfd5d4bc

SHA1
43f396528d643bd2c9fd8e1b63c4151bbb23c980

SHA256
7ac66b0c813585b7cd3645ad3bcab0b225006cee9076b05a21cb6b8db176462d

SHA512
317af40137f8f1d475349a926067bfb6b776c0e26352e164d6cf1fa95293b865ca6e07cf3cb305eff122c1033cd3cd7e2931b8c0083424ebc91be111d6b89a8d

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qicns.dll

Filesize
43KB

MD5
d617d449bff841e9e56ae5d66733c1f0

SHA1
57f9104c906d88b5193475286b9a1e9d55cd3fe1

SHA256
3587d149b774835aaebf9122945d432cb97a01f923c2bdf45c8ddf7db46fde6f

SHA512
1b4f7be9b650aa5658dde24da392262055b867525f8a2e61a2656c2617651f29dc5b61dd41f57ba84be030616d2060185f4790c7dd4a29d07b1e62af16b7f565

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qicns.dll

Filesize
43KB

MD5
d617d449bff841e9e56ae5d66733c1f0

SHA1
57f9104c906d88b5193475286b9a1e9d55cd3fe1

SHA256
3587d149b774835aaebf9122945d432cb97a01f923c2bdf45c8ddf7db46fde6f

SHA512
1b4f7be9b650aa5658dde24da392262055b867525f8a2e61a2656c2617651f29dc5b61dd41f57ba84be030616d2060185f4790c7dd4a29d07b1e62af16b7f565

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qico.dll

Filesize
35KB

MD5
77b5eee567d88078024e3b535d6196f1

SHA1
db155287e3a3fcff2d280b5a4aa555784c2bea91

SHA256
ae2d373da197c94fd6aff5b56baf3df754722926af4f71279688ce563fe6ef31

SHA512
811b1654a0b17eada09e37d4d29a3297d5aaf9f2eae1f3cf48cb6b7c5d36f28450ca80084aec94765bee0b02c03854c3e489327911de9d96f8189a6e92c6648c

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qico.dll

Filesize
35KB

MD5
77b5eee567d88078024e3b535d6196f1

SHA1
db155287e3a3fcff2d280b5a4aa555784c2bea91

SHA256
ae2d373da197c94fd6aff5b56baf3df754722926af4f71279688ce563fe6ef31

SHA512
811b1654a0b17eada09e37d4d29a3297d5aaf9f2eae1f3cf48cb6b7c5d36f28450ca80084aec94765bee0b02c03854c3e489327911de9d96f8189a6e92c6648c

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qjpeg.dll

Filesize
383KB

MD5
1f8c4a04573e26286ee2fafdf03f8f85

SHA1
b3d3ed2615d63ea26ed035ad191164e0297f088f

SHA256
18706a0bff940116731de4a55d8312c054771271c49fe47f77e07b0d73529053

SHA512
699c66b862675ef4e519e962bc8ffb87536fe81f5870f91f4179d9dd34c222e9107f92fc3e6138a8ed005293f90fb993144f4eaf9ab1518072718b730d1dd91f

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qjpeg.dll

Filesize
383KB

MD5
1f8c4a04573e26286ee2fafdf03f8f85

SHA1
b3d3ed2615d63ea26ed035ad191164e0297f088f

SHA256
18706a0bff940116731de4a55d8312c054771271c49fe47f77e07b0d73529053

SHA512
699c66b862675ef4e519e962bc8ffb87536fe81f5870f91f4179d9dd34c222e9107f92fc3e6138a8ed005293f90fb993144f4eaf9ab1518072718b730d1dd91f

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qsvg.dll

Filesize
30KB

MD5
7ba0979da56479bd964810e8ce794e9e

SHA1
68465868b7f9e944c6d5c57e4bc1d9383e234a74

SHA256
099eef1d161e9c4bb957d73678d471cc276337233a8e715e181a352760346701

SHA512
31edacc55c659571b473ac41041bd2779fcb36576882f9250790a7a5419cd64271560f5bf9039cb49ef621e970b2db028cca653ac8e83696e5b7822f6d287400

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qsvg.dll

Filesize
30KB

MD5
7ba0979da56479bd964810e8ce794e9e

SHA1
68465868b7f9e944c6d5c57e4bc1d9383e234a74

SHA256
099eef1d161e9c4bb957d73678d471cc276337233a8e715e181a352760346701

SHA512
31edacc55c659571b473ac41041bd2779fcb36576882f9250790a7a5419cd64271560f5bf9039cb49ef621e970b2db028cca653ac8e83696e5b7822f6d287400

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qtga.dll

Filesize
29KB

MD5
1eb7a620ec9dc8a24ac98ea55b475c4d

SHA1
bffcb5008c1750a7a626e6ac68bd9c92dab9aec9

SHA256
8aa979e85e681c0215f5a916d849d789b454dd1406ff2daf90c894efbd253d52

SHA512
98376d3ee52d4a5f0a5656562a29ade79e6ae654953aea5f754aad6d3f85ab451b867965b976c65be8ff659efbb5b630ad6014b2205c7eeb970a802a6dd80c30

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qtiff.dll

Filesize
350KB

MD5
0317a834a2ed5ff0e9959eb26e705632

SHA1
51f5575aa6b4d95115e49c834f05b7a872b0070b

SHA256
15ad29efcf28dd9dbf8d4f5cf13a29283598c6a9b3dc438dbe22a7ccc3c98d16

SHA512
607fa8963739099158e7296ab675c74502b9d1f3458860c2e3bdf5b5dbbdaa30f90bca7ba794b0a933efc3556543b25df725618608d03267919c1919a6589360

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qwbmp.dll

Filesize
28KB

MD5
7a6f767278b60cf9347e4280279a7459

SHA1
48e3c10039c4c024e9fc03a19ebd8beb6b7326c2

SHA256
a7d5e1099e28c9149087a602e609d257e4d9614265213f24c192e21c1ef070cb

SHA512
31fd31dcb3d25882c897f2a9bb92d90a422615508c5507337921bc92946a03437c467f960f7f1a311b2426a167ba53a26b873f6a5c561a86875693dd721e86d9

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\imageformats\qwebp.dll

Filesize
418KB

MD5
6d3a549718464617961f57975149a2b8

SHA1
207b6db92b70a7fd9744d15c2d18386fc6c940a5

SHA256
28caf443f600b9317b94ade67620109198035c63335b91d3af3a88581b475923

SHA512
bcb2237305242dc22b8f2fc5b597eb8708e0423a1f193b0c0b7eb3dec1f14a0b3d9850e02462283acce76e0e036e146fcf91c722a2ce9e2c4cba06bd22fe3be0

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\libcrypto-1_1.dll

Filesize
2.2MB

MD5
7d5fc6522ea8c4f8ea2c158c8de72788

SHA1
184cc5f3e6db70b14d1d305b3bfd598d83bbcd3c

SHA256
f59a40a437d8b4c4124052ff5db1470f28d6c3811bd7077635aae2d6f3aa790b

SHA512
af61b10feab4ede3c224aa8a3cd9ca441b64c634fffd8f80046c4821f747cd2a6ac3b689e9cc1a7357a5b41b1c6dda1e490e56e1c0f7bfd3cb507ab21818658b

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\libcrypto-1_1.dll

Filesize
2.2MB

MD5
7d5fc6522ea8c4f8ea2c158c8de72788

SHA1
184cc5f3e6db70b14d1d305b3bfd598d83bbcd3c

SHA256
f59a40a437d8b4c4124052ff5db1470f28d6c3811bd7077635aae2d6f3aa790b

SHA512
af61b10feab4ede3c224aa8a3cd9ca441b64c634fffd8f80046c4821f747cd2a6ac3b689e9cc1a7357a5b41b1c6dda1e490e56e1c0f7bfd3cb507ab21818658b

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\libssl-1_1.dll

Filesize
526KB

MD5
d3160696779cb77ee50bdac2a64ba35f

SHA1
9962021ade181a0e3d01398a253cd54c9710ba1b

SHA256
ed388f99d925bb0019f45c3c9bdadb56d54f2d867ca41fab2205133533d6ef09

SHA512
bd852279f527cf29fdd3fb029c3388f03f5fe73f499910418ddc2be8af87465a7bcb4403619897d7683151286e8ca0221715e3e4efbf1685921306a55190b03c

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\libssl-1_1.dll

Filesize
526KB

MD5
d3160696779cb77ee50bdac2a64ba35f

SHA1
9962021ade181a0e3d01398a253cd54c9710ba1b

SHA256
ed388f99d925bb0019f45c3c9bdadb56d54f2d867ca41fab2205133533d6ef09

SHA512
bd852279f527cf29fdd3fb029c3388f03f5fe73f499910418ddc2be8af87465a7bcb4403619897d7683151286e8ca0221715e3e4efbf1685921306a55190b03c

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\logger.dll

Filesize
32KB

MD5
ef5ff006ebd1edaadf292ca060c4854c

SHA1
c638c3cb7f0347ff6bea2827b5437941c2ffc92c

SHA256
af81aa731380da8555b25405391f9f9fd1121c78808643699b54102a21eed1d7

SHA512
05e95b6707ff04e219c8210dc8491df4a563d7dc2354789b3d0afea377ee84d7d94904303b75630426178603ba2cc4ba29229737a423e95a6a6522e9aa070e8f

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\logger.dll

Filesize
32KB

MD5
ef5ff006ebd1edaadf292ca060c4854c

SHA1
c638c3cb7f0347ff6bea2827b5437941c2ffc92c

SHA256
af81aa731380da8555b25405391f9f9fd1121c78808643699b54102a21eed1d7

SHA512
05e95b6707ff04e219c8210dc8491df4a563d7dc2354789b3d0afea377ee84d7d94904303b75630426178603ba2cc4ba29229737a423e95a6a6522e9aa070e8f

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\platforms\qwindows.dll

Filesize
1.2MB

MD5
f52d1908e2d1f5b03b72cc87df48c8ad

SHA1
aa50aa22dbe42f20e0f67f2102cb37eb39d86dc6

SHA256
60085c5b61554a1e9d96350f039597a1b77a7576a81a12a24ace9de4c323bb8d

SHA512
70a67a052c4daa445ca200768f9675ebbc987d86efcdef8bc6b35fbf8b907c4dd48bcde890476001bdeb655606fe00a804de7f5d1b08505bcf7883a5326aa0b2

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\platforms\qwindows.dll

Filesize
1.2MB

MD5
f52d1908e2d1f5b03b72cc87df48c8ad

SHA1
aa50aa22dbe42f20e0f67f2102cb37eb39d86dc6

SHA256
60085c5b61554a1e9d96350f039597a1b77a7576a81a12a24ace9de4c323bb8d

SHA512
70a67a052c4daa445ca200768f9675ebbc987d86efcdef8bc6b35fbf8b907c4dd48bcde890476001bdeb655606fe00a804de7f5d1b08505bcf7883a5326aa0b2

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\quazip.dll

Filesize
184KB

MD5
b72309f9f1e139ff5b8d5356f9412f4b

SHA1
5ba95d64ca584fb096da6a6769f7b53b2441b199

SHA256
66a429bc51c6d3b51a4595a4b2d033942e09024a0dd5ceee3e5825d19575238e

SHA512
59745e7cd7778ebc24a3bc4bf23e870ab70950a52f6c4e72ab91f824d24b6f4f789f1980def6f10d98c7f7055ea3bbdf344cde4b4d8a70a9ff53548edf5ad3f3

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\quazip.dll

Filesize
184KB

MD5
b72309f9f1e139ff5b8d5356f9412f4b

SHA1
5ba95d64ca584fb096da6a6769f7b53b2441b199

SHA256
66a429bc51c6d3b51a4595a4b2d033942e09024a0dd5ceee3e5825d19575238e

SHA512
59745e7cd7778ebc24a3bc4bf23e870ab70950a52f6c4e72ab91f824d24b6f4f789f1980def6f10d98c7f7055ea3bbdf344cde4b4d8a70a9ff53548edf5ad3f3

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\service.xml

Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\styles\qwindowsvistastyle.dll

Filesize
129KB

MD5
cea2589b96f6a9f02fccc0bc0786965f

SHA1
dc115c308579d59f31346b3535fbc3e0338e0dd8

SHA256
a0b0177a40b1c74ac79bf31c9f26ab0770d54c2297d68a53d289c48ff5b23edb

SHA512
7865d1ee088cc880670bebb90ed13f5bb55b14affc98dac1ff9bdfcc94aacc84b1379dedcd1ffc992b8f45df40434bdb1c3a3e396410f2f292fd9c83d7d2c338

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\styles\qwindowsvistastyle.dll

Filesize
129KB

MD5
cea2589b96f6a9f02fccc0bc0786965f

SHA1
dc115c308579d59f31346b3535fbc3e0338e0dd8

SHA256
a0b0177a40b1c74ac79bf31c9f26ab0770d54c2297d68a53d289c48ff5b23edb

SHA512
7865d1ee088cc880670bebb90ed13f5bb55b14affc98dac1ff9bdfcc94aacc84b1379dedcd1ffc992b8f45df40434bdb1c3a3e396410f2f292fd9c83d7d2c338

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
454KB

MD5
a1c7c7170c29789b84298f51c14f3690

SHA1
d04d56cb60d7c6e02fe206114149cf99715b88f1

SHA256
a71eac4980bb4b384084acd1d6bafb3cba7bcb7f0b511bc852ebc4ebbfa59cda

SHA512
06f3129801843c29b7ddeb7739f9029121f45c2f021007ef6d0e721b6467cf42169998f34e81a2531e095b44ac74efef29ccc9d184f76a26335467f8d9f8490b

Download Submit
C:\Program Files (x86)\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
454KB

MD5
a1c7c7170c29789b84298f51c14f3690

SHA1
d04d56cb60d7c6e02fe206114149cf99715b88f1

SHA256
a71eac4980bb4b384084acd1d6bafb3cba7bcb7f0b511bc852ebc4ebbfa59cda

SHA512
06f3129801843c29b7ddeb7739f9029121f45c2f021007ef6d0e721b6467cf42169998f34e81a2531e095b44ac74efef29ccc9d184f76a26335467f8d9f8490b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
60caaba3dde14f30f42b802c1d7f775f

SHA1
59b7627adf266afc412d2acce3f51610ac4d4cc7

SHA256
c15f11078c6b450885de81b432ead1df3a33c5ef4f81cdb03400c286975d7a9c

SHA512
7d00331e1c951e590999239d844dd967215c39511b673191e425e5cd8b21318009312eff9c23b86d55fbf2d306de7a2d6d38d1edb475b871bc6367d0774492ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
26f977a838151771cb015bd2def7b3de

SHA1
cd33c8a4d346ab2f9b1cbf294d7fd4e355b80dca

SHA256
65f87fb2b56d7b127bea2699b623f1b60b25b2285812d4842a217ef8773a07a5

SHA512
33e12c4dea53b7d892699ad1e9ca6a8b11242e5f00385916fffd3b83b075a9dcc566128a8fe0e367c17eda7c237f73f3ad1b04ba22e356051aa1d82c5ec8b00e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45f66705f54fbad188d95520768dc765

SHA1
115d7704033fb0e990c2eab8adbf80a130efadd7

SHA256
4eb6cd15f11b16189c48a51e960592f30cff25617eb045b44cb29c589814d990

SHA512
43a6ca2a07a66b0bb9246487cd8c70a5780a47c67b0866b22bde0af9b68200dc32c894a5f9c570169deb0472d21c6b98897ea35a86b4e2c98f557803993e47e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
45d6ccd87f062c590d3d111f1d562688

SHA1
8ae668b6e96feb9fc771eacddcad323dbb63f4a8

SHA256
f2f079b9384a579ac1fb074076b3285d8690bc4bbda2e9b8fd38ed2dd48a5839

SHA512
32982c688678ed0f23a98b58379614c4558c4de3b380aac78bb13915c1c57ff235c40e3b55c0688f1ab01d6600240258fe08dd32fdc1978538b8a0b87e93c184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4a6fc19a5fae3a523cc04ecb179fd12d

SHA1
be8ba2d26bb5c2a563b132900a4e6c383b63ed59

SHA256
bedbd54212dc789389294403a32e423c2a5a1ec4f23d0f592e64e433a18385f6

SHA512
f44ddb51ce932b981a0261dee2dd9d5781199381fdfb54783b75106a0916bfdfda092d34c9c40a8d8dfcdd04a066748729142ae984ea2771da97f528f7c6f868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2dd91871d158e3c48bfe4a143c32c5fb

SHA1
ea691e4e6908db871d76bab48f1645eba4f24969

SHA256
3cd685eee71409de214a89427c346b6499a7280f1b2b7c6c38376ca3ea870c45

SHA512
02d87527aa95676623914fd8e3e8cf3784b6b908b7c844b2a620fed1251aa0c1edb696d4734b02d20ce22daa67127cd28d60fe1235eb52246adece10423f04e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\activity-stream.discovery_stream.json.tmp

Filesize
141KB

MD5
6d68b3e867d9e2af934d57b203e513d7

SHA1
c75b38c715026dda2e591c28a92cd6046c6761e0

SHA256
6c40f19212a0b7091a09ff2ae90fdc09c0081b700115078a04c3bbb015c4b8e0

SHA512
c2488c9ead2a039e1d14d5fb686061ad2a6968c4b2b7f5804988d8b1a9b30fcb423eec71a07d9f33b644f33a148e6494fc7893509385026787cf289d6e15e272

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\10144

Filesize
15KB

MD5
2aae7e59ced0db5355df93998ff5f126

SHA1
18477598a62ff5cb9b9c30988da5fa90df4707c3

SHA256
dc4c6aefe1fe04ff60cab2465f32c82c07bb6b4bb53789e6599bb0a6e2a5148b

SHA512
980ec8f57759180ec3b3c7546f545fe699eead24ca3fa50fbc335ab261ed55d29bbe022d64f914c39a539fb2948ac509347be4a5c08ee0bffd8543db6629e232

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\17291

Filesize
15KB

MD5
51718e368eeba88ea16abb5db65c6960

SHA1
07b4b49cd249c8e196cce7c6a17f24141df8f81f

SHA256
3a83a78e98f9ece448ef591d0d3d06a9fde11b07fe614d8dbee4e45ed64ce1c6

SHA512
ab0b5b56615bb98cbe8517ec9d395ab194658d1ca819209726c3014f0c0e0e31990754b74887c6d38d599001da9a6dd486e5f7cb9976d35d0472e1677407925a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\17596

Filesize
15KB

MD5
313128ab0fbc614c48bf93a25235909c

SHA1
19a300501552825637a952887ddfb9981aab745d

SHA256
f580faa419a5a1b1b43f2e8304ef4d22d6f895a536f2b96681f9e5c6c117c8e3

SHA512
d606b4cd7c936179a93f49d280409e0c078bc3cdc366730a92a6bc94caab8a0efcdba66cedca2dea8b5072c5d0fa16ed613661c8ec4c3b6d07191538ad322e45

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\19090

Filesize
17KB

MD5
c0ec81768c812457b58ea6a8401b0c3e

SHA1
8391bf95fda2e3e04765305c83cb3b65bd3cf129

SHA256
e432cc359a7146d26a74dbbd76ef47c8c8fa975a5ef4d1bd3d04c4b46f95ef10

SHA512
f60b250dbfcf0e712e4ae1aec2d9dc1676a235bb4b29d198a8bd390c6d9c7711257dbe20d839d4772758bba9f952040c13aad4a49693b28924e135777057be0e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\8036

Filesize
15KB

MD5
9cb053548a6434a8ecf536b26d0013a3

SHA1
7fc8585ab2cf20a92c989ee0dd39187dc70671a1

SHA256
1cc4b3e10f6abcd4dc9399872d7cddd653d5a2bbe285b9e18a21b0d552cab935

SHA512
789ea8fe42fae3b30f9dab8ff213331ecfac9979b89303dd46c270a5776606b07102f3305b295bf370fb103a1ff31ec4385cf6950c62d2ee11240ab233f330f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\8639

Filesize
15KB

MD5
52311ad20b2cb5cb2d9e8db86f138eb1

SHA1
3715e02a9aaa732addd59915e8ec17cb63a7554e

SHA256
6f550a9d90396e803b90fbe76de9bafd0e697db2fb40cc84188efd8fc89e8c76

SHA512
7aace7d8d50dbb20a742841458b56ee1affdb599bffdf439890bb1d0d81fe83fa249b81d48039ee71d9baf1086fa7210e9caf0ceb3252080a3341d5277379ad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MTABV.tmp\fdm_x86_setup.tmp

Filesize
3.1MB

MD5
469f8b8ceb47b9dec9b96ffbd546eaee

SHA1
5d50f989a5bc723082e36faa3c92c1b345dc652c

SHA256
0dfca7cda207bece9c96bef8b45a580625828ad212a6879bf98147e2194d8661

SHA512
f36763dca1f7c242ae6e7e9355c4896df714f250a5050cbf3b05b5a8981082d27fb2406b1f59ac604b3ef271bad7a4d9e722e2dbcf4474dc97b1af81466e6b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MTABV.tmp\fdm_x86_setup.tmp

Filesize
3.1MB

MD5
469f8b8ceb47b9dec9b96ffbd546eaee

SHA1
5d50f989a5bc723082e36faa3c92c1b345dc652c

SHA256
0dfca7cda207bece9c96bef8b45a580625828ad212a6879bf98147e2194d8661

SHA512
f36763dca1f7c242ae6e7e9355c4896df714f250a5050cbf3b05b5a8981082d27fb2406b1f59ac604b3ef271bad7a4d9e722e2dbcf4474dc97b1af81466e6b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
6KB

MD5
dc6a3eaec0c04dae57bb903833230e1f

SHA1
18f16a9f4a11d26b8992214623112dd47a6ead02

SHA256
fd16195770488d17a9a7b03e5e61ca9e24725a038c36534acd1d665176a7c817

SHA512
fa58d9e9095ea98a83e3ac66decd8dacc1bf0a43da6a9d624b566f42f7cd92e5cd332992606f0f29e77e6b4c1a662675b206c2418fb88de535ee1f044108fd16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
6KB

MD5
e1419e75343fd9e3282e04237a8ce4a5

SHA1
b42f1e02a134e2b10e20483bd713607a0e7889ee

SHA256
481d4abad232e701c0eb63e56efa2e7c6886f78b6cd0d0adb4f7d803160d0779

SHA512
8fc231d48bd3f2df67fe51a472cd1b8a0da37ea31a7bb6a98edc83c06235468c404821f88ae3bbfbaa712a8d764a2809c0145b151caac7b35b0bbd0a23d47a0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js

Filesize
6KB

MD5
8e7979a3bb5029590607581f78bf9206

SHA1
afa554821e55630a69e1ae2a6dd0ed52d0c83853

SHA256
118ee42233597d2c198839dc9867405afbb5e95affced628099ad833c87d8cc7

SHA512
3f35e47a15b0d41321a896e8c0a5ea0f546b111a4b9d06dec2b9762f74e2969ba8a669d42c66e0c112731dda04ef4fd0ecf0dff7c483546edd0c90d3d413b487

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js

Filesize
7KB

MD5
221cd7fb16249fd5d89e4a60044db122

SHA1
68699470028cf21b73b0ce9f41a1a60818aa4895

SHA256
424e78556899af6007c7fba442957723f643d4bd6b40bb78628b2651f4377a02

SHA512
809e713549c88801318396fabeda13f1cae3bb3b04f8aae8eaf294325ac5912db217cdf0a8d58548fdc9dec4fbe8afaa9dcbdc1507e8667a7dc5ca326b35fa6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2daeac73980e95272a2672b3d0be5dad

SHA1
621d3977240cb2b21da1c0d99fb3ad75b02d66df

SHA256
b176caa2aae9093758f1a9da81953763412b7d30760fce831d3a3cd5eedf20ba

SHA512
963a116d19ef99002fadd53215ec3e82f4ce6491f7c2a6d0cebfa826fce8feb49fad37c4a7693cd373bb91c4e180989bc516d968645f53f7332cb4285e9ef54b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e10333976edaf1770eaabc9c16b72787

SHA1
030528fb4926cc4db012fb63829cb44495b580bf

SHA256
067251038068a78ab5dc3d2a76cf61d5a4c329dc2e552962502ada0b93f6ca63

SHA512
ed752cb8b5fcd0d94316313a950ec6df7913b2af65a48aa564060f1b6cc1827d6c0ff84de27727b14c3b65e6ca3db3e747d2d41b0f4c1e24952f109069a828c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
20f5739383f26d0e08be77e1e0daea30

SHA1
7d188cdb29d4d189a3e3d2c66d8fc677018569cc

SHA256
926f9dfa4aed5fe519e3110e27082e02331d2a188ff3fd92289870ba9383502c

SHA512
3e0f121401ea20d812456b1391f2ca2d3ce299e28bbf7796d7c93b47dd10fd4a764a7b297a5adaa58f80886d9a4af8bc92630b2f347fe72a52cf66f6e7b568d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
b289dca8c5e263f8ce871f8fc3bc9144

SHA1
385387fb51f1ba9fc000905f959b624f64ff4330

SHA256
962f2c66a9459b6401e111388a1615be7737d75a1107d5a3425d399567ab85f1

SHA512
4d2970f3df0455bf0f85a26b8fcef189dd2f57a6031cc5b81f0a22dc5e341e815b5e98e8200b8ed426af3bf5b21fd7101e086679a58df8809bdb9eaf9451444d

Download Submit
memory/792-2838-0x0000000004410000-0x0000000004420000-memory.dmp

Filesize
64KB

Download
memory/1644-2939-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2933-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2409-0x0000000005CB0000-0x0000000005EB0000-memory.dmp

Filesize
2.0MB

Download
memory/1644-2902-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2903-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2904-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2905-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2906-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2908-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2907-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2909-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2910-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2911-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2912-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2913-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2915-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2914-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2916-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2917-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2919-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/1644-2920-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2921-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2922-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/1644-2923-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/1644-2924-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/1644-2925-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/1644-2926-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/1644-2927-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/1644-2928-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/1644-2929-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/1644-2930-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/1644-2406-0x0000000005600000-0x0000000005610000-memory.dmp

Filesize
64KB

Download
memory/1644-2932-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2934-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2935-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2936-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2937-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2938-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2407-0x0000000005870000-0x0000000005CB0000-memory.dmp

Filesize
4.2MB

Download
memory/1644-2940-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2941-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2942-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2943-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2945-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-2944-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/1644-3809-0x000000000ACE0000-0x000000000ACE1000-memory.dmp

Filesize
4KB

Download
memory/3612-2810-0x0000000003140000-0x0000000003150000-memory.dmp

Filesize
64KB

Download
memory/4788-2399-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download
memory/4900-140-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4900-2370-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4900-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4900-146-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5012-2369-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5012-2245-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5012-2192-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5012-139-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/5012-1664-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5012-141-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5012-142-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/5012-144-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5012-181-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download