3351b2b19b555a2cfce01090797637435cbe4109adb037e4ea662a1e4030073e

Analysis

max time kernel
102s
max time network
111s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-05-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x64_setup.exe
Size

38.2MB
MD5

dcf5ac41204864216b005ba522938ca7
SHA1

ed83d911fff891832a3b0ae31f99cf85bdd46762
SHA256

3351b2b19b555a2cfce01090797637435cbe4109adb037e4ea662a1e4030073e
SHA512

10a520980dfa05b6332ef12e77c6812f6f5b2d26d8e8bcf458ebf65b7ec2d97b6993007962fc3bb4853e48afe2e718b45f38857c9356f96f3d3fde91d43fffa2
SSDEEP

786432:5yGnysYxmCueXsJ2xHmnQPJWkyRAgm5IsJFqrvrM3+MYnX1y:IsYxrQ4THgcd6TM+/n

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

5052 netsh.exe
4204 netsh.exe

pid	process
5052	netsh.exe
4204	netsh.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

fdm.exefdm.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	fdm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	fdm.exe

Executes dropped EXE 9 IoCs

Processes:

fdm_x64_setup.tmphelperservice.exefdm.exeimportwizard.exefdm5rhwin.exefdm5rhwin.exefdm.exeimportwizard.exefdm.exe

pid	process
4304	fdm_x64_setup.tmp
3600	helperservice.exe
4092	fdm.exe
4592	importwizard.exe
2144	fdm5rhwin.exe
2076	fdm5rhwin.exe
1552	fdm.exe
2556	importwizard.exe
6056	fdm.exe

Loads dropped DLL 64 IoCs

Processes:

fdm.exehelperservice.exeimportwizard.exe

pid	process
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
3600	helperservice.exe
3600	helperservice.exe
3600	helperservice.exe
3600	helperservice.exe
3600	helperservice.exe
3600	helperservice.exe
3600	helperservice.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4092	fdm.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe
4592	importwizard.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

fdm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden"	fdm.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

fdm.exe

description ioc process

File opened (read-only) \??\D: fdm.exe
File opened (read-only) \??\F: fdm.exe

description	ioc	process
File opened (read-only)	\??\D:	fdm.exe
File opened (read-only)	\??\F:	fdm.exe

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-MC9FP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-H6EMQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-KH9HJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-6LRE6.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-9QBRH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-M42LV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Fusion\is-UTJ5T.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-6VLQ5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-N1BT4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-UK30S.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-0Q418.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-BFG8K.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-DE738.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\impl\is-UTP00.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-51BBE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-2QUKE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-B4JEL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-MMODK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-H67QP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Templates\is-JUMAI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-G2G1R.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-JJG2A.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-285FH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-JDLEQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-RNTJ3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-O1H9I.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\imageformats\is-GM84F.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\private\is-3STVB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\tls\is-C3M5B.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-1HGAA.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-5NKL7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-2OSHU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-AGHDR.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-2K8KF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-USLKQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Templates\is-BTQ72.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-SL9RD.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\impl\is-IOU34.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\impl\is-CFCF8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-US35V.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-H736J.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\is-40L1Q.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-P10UH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-C40CO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\imageformats\is-EO7EP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\is-HE1VH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-O9KA4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Imagine\is-NO7LI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\NativeStyle\controls\is-PNT1V.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-C3PAU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-TQM41.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-DEKLR.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-I326T.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\private\is-P0MPK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-GVUA2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-V2IID.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-MLSLS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-LMNPL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-I9TKG.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\impl\is-D6A00.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-579LL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Imagine\is-149F7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-22UP0.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-QKTPL.tmp	fdm_x64_setup.tmp

Drops file in Windows directory 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

1000 schtasks.exe

pid	process
1000	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 10 IoCs

adware spyware

Modify Registry

T1112

Processes:

fdm_x64_setup.tmpbrowser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefdm.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\fdm\shell\open\command\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2a522ef3b5acda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\fdm\shell\open\command\	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 41e423f4b5acda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\fdm\shell\open\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fdb779edb5acda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\fdm\ = "URL:fdm link"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\command	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "101"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000e95f0df3096333d4b395f252c24911387949d0cc4df6b1c9deeb60cb221748205171e60ad2ce7f695d720623a71408f22b01d728c3e9f2c93459	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\fdm\URL Protocol	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\	fdm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

fdm.exefdm.exefdm.exe

pid process

4092 fdm.exe
1552 fdm.exe
6056 fdm.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

fdm5rhwin.exefdm5rhwin.exe

pid process

2144 fdm5rhwin.exe
2144 fdm5rhwin.exe
2076 fdm5rhwin.exe
2076 fdm5rhwin.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

fdm.exe

pid process

1552 fdm.exe

pid	process
2144	fdm5rhwin.exe
2144	fdm5rhwin.exe
2076	fdm5rhwin.exe
2076	fdm5rhwin.exe

pid	process
1552	fdm.exe

Suspicious behavior: MapViewOfSection 8 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	process
1936	MicrosoftEdgeCP.exe
1936	MicrosoftEdgeCP.exe
1936	MicrosoftEdgeCP.exe
1936	MicrosoftEdgeCP.exe
1936	MicrosoftEdgeCP.exe
1936	MicrosoftEdgeCP.exe
1936	MicrosoftEdgeCP.exe
1936	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

fdm.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeAUDIODG.EXE

description	pid	process
Token: SeIncreaseQuotaPrivilege	4092	fdm.exe
Token: SeDebugPrivilege	3456	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3456	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3456	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3456	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	768	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	768	MicrosoftEdgeCP.exe
Token: 33	2548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2548	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

fdm_x64_setup.tmpfdm.exe

pid process

4304 fdm_x64_setup.tmp
1552 fdm.exe
1552 fdm.exe
1552 fdm.exe
1552 fdm.exe
1552 fdm.exe
1552 fdm.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

fdm.exe

pid process

1552 fdm.exe
1552 fdm.exe
1552 fdm.exe
1552 fdm.exe
1552 fdm.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefdm.exe

pid process

4580 MicrosoftEdge.exe
1936 MicrosoftEdgeCP.exe
3456 MicrosoftEdgeCP.exe
1936 MicrosoftEdgeCP.exe
4584 MicrosoftEdgeCP.exe
1552 fdm.exe

pid	process
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe
1552	fdm.exe

pid	process
4580	MicrosoftEdge.exe
1936	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
1936	MicrosoftEdgeCP.exe
4584	MicrosoftEdgeCP.exe
1552	fdm.exe

Suspicious use of WriteProcessMemory 56 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpfdm.exeMicrosoftEdgeCP.exefdm.exe

description	pid	process	target process
PID 2944 wrote to memory of 4304	2944	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2944 wrote to memory of 4304	2944	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 2944 wrote to memory of 4304	2944	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 4304 wrote to memory of 668	4304	fdm_x64_setup.tmp	schtasks.exe
PID 4304 wrote to memory of 668	4304	fdm_x64_setup.tmp	schtasks.exe
PID 4304 wrote to memory of 1000	4304	fdm_x64_setup.tmp	schtasks.exe
PID 4304 wrote to memory of 1000	4304	fdm_x64_setup.tmp	schtasks.exe
PID 4304 wrote to memory of 4872	4304	fdm_x64_setup.tmp	schtasks.exe
PID 4304 wrote to memory of 4872	4304	fdm_x64_setup.tmp	schtasks.exe
PID 4304 wrote to memory of 2096	4304	fdm_x64_setup.tmp	schtasks.exe
PID 4304 wrote to memory of 2096	4304	fdm_x64_setup.tmp	schtasks.exe
PID 4304 wrote to memory of 4092	4304	fdm_x64_setup.tmp	fdm.exe
PID 4304 wrote to memory of 4092	4304	fdm_x64_setup.tmp	fdm.exe
PID 4092 wrote to memory of 4592	4092	fdm.exe	importwizard.exe
PID 4092 wrote to memory of 4592	4092	fdm.exe	importwizard.exe
PID 4304 wrote to memory of 2144	4304	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4304 wrote to memory of 2144	4304	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4304 wrote to memory of 2076	4304	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4304 wrote to memory of 2076	4304	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4304 wrote to memory of 5052	4304	fdm_x64_setup.tmp	netsh.exe
PID 4304 wrote to memory of 5052	4304	fdm_x64_setup.tmp	netsh.exe
PID 4304 wrote to memory of 4204	4304	fdm_x64_setup.tmp	netsh.exe
PID 4304 wrote to memory of 4204	4304	fdm_x64_setup.tmp	netsh.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4304 wrote to memory of 1552	4304	fdm_x64_setup.tmp	fdm.exe
PID 4304 wrote to memory of 1552	4304	fdm_x64_setup.tmp	fdm.exe
PID 1552 wrote to memory of 2556	1552	fdm.exe	importwizard.exe
PID 1552 wrote to memory of 2556	1552	fdm.exe	importwizard.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1936 wrote to memory of 668	1936	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944

C:\Users\Admin\AppData\Local\Temp\is-5HAO6.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5HAO6.tmp\fdm_x64_setup.tmp" /SL5="$501F8,39071125,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4304

C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:668

C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Creates scheduled task(s)
PID:1000

C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:4872

C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:2096

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4092

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4592

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=10.0&osarchitecture=x86_64&architecture=x86_64&version=6.22.0.5714&uuid=b6e3d1cd-5b84-4175-aa5b-81371d33fb7a&locale=en_US&ac=1&au=1"
4⤵
PID:3308

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2144

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2076

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
3⤵
- Modifies Windows Firewall
PID:5052

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
3⤵
- Modifies Windows Firewall
PID:4204

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
3⤵
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1552

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
4⤵
- Executes dropped EXE
PID:2556

C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4580

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4192

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3456

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:668

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4584

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x390
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2548

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:6056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5380

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Softdeluxe\Free Download Manager\Qt6Gui.dll
Filesize
8.5MB

MD5
7875aad0d0d426e9d1b132a35266de32

SHA1
8b7656e3412ae546153d2d3df91a6ff506d64749

SHA256
fc2464f62d7915ddeaebb5490bee6d60e7b42ad5a223d5812f0993c27c35be19

SHA512
9fa16c5c628f2e9b242323aed4c1aa70f093cee9f341ac61640287ff9be8663658f502769e037a8409943d3c9ab826bb1c6f88532f0fbacdaea28b2353cdfba9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Quick.dll
Filesize
5.3MB

MD5
e739a7f0e54081125d1381a42eb7c226

SHA1
20ef3724f878bfe7773e006c29de3ff4e6e8a8c3

SHA256
35e8842051211a1654d6717b8786357e7a93b21a004f941151e7a4af23e16a84

SHA512
fde9db1793eec6fe1a0818af1b24c8399c941280982bbbb456332aa2768d0950da0caa7bd21e1cbbe81770358cdcdd3a6b199c71df1432170506dadc718d88e1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140.dll
Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
Filesize
7.1MB

MD5
5e1625b9523e056062a65f9175ec8439

SHA1
6b5433872959876c3d38409065d61b1d96a58678

SHA256
a6dc4330415210ff067343cd6c61418665fc4a3debbe02adeb7e9be44d9f1371

SHA512
4c4a124a8e35a8b1b374c8f5d7368cd6aa15ec7eb01a73a9b910400f0ee46b7eb0551869c5fcc341fbb535595b39d042aaabd6f181c5712cc06a40f37d3bf44d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
Filesize
136KB

MD5
27b4d5dc829b1768fbbbfc34ffe6b8f4

SHA1
5de0569cd9a77cba597e84bc00f4a743aa3f4820

SHA256
fd32cdd9ff35604b1ebde968b52f7c0924f7327f79e5bcfa8957bde9f3318350

SHA512
e7a663feba928cc77f5ba518ea36bae61f03cd4c4c62942dbfa90604dc86d0b1891ff86cc3f9755a0602c4cc19909866f9c16f3541cdb947a4dec371b0c269fb

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll
Filesize
43KB

MD5
2eaa0986b548ccf81377dc5c74646872

SHA1
5d80dd6afe79281e45b3eecb334ccfb264b05e6c

SHA256
c2d37d53dde29a768db8ebedc50d7d3733263bf04adb278442a0c79012ca5dc6

SHA512
869d23c74d63a5cbe74204024429bd7ecb6a778b0805aadf034996f834f99b15543701e8bbdadfcaf2a99294b84d3add751f1bc6f64c2ae048543b701a7a801f

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-8A9OB.tmp
Filesize
1KB

MD5
63340c8fcb71734ce4bbac29a86821b5

SHA1
0cfd02b3e95fa482cbd4bd83b0f2d9214acc9709

SHA256
78b5fc58e6d881d16351e92d32b8cadea6b14fbf8c20c1bc7e56d02946467ae8

SHA512
fe035bb77a32d0fe9d4983d90c65d4c2600a019ac20743dbec409f29ffbfbecd8bca2d15abfffb2e71b77e3c105e248627a176942cdf9d7b98ed9113e6f73ba0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-579LL.tmp
Filesize
215B

MD5
2006d4b7d0da455aa4c7414653c0018a

SHA1
6685b8360b97799aa4d6b18789bf84a343e9e891

SHA256
a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a

SHA512
703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\service.xml
Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll
Filesize
682KB

MD5
1a9932fd862aba025acaaa9c10e627ef

SHA1
ed540bb98074a7976bf429ee4bf0072ebb80f768

SHA256
d1f525ad3f43323ee0fa5bb6676363f84bcbbb10cc604507d67b49a6104770f1

SHA512
bf9f957b2d613af02eb98a9a9e832962408558a9550427f8179388aaa9a0a69911be3fb225fd19f797feb80b9d7dc2a3916b5511099bb9b0c1461df330ca3b50

Download Submit
C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\57QJXHSK\favicon[1].ico
Filesize
17KB

MD5
a2a2e5e7382343676817d3f83c1e6e6a

SHA1
323a88bfe1d970b385801ddfc449842a698d925b

SHA256
4e7c4f74211abebb3c4e8c100a66a637e60c98d153d0b9213011c02b1c82f205

SHA512
52333e7013acb9c6eab83cb71c1430675ae94396c1f4fe2553eb357ddd2de80ba3dde761b01ec5e537cb109e9c6bc46ee5183f285552f67b7f29e408e50f0d44

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TVIVSQH5\favicon[1].ico
Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\dspim5e\imagestore.dat
Filesize
27KB

MD5
ba932376515748323c6923ec89f6f0ad

SHA1
461623e04e4eb2228f00d1c84a9c12036ffe9bf7

SHA256
ca650e47ceeac20b20241541bf02fdbc2fa5185d83b620d5f16c70f0f7507659

SHA512
f8fb6c10d4b00d8ba342e1b0c86038eb8ebe05c4adac344d940ccc93987b6705024793b12dab22b5dcf0a16fa63ddafb15ca388829a3bd7f28366f1a8b269200

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5HAO6.tmp\fdm_x64_setup.tmp
Filesize
3.1MB

MD5
9a1694433f4207f5c8b877f6bdc0998c

SHA1
4cb690958175d01b8a6ba5002bfe703adb5db7e7

SHA256
bcc145b9ccfc3a5129b277b46ae3278b93090aa306d33d5a77958362d9406b1f

SHA512
a7fcea133b26837c73588b1f4ba4ea99b153874eaa76b58b54c3b69b1a23bffbbed7338f8450d437ad9d98fe46290d751e7a2fc2244ee46ad0485377b4b5e98d

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6Core.dll
Filesize
6.0MB

MD5
46a0dbd38cb28d8e79c80c9a033f6ae9

SHA1
1be5f3e78485f9b08e32346f13155a94001de50e

SHA256
225bd38093416c825f2e3220213f64e1079e9ab20f4738decc0fc6eb992e8a9e

SHA512
3fb62bce7b1d5129237914269aa3dd9a24f9e797927f2f4f937a0a291d357a40ec51b9c829094dc0bae1edcd6c580f1c9a03ca2c84d5526599c3608246f00bd0

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6Core5Compat.dll
Filesize
851KB

MD5
e50b9b3fa16362c86a40e6255c6b45e7

SHA1
fa8ce8fd6d4415abdb67597735575dc83a8fc634

SHA256
c95ab3df8dc0bfd92925b7b8b51bce859ae09008691874a5c6f5630969557564

SHA512
03a8ac0ae14e8420dd9fd91bc1619d072882d152127b3f2f1c6f7e670b7c54c524490e7c84a7cd0b76e2db413439a1ca55c4e03416fd6beb47b1067c3e960cba

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6Multimedia.dll
Filesize
833KB

MD5
e8fa5ba349752d18f6302434658229f4

SHA1
1e7696e1ae887734f017e7c4e521ff648e090508

SHA256
7b2aaffd8bd1b042d1d028b071d4fbb42420f52d04f45de06c4a80315b9f1b29

SHA512
771a41622b045724604568c18e5df00f99b3da3fa67d25f5a60024db34b01b7b70cd0aa9bb39c53cab4eef7a6059e5855fb205e83d131580626a4b43505bf621

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6Network.dll
Filesize
1.4MB

MD5
960f50470059381c65833145036fef29

SHA1
270e230bfc9248e5ecff9ea8dfbc5f1066df02ee

SHA256
1071f4f88c65317401bf93a2ffb55e661adcbb84f05911879ab21a6656521a68

SHA512
cb0a0d63aaae1b9646dad722759b1c53b36ed13a4231a30b054f6124bcc69e7285c5777ab6bbbb8296756d6c31fc94e735db42c5155db35274e0ec25c1406582

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6OpenGL.dll
Filesize
1.9MB

MD5
2a2a628e23cada5d2eba63dee642438e

SHA1
73cbc92073eaedde3f2fc432edda0677e7a49c9d

SHA256
054b0a8d87fc735aa2eb281e5078f8d28bd1c395b7e32de13ef64a8bbc10bb04

SHA512
ca87b5e95ba9c3b1268b14a6587305ea52512224e9ba48e73e64b292713df295e9d64587f446fd28f0e2788d7cb78ca460d962f06cf43ccde53fe45ae65cbe90

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6Qml.dll
Filesize
4.8MB

MD5
6404ca802e99e8520d6229982e382cf0

SHA1
204e0446b4989ef2df2c71a4ef7482240039da45

SHA256
477747d49a8b7f51c408fe7a49cc3dcfa99078040d3059c5586c77d9b04d1a0d

SHA512
90998283c98eb7002cb0342b664a9f03902a6ee8141781ab03f723fddfb925d0a0e450e3c89589eebec41b95f1e73ec298808857151782b3c00b6c3fecf17df0

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6QmlModels.dll
Filesize
708KB

MD5
623c7740fc301a398c40dc9504d04fd6

SHA1
fb0e711c49c2ff488c7d3be9daebe2779bd42157

SHA256
4ae023a87636f5c70c08dbd787e47eecfa0ac15ff741677db323d70bd70a36a1

SHA512
2343081e57448e3922eeb86bcedb861ed8fde1dc51ab0e42e7930cf07834e9fcfe41a9b1d64a89341037abee421d242d4ece91dec8a8b26a0a552989e130fc34

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6QuickControls2.dll
Filesize
87KB

MD5
8641967f2caf274abb1be307cc70204f

SHA1
08dea9d79289dc90dc75554baf0dce8eb7c53023

SHA256
7065885b1374f55ade04621b52b5ddf6d6e24cb6d57d89d2a1c5cd6bb0d1dede

SHA512
a8cee79efcb002aa2eef263ed0492a212b017375577f42de13322a8f8ba9f942fae2b8658fd7468a7a7bf1a19192013fb092efdf7695b8ca7d291990157154f6

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6QuickTemplates2.dll
Filesize
1.7MB

MD5
f5b138ab4c0ec16233fa6a9d15d9721d

SHA1
c927058d73c57bf34dd37ffc4c899945f38556c1

SHA256
000013ac37fb5f210fde72ee1d4b175dec38c45d6615d306e62431753b0d03fd

SHA512
40d6becc960d3133c326cce9b7caf1a0d5473605b3c30e935befe60a027f5f3fe5647d3d906a88eab8b347c697758c5a8789949f25bac4ffce3eb2112ba34b90

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6Sql.dll
Filesize
291KB

MD5
04b54b342a7f3b56fe9b327cd3fffa86

SHA1
257cbc011eb1c1acb4121a1dbde801411fb3691b

SHA256
cec14ed64352d5c6e1e043d716cbd2d4575ddfff2e48633c6e6fa2670895ee59

SHA512
493003fa6b37c723ea08b0749348ca96fa0939a384ac452737947eb98195f1c1c78b9fd7c7220d0938cb526afc300232c0e52720d54919ceb05c311d6ed3b62f

Download Submit
\Program Files\Softdeluxe\Free Download Manager\Qt6Widgets.dll
Filesize
6.2MB

MD5
34abb42b63e71b09b72b48cf5b1dba53

SHA1
9f3111aab57a5f28a4ce9bf82ea208fa3eadb9a6

SHA256
c71e65b882a84f47114590784a256f14ba19202ec30b218ce4841b2c7256060b

SHA512
06acab5a04a5d3e6834ddc95229758d4adc7a7f0ef003c80e8d59a8241e295b196aceacce20c88879e1676405a2538d032ec6ac543258538e686878fb29f77f1

Download Submit
\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll
Filesize
110KB

MD5
5a21af6456093e56fbc263c4c960d54b

SHA1
548dfee87ce7777d8ed8f6bb834406bd6c58d7ba

SHA256
8876faeae9d27f744ce4271efe6e05d28cd8091189b8fbb0ce42c6f4ab7dc58c

SHA512
b5e3b21b53a17b36f28504c1f32da7bbae3d27033a04c185509d0eda3ec93bb841e29d0961f22bd2b4d24c3df4bfe3869e278e4de9846a092e2f2080a2e1321b

Download Submit
\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll
Filesize
616KB

MD5
57debc58b95241930ad4b6b7676b9da0

SHA1
dca5081ed69c7045226bee1e86c735ed49bb90de

SHA256
7f7c4d65c9d591862b7e68d12a85ba97b69668be0d66fb4a2bf8c5f467ede60e

SHA512
8c25610ccf67396005883fb0494c5c7c9bcef391e54b628a3264c6b3b602e9c1b3d478c709c1f4ede562265524080208b2827ff0ba72110ce7da93f83e238883

Download Submit
\Program Files\Softdeluxe\Free Download Manager\libcrypto-3-x64.dll
Filesize
4.6MB

MD5
abbed3f87da630930d274871cb794a4b

SHA1
40398d1aa2c9b9be7aa7744e311b67b5296b0450

SHA256
7e8caae0c0e6bf6bc5ece9aad0cae238246a5a98c3409745f571316a50aea54b

SHA512
35c04b8ce4702bd6f8629011b382941d24a3122f8d6394e1d6dff3c11549993b16f2d1d4635f16b1d33aa0d5fd0d335d103e2199383934d52527366d6eb624ec

Download Submit
\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll
Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
\Program Files\Softdeluxe\Free Download Manager\msvcp140_1.dll
Filesize
23KB

MD5
0832532fab0d5c949aa0c65169aa9d61

SHA1
26f1bee679b7a6289b663c4fa4e65eba33a234e8

SHA256
8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617

SHA512
03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0

Download Submit
\Program Files\Softdeluxe\Free Download Manager\msvcp140_2.dll
Filesize
182KB

MD5
e35261e9f4478aabe736bb2269c20b59

SHA1
f17330804c159418d4acf7a803662b8c1f7686fd

SHA256
366af8e071f004da5d95a832a46b2e8821a8e0294340a93f7c95cf48c441067e

SHA512
2694d21431e9b72a9591c4658dc3ade5795a52fcf2bc8631928181a7aeee49184cf741d50e28581b96d439360d21cb176c6bb011db4fa742a2fc64afa38baaf9

Download Submit
\Program Files\Softdeluxe\Free Download Manager\platforms\qwindows.dll
Filesize
869KB

MD5
6031ccd3785bafba8556008cbc058dfd

SHA1
885147d02060dab7b0a124865c8116a478297ce0

SHA256
2bdc29b85bd94170f97aadb1cd447eefe7a3ddf7950c535c81a9ef63e17d1ddc

SHA512
b35c58cddc461c0160ee223fddcc181d8e6c21b5713fd8d216334b69f6ab1e4c12f4da1d377fd5b718db2c723ab20b673ab89190a3acc88d3cab03ff23bfd23d

Download Submit
\Program Files\Softdeluxe\Free Download Manager\quazip.dll
Filesize
227KB

MD5
02abd5b4d21ad1b5e6a4a4c5496a96bd

SHA1
6a7abf19c17994d7bb7daab95762bd6a1a7546c0

SHA256
bd9af31daaf94589ab29ffb8cebe0e110e1bb3678a9d759c7790c13f4d6be88a

SHA512
480d10e965fdb9782fad2e37e61444e5d70a5a64916758ea1502870caf432f485c45e6b8d5af1c92b10fe1d0c86b79ac023d77c436d6a4a50a3383a8200777fa

Download Submit
\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll
Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
memory/668-1661-0x00000226549F0000-0x00000226549F2000-memory.dmp

Filesize
8KB

Download
memory/668-1665-0x0000022655340000-0x0000022655342000-memory.dmp

Filesize
8KB

Download
memory/668-1728-0x00000226560E0000-0x00000226560E2000-memory.dmp

Filesize
8KB

Download
memory/668-1779-0x00000226550E0000-0x00000226550E2000-memory.dmp

Filesize
8KB

Download
memory/668-1663-0x0000022654B20000-0x0000022654B22000-memory.dmp

Filesize
8KB

Download
memory/668-1803-0x0000022654900000-0x0000022654902000-memory.dmp

Filesize
8KB

Download
memory/668-1767-0x0000022655560000-0x0000022655562000-memory.dmp

Filesize
8KB

Download
memory/668-1770-0x0000022655580000-0x0000022655582000-memory.dmp

Filesize
8KB

Download
memory/668-1667-0x0000022655360000-0x0000022655362000-memory.dmp

Filesize
8KB

Download
memory/668-1812-0x0000022654940000-0x0000022654942000-memory.dmp

Filesize
8KB

Download
memory/668-1650-0x0000022644540000-0x0000022644640000-memory.dmp

Filesize
1024KB

Download
memory/668-1669-0x0000022655380000-0x0000022655382000-memory.dmp

Filesize
8KB

Download
memory/668-1656-0x00000226549A0000-0x00000226549A2000-memory.dmp

Filesize
8KB

Download
memory/668-1654-0x00000226546E0000-0x00000226546E2000-memory.dmp

Filesize
8KB

Download
memory/668-1651-0x00000226546B0000-0x00000226546B2000-memory.dmp

Filesize
8KB

Download
memory/668-1659-0x0000022642A00000-0x0000022642B00000-memory.dmp

Filesize
1024KB

Download
memory/2944-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2944-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2944-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3456-1632-0x0000022211B00000-0x0000022211C00000-memory.dmp

Filesize
1024KB

Download
memory/4092-1509-0x00007FFF09550000-0x00007FFF09A95000-memory.dmp

Filesize
5.3MB

Download
memory/4092-1508-0x00007FF76B0C0000-0x00007FF76B7DC000-memory.dmp

Filesize
7.1MB

Download
memory/4092-1511-0x00007FFF08F20000-0x00007FFF0954D000-memory.dmp

Filesize
6.2MB

Download
memory/4304-1972-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4304-1622-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4304-526-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4304-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4304-11-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4304-8-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4580-1601-0x000001D05D120000-0x000001D05D130000-memory.dmp

Filesize
64KB

Download
memory/4580-1620-0x000001D05C260000-0x000001D05C262000-memory.dmp

Filesize
8KB

Download
memory/4580-1585-0x000001D05D020000-0x000001D05D030000-memory.dmp

Filesize
64KB

Download
memory/4592-1520-0x00007FFF08F20000-0x00007FFF0954D000-memory.dmp

Filesize
6.2MB

Download