3212aa98f6c8d67aa997a074578010b36d3df5d1a6d2055f5434ba8632fc260e

Analysis

max time kernel
105s
max time network
152s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30-09-2023 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x64_setup.exe
Size

34.0MB
MD5

ca2ead342a22fcd891f73f99cba91005
SHA1

6e6470b49e9e9791acc6854b3d3823e97b058407
SHA256

3212aa98f6c8d67aa997a074578010b36d3df5d1a6d2055f5434ba8632fc260e
SHA512

39e8e285f3bc169ce3306cecf7a06317a93126dfce2d128acbb0a82d693d98ba0297601e258e4fa48ab8d2f235c6f8b5b648b48f15c02022e22893095a470bc6
SSDEEP

786432:5fzVFV7zFAsPBoyK32MlH8CSC9xSWEjh/dlCBS1Y/qemqa:/fWyKGMlcnelEdlO0YLa

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Processes:

netsh.exenetsh.exe

pid process

2864 netsh.exe
592 netsh.exe

pid	process
2864	netsh.exe
592	netsh.exe

Executes dropped EXE 9 IoCs

Processes:

fdm_x64_setup.tmpfdm.exehelperservice.exeimportwizard.exefdm5rhwin.exefdm5rhwin.exefdm.exefdm.exeimportwizard.exe

pid	process
2596	fdm_x64_setup.tmp
2104	fdm.exe
1868	helperservice.exe
2232	importwizard.exe
2852	fdm5rhwin.exe
2380	fdm5rhwin.exe
1736	fdm.exe
1744	fdm.exe
108	importwizard.exe

Loads dropped DLL 64 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpfdm.exetaskeng.exeimportwizard.exe

pid	process
2436	fdm_x64_setup.exe
2596	fdm_x64_setup.tmp
2596	fdm_x64_setup.tmp
2596	fdm_x64_setup.tmp
2596	fdm_x64_setup.tmp
1252
1252
1252
1252
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
1400	taskeng.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2656
2232	importwizard.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

fdm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden"	fdm.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-LFN3V.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-C27MD.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\is-MGIUB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-5B2G2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-04FAH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-KVPSJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\is-MES1K.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Extras\Private\is-PVM90.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-86OB7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-05D6E.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-2EFRU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-G889N.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-PN1FM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Extras\Private\is-121T3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-C3FD6.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-AAEJJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-7LRPN.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-M4DSU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-62J5H.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-02UFQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-IF69R.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-KTAHN.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-05CQE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-6G8LL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-O1LFK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Extras\Private\is-S89PE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-KE8JE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-9CTVJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-AG3PK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-J7L8G.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Imagine\is-A574H.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Universal\is-VVBH5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-0C50N.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-VFL5L.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\images\is-ADJ8K.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\is-61RNT.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-JRLN8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-0PCET.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-O4HJ4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-1E648.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-E22KL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQml\StateMachine\is-EF1KL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-II3B0.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-61AUD.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-03UC6.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-VVQ1D.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Window.2\is-5S9TN.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\private\is-CL1OV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-IP107.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Dialogs\is-OJJM0.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-KBQJV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-D4M9F.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\images\is-4FI2S.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-HI5IP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtGraphicalEffects\is-72E0H.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-C318E.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Desktop\is-62NGJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-5SDFS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-A5CFK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Material\is-BETR9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Private\is-91KV4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls\Styles\Base\is-CPK03.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\is-COFAQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\QtQuick\Controls.2\Fusion\is-OE36O.tmp	fdm_x64_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

1932 schtasks.exe

pid	process
1932	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEfdm_x64_setup.tmp

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\MAIN	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d01f21fa48f3d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f0000000002000000000010660000000100002000000008d4549cde44d1c31b0327edacee23e82f857b204e570fd86a3d2f4e7babe83e000000000e8000000002000020000000a3dcce623ae602d333685a698c603805ab106ad3e39a82511f556e11aaf17d2590000000a7239ccca78a129f1736c4626daa8e44b3108e670340d31dc6b5984cddd460ce093cdca1f8cdb60277b84f00a7190e88358137123e058c3a610c281b149882b004d78d26fda571b6316a825689b838a7e214c1e89fc5773beca3b9f83b17893679e56325a319600238785f2dae8ce8f20597fc73cb7d66e2a49c678d668c08bdac473b09ad6f6ba96c6527525646337540000000556bb27326febacc14f238033937a1b9a082b02eabafb59f8adc4337476936a70935bc2d3101fd0fe6967befb2b3519cdd0f070ede621a3d0be2a7c3a21f6314	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{22D67AB1-5F3C-11EE-BF6D-4249527DEDD7} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000a88c4311e9314e1af5f225463b8202dec160e0c5ff7abae3f9ba5a6a258e10b2000000000e8000000002000020000000d53c3433fb9b96975231ccb474ec03f2ee96669c28b2cdd5cc88fda28b71155a20000000bba15ab277f079615714b67140de441d8a8d1439947e87df1cd14ebf219d2642400000005220c711c479697560e2cf6a8cbcec33cdad3abb1493389a2f645dcc19648e02c0f5decf6e8ca3c6fec8670315f7197c3bd2ffee17d445e831b7a9f4bdb16079	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Modifies registry class 46 IoCs

Processes:

fdm.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\shell	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\icon	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\Content Type	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\shell\open\command\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\shell	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent\shell\open\command\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\shell\open	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\shell\open\command	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent\shell\open\command\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\shell\ = "open"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\shell\open\command\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\DefaultIcon\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\.torrent\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\ = "URL:fdm link"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\shell\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\icon	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\shell\open\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\shell\open\command\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent\ = "Bittorrent files"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\URL Protocol	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\DefaultIcon\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\", 1"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\shell\open\command\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent\DefaultIcon\ = "\"C:/Program Files/Softdeluxe/Free Download Manager/fdm.exe\", 1"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\URL Protocol	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\DefaultIcon\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\", 1"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\shell\open	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\Content Type = "application/x-magnet"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent\shell\open\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\shell\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\shell\ = "open"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\ = "URL:Magnet link"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent\DefaultIcon\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent\shell\open	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\.torrent\ = "FreeDownloadManager6_torrent"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\fdm\DefaultIcon\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\magnet\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000_CLASSES\FreeDownloadManager6_torrent\shell	fdm.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

fdm.exefdm.exefdm.exe

pid process

2104 fdm.exe
1736 fdm.exe
1744 fdm.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

fdm.exefdm5rhwin.exefdm5rhwin.exefdm.exechrome.exe

pid process

2104 fdm.exe
2852 fdm5rhwin.exe
2380 fdm5rhwin.exe
1736 fdm.exe
3000 chrome.exe
3000 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

fdm.exe

pid process

1736 fdm.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

fdm_x64_setup.tmpiexplore.exefdm.exechrome.exe

pid	process
2596	fdm_x64_setup.tmp
1096	iexplore.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe

Suspicious use of SendNotifyMessage 37 IoCs

Processes:

fdm.exechrome.exe

pid	process
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe

Suspicious use of SetWindowsHookEx 49 IoCs

Processes:

fdm.exehelperservice.exeiexplore.exeIEXPLORE.EXEfdm.exefdm.exe

pid	process
2104	fdm.exe
2104	fdm.exe
1868	helperservice.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
2104	fdm.exe
1096	iexplore.exe
1096	iexplore.exe
864	IEXPLORE.EXE
864	IEXPLORE.EXE
864	IEXPLORE.EXE
864	IEXPLORE.EXE
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1744	fdm.exe
1744	fdm.exe
1744	fdm.exe
1744	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe
1736	fdm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmptaskeng.exefdm.exeiexplore.exefdm.exechrome.exe

description	pid	process	target process
PID 2436 wrote to memory of 2596	2436	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2436 wrote to memory of 2596	2436	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2436 wrote to memory of 2596	2436	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2436 wrote to memory of 2596	2436	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2436 wrote to memory of 2596	2436	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2436 wrote to memory of 2596	2436	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2436 wrote to memory of 2596	2436	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2596 wrote to memory of 2652	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 2652	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 2652	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 2652	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 1932	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 1932	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 1932	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 1932	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 916	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 916	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 916	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 916	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 2200	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 2200	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 2200	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 2200	2596	fdm_x64_setup.tmp	schtasks.exe
PID 2596 wrote to memory of 2104	2596	fdm_x64_setup.tmp	fdm.exe
PID 2596 wrote to memory of 2104	2596	fdm_x64_setup.tmp	fdm.exe
PID 2596 wrote to memory of 2104	2596	fdm_x64_setup.tmp	fdm.exe
PID 2596 wrote to memory of 2104	2596	fdm_x64_setup.tmp	fdm.exe
PID 1400 wrote to memory of 1868	1400	taskeng.exe	helperservice.exe
PID 1400 wrote to memory of 1868	1400	taskeng.exe	helperservice.exe
PID 1400 wrote to memory of 1868	1400	taskeng.exe	helperservice.exe
PID 2104 wrote to memory of 2232	2104	fdm.exe	importwizard.exe
PID 2104 wrote to memory of 2232	2104	fdm.exe	importwizard.exe
PID 2104 wrote to memory of 2232	2104	fdm.exe	importwizard.exe
PID 2104 wrote to memory of 1096	2104	fdm.exe	iexplore.exe
PID 2104 wrote to memory of 1096	2104	fdm.exe	iexplore.exe
PID 2104 wrote to memory of 1096	2104	fdm.exe	iexplore.exe
PID 2596 wrote to memory of 2852	2596	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 2596 wrote to memory of 2852	2596	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 2596 wrote to memory of 2852	2596	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 2596 wrote to memory of 2852	2596	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 2596 wrote to memory of 2380	2596	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 2596 wrote to memory of 2380	2596	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 2596 wrote to memory of 2380	2596	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 2596 wrote to memory of 2380	2596	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 2596 wrote to memory of 2864	2596	fdm_x64_setup.tmp	netsh.exe
PID 2596 wrote to memory of 2864	2596	fdm_x64_setup.tmp	netsh.exe
PID 2596 wrote to memory of 2864	2596	fdm_x64_setup.tmp	netsh.exe
PID 2596 wrote to memory of 2864	2596	fdm_x64_setup.tmp	netsh.exe
PID 1096 wrote to memory of 864	1096	iexplore.exe	IEXPLORE.EXE
PID 1096 wrote to memory of 864	1096	iexplore.exe	IEXPLORE.EXE
PID 1096 wrote to memory of 864	1096	iexplore.exe	IEXPLORE.EXE
PID 1096 wrote to memory of 864	1096	iexplore.exe	IEXPLORE.EXE
PID 2596 wrote to memory of 592	2596	fdm_x64_setup.tmp	netsh.exe
PID 2596 wrote to memory of 592	2596	fdm_x64_setup.tmp	netsh.exe
PID 2596 wrote to memory of 592	2596	fdm_x64_setup.tmp	netsh.exe
PID 2596 wrote to memory of 592	2596	fdm_x64_setup.tmp	netsh.exe
PID 2596 wrote to memory of 1736	2596	fdm_x64_setup.tmp	fdm.exe
PID 2596 wrote to memory of 1736	2596	fdm_x64_setup.tmp	fdm.exe
PID 2596 wrote to memory of 1736	2596	fdm_x64_setup.tmp	fdm.exe
PID 2596 wrote to memory of 1736	2596	fdm_x64_setup.tmp	fdm.exe
PID 1736 wrote to memory of 108	1736	fdm.exe	importwizard.exe
PID 1736 wrote to memory of 108	1736	fdm.exe	importwizard.exe
PID 1736 wrote to memory of 108	1736	fdm.exe	importwizard.exe
PID 3000 wrote to memory of 2472	3000	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2436

C:\Users\Admin\AppData\Local\Temp\is-55GOE.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-55GOE.tmp\fdm_x64_setup.tmp" /SL5="$400BE,34943088,780288,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2596

C:\Windows\system32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:2652

C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Creates scheduled task(s)
PID:1932

C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:916

C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:2200

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2232

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=7sp1&osarchitecture=x86_64&architecture=x86_64&version=6.18.1.4920&uuid=62dbf9ee-95e5-4c7a-b98e-b849e0c4a762&locale=en_US&ac=1&au=1
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:864

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2852

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2380

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
3⤵
- Modifies Windows Firewall
PID:2864

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
3⤵
- Modifies Windows Firewall
PID:592

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
4⤵
- Executes dropped EXE
PID:108

C:\Windows\system32\taskeng.exe
taskeng.exe {3770B897-8300-422A-B4F0-AF32F9EC4651} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1400

C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef2d29758,0x7fef2d29768,0x7fef2d29778
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:2
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1536 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:1
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:1
2⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1312 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:2
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:1
2⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3536 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3660 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3776 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3828 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:1
2⤵
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2456 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:1
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4040 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:2024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3656 --field-trial-handle=1184,i,256413672085391906,15308879937297309390,131072 /prefetch:8
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Softdeluxe\Free Download Manager\MSVCP140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
5c744d7fbbeb6d806051cf99767ac56d

SHA1
4cc050c10b5a6c6a4c07df1ddea57ea68c725e9e

SHA256
7f58f49a59c4c25c733b9745f52abd5b03e2c79625ce610550dbba8835bb5623

SHA512
becb336b1811e605f6eef7795f43a7dc0c2a8f428d7f9b6f4989f56f3869ead150fbfbfd468a68a9d4925b3e9a9fe52a2e45abd1fcc4aa0e001d8cd2021e9ca6

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
ae064c624063ed8cd25d646e6b481273

SHA1
a34516d15740c50bcf871aa0d45ab9383bd6f0ca

SHA256
e1fe386e5b0f7f56ff2982d6959269041ae618ad74506db5887ade31e500841c

SHA512
fd63022843489c7eb400c6bb64fed0eecba87ab92fb9062af771c1016950d9ef7fa9774316c73114ec9120e36c767d6a6cf7fd064e9d9a912212a1526350a0c8

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
01ad27ee677d4e344657378832a6ac90

SHA1
47121d3b6f94160f60e8d903358710b868ea5970

SHA256
8fd1d49ad7a04880004c5fdf9f88118f236d2d08fb2d09e9d6ba33143b3a69da

SHA512
386f4a183ddfdf2b24a4af447f61b6fdcc9dc39d28c70d3cf720f36b4582b7e9c500f81dcbe4cfcabcbad523f9adc9f2a38c142929a1528da905cca3236dec94

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
ebcd3d486cbd0b772f8c8f0edd2a8cab

SHA1
51f043631fa0fc622a3ef7f6b9bf30964ea620d0

SHA256
d20bf4086cd6bae61a2546e2aaf6a1b3fe4e7c24422d13c8c05e1853dcf08973

SHA512
d0e66a0318774ab0ad338f20d64a57fd041b037bf923d6443bead37acafdb8930fdc5e0ce15b2b4032eb0e8db7e781858271e15af835127b46fd9aeb2e4f00f8

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
23102af54db977d494b3692767cf140e

SHA1
25eb0bfa64179eabe3c0798534d05d160877294a

SHA256
68a36ccfb88ddba45e3c02190be4f2e09a37ba6883cb63c2418aa68ba0e13401

SHA512
ae494514013b55e0eb6b8d51c1621ac5b10f5e5534991d095b73445c8d024a7350d35ae36cbf7f1bb34fa60f55cdf29f13d2cb427be3a07d004b4ae598b7a8ac

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
9fab02f9997d60412f3f045e41ab6e1d

SHA1
a974a6014ac3c7b2c3f2e51cd0560dcaac5f7e98

SHA256
03faaac34a7d25b8829da2508a4f8b476b5d5b895267f2b9852fb02ccf31da42

SHA512
432298110e3d4a684a6445820e5fd27a5f6a4a6c7c3a681b6e4cbe5fc3c6b54a1d2faae56735eeb3a2ffe0907676b5ea68b01b0d3691e81032abea9c4e9e2e9e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
9e0b0be46897205489c1f62b8d500716

SHA1
66d787d63b84578a7fdd96e20027d9a5b9abed6e

SHA256
0dd70eb1936ca4cdf2d9f21798f85acfb6cb061cff04c60c9c7e4004cbc14c0e

SHA512
16414e72e720db401592adff08ab6e24eef5b7f2bfbd8a5976ab6f76b209bc24eeb06a3fdd27793c40646947819605e9b7fbc1f6fdefd47c4601cea279b794da

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
91ba5541723dcdcedeeb2ab802c9f602

SHA1
6fb8c87617ea3b7fea9905ad61c1ccd94adfd1e3

SHA256
dd6b5fbab8e14874e1d03757cec08df5ada023877377612911619f5b52e37709

SHA512
3eda6f948f66539d82fe9d4af9fbec79eef2fc19567ee4703d278122ade7540f0e7149a213731d9219c953ba9f0ca2dc5178603c2e25d39e24821147211b1405

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
ab1e031803c1518d2d50927dac99bf02

SHA1
7403c89b5ec1c7eca155acf035db77f75f3562d7

SHA256
3a2c1d0c99a9e49ad974508cd67587b0f017086973decbe787c779ae57f0e011

SHA512
3fb653e3a198c94f4d70c76b9800d7cdaac3c682c66406e2b585663bed632d6e632c25e3b4eebc6971e3b02c6cebb94c56fe9cc961043e70f3a48d41f969dd9a

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
7a8dd369b8a9ede2636db42939da05f8

SHA1
b2dcb61d7bb01afa9b2aa3fd72884e3059f58c17

SHA256
4e07b35c97f71fea5c93dbfdfc030bfbc05aff218855fda16d2856cb7153e98b

SHA512
641c744588ad032763240241172460dd0ca95e6d3d9697a2a91ccf4195c76c15c722db1705777d7405b0d8f366fa9c37b269e733f795d5a3bbbaba1858069234

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
1d821d741cfaf0d322f2483114d93188

SHA1
aa6ecd604d207bbae869225a1a7738433a4417d6

SHA256
9b299b18fe97191e3875d173b2d89295cfa8d006a0c9328fae867b8da9bdc23b

SHA512
3ff35106664fed3746dc00ed0bf85db853b047f736708c9a2587d9550581642a6837f1ff4a0275c54a42f6033fbd7567b233d3f832f25a241b321820bff8a971

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
79878844b0a1eb2b621286dad20bc4ab

SHA1
a64cfd5f9424bad329e2578168ee58a11ce14f36

SHA256
177779ff31d2977ea5bb583d3fc50209edb64bbce8c40d6d14e34ea4446266e3

SHA512
960a8d1cf1c447a77eb90ecf1e8171c8e01d6933b04ec18acb0f7bbfecebdff5cb3c972b9ace75715d2dfcb5faf4de7ecfe56b059ff8e1255272257ef905e35d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
3c2162f8f05b362dda8814505c555312

SHA1
2bbcbb984c909ada3ce8cc37bd910375c2d806f4

SHA256
b5a3c4681ff8c09ccf32e0e0bf7d183293b5171bbb6512fdb90585d6d88fbd70

SHA512
ca268cc8dc39bf025aa7612c4cbecc18cb8fce30855c76e46c6524243c52ed4daa34bd75b99a65c2fa46eaa1aa302b33bdc84630a074d53b91153a89b4539ade

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
759606f25742c0d3252a3b6bcf7a0098

SHA1
6f395025343beb970fb06207101d01a4144133bf

SHA256
e3c4e66be42bdba47b3186f1935bf852620b9f6c507cf56321e21714814d1ea2

SHA512
0d5a35780098620e275aa82bb962f5c1b85caac1eea2a52c83b6963b002faaaf5d25f5ef78b93f530e75329d33cc6297059df2ed00624ee9a6eaed856e2d3c70

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
fb8949d67cb7f83a407c762788d9ae54

SHA1
f22c3707e653a967060aa16dba9afd23267789ca

SHA256
0595b77b356f9a1dfba92515cb15d227b7039cb8beee3b0ca6be15b5f3913dd9

SHA512
b08b4c2b6d392623ae7d52ebb30700b57f666dfbbac813b640f574b15267fb902e96f684a6e3ce138ef7a3068095bb6d9e180b4dbd4243b40defaf822a31f2bb

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
b6758d08c062bf25125ab89de52010e7

SHA1
2c678741012bc4834a18b49d739bf903831ac3e7

SHA256
b724edd5f89b6c0b6d386d8283b3fd6fdb7563d4e886537d3d77cfa5e81128c6

SHA512
0f1d02744bf405288150f31e0106f536fe4719383cf1b5d4fae3e4fb71da005c1e324d5157572d2fd8862a2f78984104a7b0b40ff60f120e545b9cbd683f5059

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
fc3d9d7e98c1315e30586dc8ce9254cd

SHA1
77520a4a2eaf4929e8deaf1751393781b161b837

SHA256
a075f5c8dbd97be408da070324e661d0ecef76deeb8c77ac7a2161083140ccfb

SHA512
64ad909f2b98a86bab730ac25169ec06c7129df89027b9a65e5f8e370ced78f884a4518f2d650f2eff78aafbdd037fd20dd784bcfc12618c13d5b153a6f2c92d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
8bf7134fd7c7b9f79fbaa46a820565fd

SHA1
c82732c10a0f03ef1868d2ca6a8c42ec430a8a02

SHA256
a8f38398b8e95919ce4f4eb4ce9e2db432b5b8da00b531e2f1633795b3fa622a

SHA512
9d48c50a08236df337ace9f7546d3db392d980d6b86111da0f1b72848d9a7e74aa05ec9eb83f35c4c0570334f5c3b8460e1864eb2ad9a7ff5dc67d0206616e61

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll

Filesize
32KB

MD5
f86d67751f21fdf101048da34d3de812

SHA1
6a99f27ef16ce1025bde7c8a0e9780739b22adc0

SHA256
b4e28856c976425995e79f08fe39de72c6fddb6b53ece7c25bd3cc2b7ac43a5f

SHA512
e0829655fb0b5e17bda36bf93b5e1293efd88b86fca07a7e88f715996ff263b9ee3a72dd57f0cc0b0a5bf7856f17e6f9ecb71871c6f01deae361b87a86d82932

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\service.xml

Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\ucrtbase.DLL

Filesize
969KB

MD5
aeea6662f0f7819a077b99441c36178c

SHA1
c3a2ec7fd791235b8b1f2371e94f25a1670f7d00

SHA256
cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302

SHA512
b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
faa5073a46c676d5cc6f9d0f5c4b32ff

SHA1
f90765091e8b1d5a35ab306c197f70775a5f8317

SHA256
0bf51607e70fba5f3175a786fa5100e940d1b9d45437929566197159957a7f7b

SHA512
769c24738145dfc7eaaa7ee8630bc57b4854c38df391158032fe09977c95d38e31c11b9267ce7c1b69d6546a3af118777fceaae37e58301abaa2b7ef22b483ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd42e59853adb96c0a158ee0e17bccb3

SHA1
c34db1a4c66d2dd88691c1e70146ed2c9d43bf8e

SHA256
79c3a036da301d40e45ff7e1807a18ee35c4a367836c82d9a916c10960eb0205

SHA512
c7ab116207a17f1e5fcdab9d3a9bac0b032cd755dcb68f5e06e932d1024e3ca1550695eaa81d52052d048ed9dfd07f8b7e8232b30d208388a4773563469c4833

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
167b70e910f5238c812c8593b3d07994

SHA1
c490279a8c94e57eccdcf6f3c0b16b6f0ee43e8d

SHA256
663a6d3fa613dbf910a1a5ecf558246884bb6bb2b5b9d685e26421b60c98f11d

SHA512
6e9ec17fb160eb598853462903809752cdc976b5430311122e226bf9805268bbb18538c6516e899b31d62710b18a9b6b1e32d9ac1a860e0ebe6c753602968e64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94529bf4d4527e941bfc1d467a71395d

SHA1
8c1273903bd87e6db96f57a20c8653ef0ffb03a6

SHA256
1ffe168d19c55ec39de8366f63cdfa68cccb99e10e3540a551df084c6d99cbd0

SHA512
7fe1142980582fd91a7423411a38f89ae4220bd6df001c89e4cadcbe9e7ae89c18fb58ba3ef2550354d8f40bfcf39a3aa6d102dd55ab0100a80e2758a82fe5e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7254e687f0defa608fedcbf47ba5e60

SHA1
fac6de3ab95006fa4b05c7740acc926699385e44

SHA256
8ab04b65e8e59ebe24c5f3efc697eafd202e75b2992f75c9116164d4f001df14

SHA512
8c6ec892997b243a4e9c580fc71efb177a03e0ed5e93c89c9414235c2fa499cab9673fb5ec298848b07950c15c33e48d812f301618f722903acaf867c6fd382c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1218d7568fdfb828d787bcbb72356fd8

SHA1
f1da85283f70f6504cddd630a789d4b078e39ac9

SHA256
a5298feb28a35f0612448995db9e2dcc669853e4086cc2cb295228f71dd0742b

SHA512
491c9fd20f5fc7bb8f274fd8f55fce74af64162e17abd3dd5a4b71b2454515134426842213d1d700adb1662dcf2c4f56d2809d40fbc4c72019aac9c8a84de0ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53f24b283d1f1aea72e29cf33cff9b03

SHA1
bffbaf2d67614ab13ed4f47177661fa4442a1b02

SHA256
85853ca4d046520ae68453d1c75da9c4d18feb43cdf79382bc1428825424abd0

SHA512
f1b00f17c7a6e0f8634396da3c686c82138e79ac82164752e1c3a5de355c996885372165840534fa4fb01002e099d8f0509f2c4c6f26f379b4a48315e820c493

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9ca3b5d345f464168b7655b85e7b989

SHA1
e95e409dfb27ff8124908b552cadbf1e15244d61

SHA256
351852ef72a14359c2693ed7aabb3b6a90a6db12147253a59e32d15aa37fd38a

SHA512
c0fe928110c4e6c5ef8a189e274a8cb4999743dc252a16abe81bb5741c5459860378d6224b7104d783ab018c676fd0ee5b9560f4dc69b7d438eff68d8e8b5da7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12cd8579d9b123dc3133f15330b831be

SHA1
2d69f307191614181bba8802f2ad59b0c44e4dd9

SHA256
3ddcf54f595abb41b5d1e3ce27a5e330933cde3d2f868a64bc853035a36717e4

SHA512
d419e76a03eb1c356e7c07a463312cb89fe90fe67167fccb59f81e4d16be06c409cfd929d3baefe752355e647d3e118b0839bc28df3a6ba539c5adefa6f79169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87f9f2e98f27322bb7c4ec9fb15e5ce7

SHA1
14c651c462d8af129d3561d174af78ad8fd3fe4e

SHA256
0080321464e18f2147d06d72cd4f0f79b4b2874455171cbfdee22e1bdd026258

SHA512
6341b8e4b22577841605f5ef19dfb07e18f3d480d3a2d8650d0d42936034177d9817387f6e32109c6c3212b7c159568c1bf72e86ac2ef70f47b5337b487ff3ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a13756b9e7169a7c975bd08c85f2189

SHA1
dd0719f71dcf50bad6be19dccedf149c5733eb27

SHA256
38e1d86797e500c6d604a47e48c931f1964485c2484606f59fb4bab72203654e

SHA512
36fcc9a7a3f00ddfd0d5c7ec26a9342d38d76d385e6999ec267a366e8042d70bf23fef57bc7cb919c54cdc9991d8e4709f0085d58047285d54c4f1db0f028e8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7244731be58476277c8ef14a8ec51231

SHA1
0b513e2b328ee5aaa7d53be20e9d5ba834b539d0

SHA256
57edaf68342a4de00536e99098a577e011988363e28bb1be0fc8164d566a1b53

SHA512
ff62f7891444f74d6c60738e3a71ba14da30b4473d3a40d95742738392fa490317c49724612b472b3442715ec350e20cca36124991c10c084e8dd6dd747ffded

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bffcc318f5c1ae4c54a3802ff646a24

SHA1
0de9855688c4c1ce97bd17c7933a4145276346b3

SHA256
60fd60bc415dfda9445ef991f4acd0e130b8b40ca0544e7a0fc8d5eca6ac194e

SHA512
c2db07ae3848c8576c1e48ad88386c528767112be19bc770e3d6c8b37d3b97bbf317b1397460da0f58d065218ca0058b516bd0bfbfac8111884258efd7d5a0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
2b4933eb2dfa627a5cc1221c191e12c7

SHA1
ad83079bbc05cd5e1f05170dcd9550557a3c7647

SHA256
3f9ddb3c0463f64e776438359730074c033003ac0f73a7af91d9284f4a19de16

SHA512
f79ccd16e9949e25129b56ebb47d7c6445b3e7a3197a1bfcb16fb81fdf137eb787a7cc53a46a4fc322022f3e90a41534a258514ff3e60a995192b8dc2e591b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8a4c1a1e6cbce18a7505c9562383099c

SHA1
b6365e9e6f79ea21af49c152ea6dcac3ddc2b698

SHA256
23ca328f0b3fc4c3fd38b00ac82e6be04cf249e51888f76965f5f1909654fa26

SHA512
48767e94268d124e925ecf999773eab0ff0e7a1e51dbee3954837d3639953ed63b48aec0d8a4868305591d67cf3db7b49477018a1861e17e9ab7ece0c15827f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\iehkyjx\imagestore.dat

Filesize
17KB

MD5
ae4ef737d0a81b5d9d8f94ed0ce35159

SHA1
801a3eeba108713c28e82a847ca83f8532b23fd7

SHA256
58354e3897ec94d61b0cfc79f59f9aedb33940016d1f75bf6b1be227324455c9

SHA512
da4c5a71d185ee93357eb6b92a1ce56122b51b647678cec9bb94932a70f240f58e79f7d65441d2aea440e2fc8f3f123fbc2882884b447ed2d0887fd0b5cf15d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DS6H085\favicon[2].ico

Filesize
17KB

MD5
a2a2e5e7382343676817d3f83c1e6e6a

SHA1
323a88bfe1d970b385801ddfc449842a698d925b

SHA256
4e7c4f74211abebb3c4e8c100a66a637e60c98d153d0b9213011c02b1c82f205

SHA512
52333e7013acb9c6eab83cb71c1430675ae94396c1f4fe2553eb357ddd2de80ba3dde761b01ec5e537cb109e9c6bc46ee5183f285552f67b7f29e408e50f0d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD01C.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD0DB.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-55GOE.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-55GOE.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF536E446BF6FD77F8.TMP

Filesize
16KB

MD5
ebffa412065f790299026022731c1269

SHA1
05d9dc13a9b24511f6f6b25fe89137f80a94a109

SHA256
df8bf6ac63ff3383cbf57a91e253173751053bbec74791916d50c181f6ad3704

SHA512
2062f13eb9a52584667581fe4fa8950541cf66da5e708b433856764d7fe80632172b0795a02f43502717ea0723426ef4d46411958e66194156affeaf101f06f2

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
5c744d7fbbeb6d806051cf99767ac56d

SHA1
4cc050c10b5a6c6a4c07df1ddea57ea68c725e9e

SHA256
7f58f49a59c4c25c733b9745f52abd5b03e2c79625ce610550dbba8835bb5623

SHA512
becb336b1811e605f6eef7795f43a7dc0c2a8f428d7f9b6f4989f56f3869ead150fbfbfd468a68a9d4925b3e9a9fe52a2e45abd1fcc4aa0e001d8cd2021e9ca6

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
ae064c624063ed8cd25d646e6b481273

SHA1
a34516d15740c50bcf871aa0d45ab9383bd6f0ca

SHA256
e1fe386e5b0f7f56ff2982d6959269041ae618ad74506db5887ade31e500841c

SHA512
fd63022843489c7eb400c6bb64fed0eecba87ab92fb9062af771c1016950d9ef7fa9774316c73114ec9120e36c767d6a6cf7fd064e9d9a912212a1526350a0c8

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
01ad27ee677d4e344657378832a6ac90

SHA1
47121d3b6f94160f60e8d903358710b868ea5970

SHA256
8fd1d49ad7a04880004c5fdf9f88118f236d2d08fb2d09e9d6ba33143b3a69da

SHA512
386f4a183ddfdf2b24a4af447f61b6fdcc9dc39d28c70d3cf720f36b4582b7e9c500f81dcbe4cfcabcbad523f9adc9f2a38c142929a1528da905cca3236dec94

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
ebcd3d486cbd0b772f8c8f0edd2a8cab

SHA1
51f043631fa0fc622a3ef7f6b9bf30964ea620d0

SHA256
d20bf4086cd6bae61a2546e2aaf6a1b3fe4e7c24422d13c8c05e1853dcf08973

SHA512
d0e66a0318774ab0ad338f20d64a57fd041b037bf923d6443bead37acafdb8930fdc5e0ce15b2b4032eb0e8db7e781858271e15af835127b46fd9aeb2e4f00f8

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
23102af54db977d494b3692767cf140e

SHA1
25eb0bfa64179eabe3c0798534d05d160877294a

SHA256
68a36ccfb88ddba45e3c02190be4f2e09a37ba6883cb63c2418aa68ba0e13401

SHA512
ae494514013b55e0eb6b8d51c1621ac5b10f5e5534991d095b73445c8d024a7350d35ae36cbf7f1bb34fa60f55cdf29f13d2cb427be3a07d004b4ae598b7a8ac

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
9fab02f9997d60412f3f045e41ab6e1d

SHA1
a974a6014ac3c7b2c3f2e51cd0560dcaac5f7e98

SHA256
03faaac34a7d25b8829da2508a4f8b476b5d5b895267f2b9852fb02ccf31da42

SHA512
432298110e3d4a684a6445820e5fd27a5f6a4a6c7c3a681b6e4cbe5fc3c6b54a1d2faae56735eeb3a2ffe0907676b5ea68b01b0d3691e81032abea9c4e9e2e9e

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
9e0b0be46897205489c1f62b8d500716

SHA1
66d787d63b84578a7fdd96e20027d9a5b9abed6e

SHA256
0dd70eb1936ca4cdf2d9f21798f85acfb6cb061cff04c60c9c7e4004cbc14c0e

SHA512
16414e72e720db401592adff08ab6e24eef5b7f2bfbd8a5976ab6f76b209bc24eeb06a3fdd27793c40646947819605e9b7fbc1f6fdefd47c4601cea279b794da

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
91ba5541723dcdcedeeb2ab802c9f602

SHA1
6fb8c87617ea3b7fea9905ad61c1ccd94adfd1e3

SHA256
dd6b5fbab8e14874e1d03757cec08df5ada023877377612911619f5b52e37709

SHA512
3eda6f948f66539d82fe9d4af9fbec79eef2fc19567ee4703d278122ade7540f0e7149a213731d9219c953ba9f0ca2dc5178603c2e25d39e24821147211b1405

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
ab1e031803c1518d2d50927dac99bf02

SHA1
7403c89b5ec1c7eca155acf035db77f75f3562d7

SHA256
3a2c1d0c99a9e49ad974508cd67587b0f017086973decbe787c779ae57f0e011

SHA512
3fb653e3a198c94f4d70c76b9800d7cdaac3c682c66406e2b585663bed632d6e632c25e3b4eebc6971e3b02c6cebb94c56fe9cc961043e70f3a48d41f969dd9a

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
7a8dd369b8a9ede2636db42939da05f8

SHA1
b2dcb61d7bb01afa9b2aa3fd72884e3059f58c17

SHA256
4e07b35c97f71fea5c93dbfdfc030bfbc05aff218855fda16d2856cb7153e98b

SHA512
641c744588ad032763240241172460dd0ca95e6d3d9697a2a91ccf4195c76c15c722db1705777d7405b0d8f366fa9c37b269e733f795d5a3bbbaba1858069234

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
1d821d741cfaf0d322f2483114d93188

SHA1
aa6ecd604d207bbae869225a1a7738433a4417d6

SHA256
9b299b18fe97191e3875d173b2d89295cfa8d006a0c9328fae867b8da9bdc23b

SHA512
3ff35106664fed3746dc00ed0bf85db853b047f736708c9a2587d9550581642a6837f1ff4a0275c54a42f6033fbd7567b233d3f832f25a241b321820bff8a971

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
79878844b0a1eb2b621286dad20bc4ab

SHA1
a64cfd5f9424bad329e2578168ee58a11ce14f36

SHA256
177779ff31d2977ea5bb583d3fc50209edb64bbce8c40d6d14e34ea4446266e3

SHA512
960a8d1cf1c447a77eb90ecf1e8171c8e01d6933b04ec18acb0f7bbfecebdff5cb3c972b9ace75715d2dfcb5faf4de7ecfe56b059ff8e1255272257ef905e35d

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
3c2162f8f05b362dda8814505c555312

SHA1
2bbcbb984c909ada3ce8cc37bd910375c2d806f4

SHA256
b5a3c4681ff8c09ccf32e0e0bf7d183293b5171bbb6512fdb90585d6d88fbd70

SHA512
ca268cc8dc39bf025aa7612c4cbecc18cb8fce30855c76e46c6524243c52ed4daa34bd75b99a65c2fa46eaa1aa302b33bdc84630a074d53b91153a89b4539ade

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
759606f25742c0d3252a3b6bcf7a0098

SHA1
6f395025343beb970fb06207101d01a4144133bf

SHA256
e3c4e66be42bdba47b3186f1935bf852620b9f6c507cf56321e21714814d1ea2

SHA512
0d5a35780098620e275aa82bb962f5c1b85caac1eea2a52c83b6963b002faaaf5d25f5ef78b93f530e75329d33cc6297059df2ed00624ee9a6eaed856e2d3c70

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
fb8949d67cb7f83a407c762788d9ae54

SHA1
f22c3707e653a967060aa16dba9afd23267789ca

SHA256
0595b77b356f9a1dfba92515cb15d227b7039cb8beee3b0ca6be15b5f3913dd9

SHA512
b08b4c2b6d392623ae7d52ebb30700b57f666dfbbac813b640f574b15267fb902e96f684a6e3ce138ef7a3068095bb6d9e180b4dbd4243b40defaf822a31f2bb

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
b6758d08c062bf25125ab89de52010e7

SHA1
2c678741012bc4834a18b49d739bf903831ac3e7

SHA256
b724edd5f89b6c0b6d386d8283b3fd6fdb7563d4e886537d3d77cfa5e81128c6

SHA512
0f1d02744bf405288150f31e0106f536fe4719383cf1b5d4fae3e4fb71da005c1e324d5157572d2fd8862a2f78984104a7b0b40ff60f120e545b9cbd683f5059

Download Submit
\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
fc3d9d7e98c1315e30586dc8ce9254cd

SHA1
77520a4a2eaf4929e8deaf1751393781b161b837

SHA256
a075f5c8dbd97be408da070324e661d0ecef76deeb8c77ac7a2161083140ccfb

SHA512
64ad909f2b98a86bab730ac25169ec06c7129df89027b9a65e5f8e370ced78f884a4518f2d650f2eff78aafbdd037fd20dd784bcfc12618c13d5b153a6f2c92d

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
5.4MB

MD5
af0e1046e67ed95adbdb90668964d3ab

SHA1
c7ae52bd3214d8cf864dd95a0399ceb90120a62c

SHA256
3d20a3544dd4e5e606525f74c7e323144cf564dcb7a6b9e8e94c0845e6ec800e

SHA512
dd3f8b3025531506628526640aa46ac8c05d3a06eb97b6ff3b32e425ee85104a269b8d4f00d886fd649b34f69dfc270c26288bebc7bfdf8fd5e324fb3bf7c046

Download Submit
\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
8bf7134fd7c7b9f79fbaa46a820565fd

SHA1
c82732c10a0f03ef1868d2ca6a8c42ec430a8a02

SHA256
a8f38398b8e95919ce4f4eb4ce9e2db432b5b8da00b531e2f1633795b3fa622a

SHA512
9d48c50a08236df337ace9f7546d3db392d980d6b86111da0f1b72848d9a7e74aa05ec9eb83f35c4c0570334f5c3b8460e1864eb2ad9a7ff5dc67d0206616e61

Download Submit
\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
\Program Files\Softdeluxe\Free Download Manager\ucrtbase.dll

Filesize
969KB

MD5
aeea6662f0f7819a077b99441c36178c

SHA1
c3a2ec7fd791235b8b1f2371e94f25a1670f7d00

SHA256
cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302

SHA512
b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639

Download Submit
\Program Files\Softdeluxe\Free Download Manager\unins000.exe

Filesize
2.5MB

MD5
4aa99065bf80198db9ed6e2395e8fc3f

SHA1
a1d6596be22ea524d7cb12a6f1d9c466a9f45e21

SHA256
b39ff24189008a102c9cd114302769c83c31841e0f2c99d0530f242703188a65

SHA512
5fa1bcb83be7c043187a47004603e823cbc6bf4b5c7744b6cc47d019588d05d5cf356078f21e1f599ef9310adb87b2201efa80f380665aa9d893d584143e2207

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
481KB

MD5
c5ec998da72d44adcb50d1b6544d5b3f

SHA1
63bec20d94dcf6e7bf7dbea41cff16d7120c4fee

SHA256
bb6fd71add89ad693227233598e4cb47f0f6d7d08b8168459e810a662b1f7e30

SHA512
24f71dc08eb2a1b5abb1effc3d71e8c0059fcb8d745e3cc0a8b47be8499727814cf7f0b7d0532f6fa9f861d142d00cfa30b3f6ea15c7437bb4800d2b4ffa7813

Download Submit
\Users\Admin\AppData\Local\Temp\is-55GOE.tmp\fdm_x64_setup.tmp

Filesize
2.5MB

MD5
869c50863faef0fa7052b5551698ed58

SHA1
feb12f73e0a68d43db51a35f04be3f9d2aac90a3

SHA256
7e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e

SHA512
19076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df

Download Submit
memory/1736-2715-0x0000000004E00000-0x0000000005240000-memory.dmp

Filesize
4.2MB

Download
memory/1736-3210-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-4726-0x000000000B1E0000-0x000000000B1EA000-memory.dmp

Filesize
40KB

Download
memory/1736-4722-0x0000000001F50000-0x0000000001F60000-memory.dmp

Filesize
64KB

Download
memory/1736-4661-0x000000000AED0000-0x000000000AED1000-memory.dmp

Filesize
4KB

Download
memory/1736-4627-0x000000000B1E0000-0x000000000B1EA000-memory.dmp

Filesize
40KB

Download
memory/1736-2665-0x000007FEF4F70000-0x000007FEF5318000-memory.dmp

Filesize
3.7MB

Download
memory/1736-4626-0x000000000B1E0000-0x000000000B1EA000-memory.dmp

Filesize
40KB

Download
memory/1736-2667-0x000007FEF43D0000-0x000007FEF4925000-memory.dmp

Filesize
5.3MB

Download
memory/1736-3228-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/1736-3227-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/1736-2673-0x000000013F160000-0x000000013F6D4000-memory.dmp

Filesize
5.5MB

Download
memory/1736-3226-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/1736-2714-0x0000000001F50000-0x0000000001F60000-memory.dmp

Filesize
64KB

Download
memory/1736-3225-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/1736-2717-0x0000000005240000-0x0000000005440000-memory.dmp

Filesize
2.0MB

Download
memory/1736-3197-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3196-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3198-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3199-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3200-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3201-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3202-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3203-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3204-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3205-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3206-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3207-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3208-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3224-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/1736-3209-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3211-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3213-0x0000000006E10000-0x0000000006E11000-memory.dmp

Filesize
4KB

Download
memory/1736-3214-0x0000000006E00000-0x0000000006E01000-memory.dmp

Filesize
4KB

Download
memory/1736-3215-0x0000000006E10000-0x0000000006E11000-memory.dmp

Filesize
4KB

Download
memory/1736-3216-0x0000000006E10000-0x0000000006E11000-memory.dmp

Filesize
4KB

Download
memory/1736-3217-0x0000000006E10000-0x0000000006E11000-memory.dmp

Filesize
4KB

Download
memory/1736-3218-0x0000000006E10000-0x0000000006E11000-memory.dmp

Filesize
4KB

Download
memory/1736-3219-0x0000000006E10000-0x0000000006E11000-memory.dmp

Filesize
4KB

Download
memory/1736-3221-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/1736-3222-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/1736-3223-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/1744-2695-0x0000000000210000-0x0000000000220000-memory.dmp

Filesize
64KB

Download
memory/2104-1977-0x000000013FB10000-0x0000000140084000-memory.dmp

Filesize
5.5MB

Download
memory/2104-1974-0x000007FEF4A60000-0x000007FEF4E08000-memory.dmp

Filesize
3.7MB

Download
memory/2104-1976-0x000007FEF3DC0000-0x000007FEF4315000-memory.dmp

Filesize
5.3MB

Download
memory/2436-11-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2436-1-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2436-2666-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2596-2664-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/2596-1983-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/2596-1016-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/2596-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-9-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2596-2212-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/2596-15-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2596-12-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2596-14-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download