2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x64_setup.exe
Size

38.5MB
MD5

dded481da831784a00d556a1280c124c
SHA1

48b40f82f66dd678f1c2f4c1298eaae2875f75e6
SHA256

2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7
SHA512

78dd1b42e918e9670edaaecd1765fb26e349ab7a5bc7b4dc3b85bd387f073a8ac0a4abc6b8a50d5b3cc6cce753cc8745b26bd47b42953723b21b949e7956cbcd
SSDEEP

786432:jketduUzNdogfpTmDvwLIDH8StVQFkatYPexssk:jkiuUtpTmDvwE78+IHUe

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

3780 netsh.exe
932 netsh.exe

pid	process
3780	netsh.exe
932	netsh.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

fdm.exefdm.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	fdm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	fdm.exe

Executes dropped EXE 9 IoCs

Processes:

fdm_x64_setup.tmpfdm.exehelperservice.exeimportwizard.exefdm5rhwin.exefdm5rhwin.exefdm.exeimportwizard.exefdm.exe

pid	process
3280	fdm_x64_setup.tmp
464	fdm.exe
2244	helperservice.exe
1444	importwizard.exe
2952	fdm5rhwin.exe
4652	fdm5rhwin.exe
4800	fdm.exe
5044	importwizard.exe
4316	fdm.exe

Loads dropped DLL 64 IoCs

Processes:

fdm.exeimportwizard.exehelperservice.exe

pid	process
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
464	fdm.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
1444	importwizard.exe
2244	helperservice.exe
2244	helperservice.exe
2244	helperservice.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

fdm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden"	fdm.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

fdm.exe

description ioc process

File opened (read-only) \??\F: fdm.exe
File opened (read-only) \??\D: fdm.exe

description	ioc	process
File opened (read-only)	\??\F:	fdm.exe
File opened (read-only)	\??\D:	fdm.exe

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-01CI2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-FF5DH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-UUF0V.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-6R7A7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\impl\is-9RE1E.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\impl\is-L1BUN.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\impl\is-KUFEV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-DU2G3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\is-K1O7A.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-QOOPH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-PJ1OD.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-N4REK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\is-85EL4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Fusion\is-NMNFP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-T0MH7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-OV39F.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-38R04.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-3S52O.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-BTB2T.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-93UMN.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\is-QKI04.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-EG0H0.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-VDVRM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-V3BJM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-LHMOU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-31F0C.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-FFAMT.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-Q6VD5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-A9SSA.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\impl\is-AVN4A.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-7IR9O.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-AU1TE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-3ODUK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-N7J3V.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-8DUOJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-92G5U.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-OE3TO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-JKB7F.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-H8K7J.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-P0FNB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\NativeStyle\controls\is-S59H8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\imageformats\is-SNISA.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-HABBS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-AF6M8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-ALEMM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-GR6GG.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\impl\is-96USR.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\is-FEQG0.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-0H5V3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\iconengines\is-KDS7K.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-PU638.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-J4H5G.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-NAQDJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-8SR05.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-F7PBH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\tls\is-473GB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-A1RDH.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-664P4.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-0A9DD.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-MQLT1.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-SVJJF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-70LS8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-7E35C.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\impl\is-COQV3.tmp	fdm_x64_setup.tmp

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

Processes:

resource	yara_rule
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-3-x64.dll	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

netsh.exenetsh.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

fdm_x64_setup.tmp

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661318328170195"	chrome.exe

Modifies registry class 17 IoCs

Processes:

fdm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\ = "URL:fdm link"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\shell\ = "open"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\shell\open\command\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\Content Type	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\URL Protocol	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\shell\open	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\icon	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\shell\open\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\shell\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\shell\open\command\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\shell	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\DefaultIcon\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\fdm\DefaultIcon\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\", 1"	fdm.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exe

pid process

1716 schtasks.exe
Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

fdm.exefdm.exefdm.exe

pid process

464 fdm.exe
4800 fdm.exe
4316 fdm.exe

pid	process
1716	schtasks.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

fdm5rhwin.exefdm5rhwin.exemsedge.exemsedge.exeidentity_helper.exechrome.exe

pid	process
2952	fdm5rhwin.exe
2952	fdm5rhwin.exe
4652	fdm5rhwin.exe
4652	fdm5rhwin.exe
4320	msedge.exe
4320	msedge.exe
3388	msedge.exe
3388	msedge.exe
2996	identity_helper.exe
2996	identity_helper.exe
3948	chrome.exe
3948	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

fdm.exe

pid process

4800 fdm.exe

pid	process
4800	fdm.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exechrome.exe

pid	process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

fdm.exechrome.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	464	fdm.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

Processes:

fdm_x64_setup.tmpmsedge.exefdm.exechrome.exe

pid	process
3280	fdm_x64_setup.tmp
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious use of SendNotifyMessage 54 IoCs

Processes:

msedge.exefdm.exechrome.exe

pid	process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
4800	fdm.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

fdm.exe

pid process

4800 fdm.exe

pid	process
4800	fdm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpfdm.exemsedge.exe

description	pid	process	target process
PID 4492 wrote to memory of 3280	4492	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 4492 wrote to memory of 3280	4492	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 4492 wrote to memory of 3280	4492	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 3280 wrote to memory of 2180	3280	fdm_x64_setup.tmp	schtasks.exe
PID 3280 wrote to memory of 2180	3280	fdm_x64_setup.tmp	schtasks.exe
PID 3280 wrote to memory of 1716	3280	fdm_x64_setup.tmp	schtasks.exe
PID 3280 wrote to memory of 1716	3280	fdm_x64_setup.tmp	schtasks.exe
PID 3280 wrote to memory of 1112	3280	fdm_x64_setup.tmp	schtasks.exe
PID 3280 wrote to memory of 1112	3280	fdm_x64_setup.tmp	schtasks.exe
PID 3280 wrote to memory of 4248	3280	fdm_x64_setup.tmp	schtasks.exe
PID 3280 wrote to memory of 4248	3280	fdm_x64_setup.tmp	schtasks.exe
PID 3280 wrote to memory of 464	3280	fdm_x64_setup.tmp	fdm.exe
PID 3280 wrote to memory of 464	3280	fdm_x64_setup.tmp	fdm.exe
PID 464 wrote to memory of 1444	464	fdm.exe	importwizard.exe
PID 464 wrote to memory of 1444	464	fdm.exe	importwizard.exe
PID 3388 wrote to memory of 2664	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 2664	3388	msedge.exe	msedge.exe
PID 3280 wrote to memory of 2952	3280	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 3280 wrote to memory of 2952	3280	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 3280 wrote to memory of 4652	3280	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 3280 wrote to memory of 4652	3280	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 3280 wrote to memory of 3780	3280	fdm_x64_setup.tmp	netsh.exe
PID 3280 wrote to memory of 3780	3280	fdm_x64_setup.tmp	netsh.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4072	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4320	3388	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4492

C:\Users\Admin\AppData\Local\Temp\is-KO1RS.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KO1RS.tmp\fdm_x64_setup.tmp" /SL5="$701E8,39406194,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3280

C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:2180

C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Scheduled Task/Job: Scheduled Task
PID:1716

C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:1112

C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:4248

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:464

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=10.0&osarchitecture=x86_64&architecture=x86_64&version=6.24.0.5818&uuid=196c4f92-cb3f-43ff-9fef-90d56c7d8302&locale=en_US&ac=1&au=1
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8651446f8,0x7ff865144708,0x7ff865144718
5⤵
PID:2664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
5⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
5⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
5⤵
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
5⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
5⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
5⤵
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
5⤵
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
5⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,6381485320334056524,982299005888769336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
5⤵
PID:2800

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2952

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4652

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:3780

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:932

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
3⤵
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4800

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
4⤵
- Executes dropped EXE
PID:5044

C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2724

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff86441cc40,0x7ff86441cc4c,0x7ff86441cc58
2⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1960 /prefetch:2
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2128 /prefetch:3
2⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2372 /prefetch:8
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:1640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4532 /prefetch:1
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4748 /prefetch:8
2⤵
PID:3004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4724 /prefetch:8
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4552,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4604,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5404,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5476 /prefetch:1
2⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=2424,i,984144935907991299,15192756882769568050,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1028

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Softdeluxe\Free Download Manager\MSVCP140_1.dll
Filesize
23KB

MD5
0832532fab0d5c949aa0c65169aa9d61

SHA1
26f1bee679b7a6289b663c4fa4e65eba33a234e8

SHA256
8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617

SHA512
03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Core.dll
Filesize
6.0MB

MD5
46a0dbd38cb28d8e79c80c9a033f6ae9

SHA1
1be5f3e78485f9b08e32346f13155a94001de50e

SHA256
225bd38093416c825f2e3220213f64e1079e9ab20f4738decc0fc6eb992e8a9e

SHA512
3fb62bce7b1d5129237914269aa3dd9a24f9e797927f2f4f937a0a291d357a40ec51b9c829094dc0bae1edcd6c580f1c9a03ca2c84d5526599c3608246f00bd0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Core5Compat.dll
Filesize
851KB

MD5
e50b9b3fa16362c86a40e6255c6b45e7

SHA1
fa8ce8fd6d4415abdb67597735575dc83a8fc634

SHA256
c95ab3df8dc0bfd92925b7b8b51bce859ae09008691874a5c6f5630969557564

SHA512
03a8ac0ae14e8420dd9fd91bc1619d072882d152127b3f2f1c6f7e670b7c54c524490e7c84a7cd0b76e2db413439a1ca55c4e03416fd6beb47b1067c3e960cba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Gui.dll
Filesize
8.5MB

MD5
7875aad0d0d426e9d1b132a35266de32

SHA1
8b7656e3412ae546153d2d3df91a6ff506d64749

SHA256
fc2464f62d7915ddeaebb5490bee6d60e7b42ad5a223d5812f0993c27c35be19

SHA512
9fa16c5c628f2e9b242323aed4c1aa70f093cee9f341ac61640287ff9be8663658f502769e037a8409943d3c9ab826bb1c6f88532f0fbacdaea28b2353cdfba9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Multimedia.dll
Filesize
833KB

MD5
e8fa5ba349752d18f6302434658229f4

SHA1
1e7696e1ae887734f017e7c4e521ff648e090508

SHA256
7b2aaffd8bd1b042d1d028b071d4fbb42420f52d04f45de06c4a80315b9f1b29

SHA512
771a41622b045724604568c18e5df00f99b3da3fa67d25f5a60024db34b01b7b70cd0aa9bb39c53cab4eef7a6059e5855fb205e83d131580626a4b43505bf621

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Network.dll
Filesize
1.4MB

MD5
960f50470059381c65833145036fef29

SHA1
270e230bfc9248e5ecff9ea8dfbc5f1066df02ee

SHA256
1071f4f88c65317401bf93a2ffb55e661adcbb84f05911879ab21a6656521a68

SHA512
cb0a0d63aaae1b9646dad722759b1c53b36ed13a4231a30b054f6124bcc69e7285c5777ab6bbbb8296756d6c31fc94e735db42c5155db35274e0ec25c1406582

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6OpenGL.dll
Filesize
1.9MB

MD5
2a2a628e23cada5d2eba63dee642438e

SHA1
73cbc92073eaedde3f2fc432edda0677e7a49c9d

SHA256
054b0a8d87fc735aa2eb281e5078f8d28bd1c395b7e32de13ef64a8bbc10bb04

SHA512
ca87b5e95ba9c3b1268b14a6587305ea52512224e9ba48e73e64b292713df295e9d64587f446fd28f0e2788d7cb78ca460d962f06cf43ccde53fe45ae65cbe90

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Qml.dll
Filesize
4.8MB

MD5
6404ca802e99e8520d6229982e382cf0

SHA1
204e0446b4989ef2df2c71a4ef7482240039da45

SHA256
477747d49a8b7f51c408fe7a49cc3dcfa99078040d3059c5586c77d9b04d1a0d

SHA512
90998283c98eb7002cb0342b664a9f03902a6ee8141781ab03f723fddfb925d0a0e450e3c89589eebec41b95f1e73ec298808857151782b3c00b6c3fecf17df0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QmlModels.dll
Filesize
708KB

MD5
623c7740fc301a398c40dc9504d04fd6

SHA1
fb0e711c49c2ff488c7d3be9daebe2779bd42157

SHA256
4ae023a87636f5c70c08dbd787e47eecfa0ac15ff741677db323d70bd70a36a1

SHA512
2343081e57448e3922eeb86bcedb861ed8fde1dc51ab0e42e7930cf07834e9fcfe41a9b1d64a89341037abee421d242d4ece91dec8a8b26a0a552989e130fc34

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Quick.dll
Filesize
5.3MB

MD5
e739a7f0e54081125d1381a42eb7c226

SHA1
20ef3724f878bfe7773e006c29de3ff4e6e8a8c3

SHA256
35e8842051211a1654d6717b8786357e7a93b21a004f941151e7a4af23e16a84

SHA512
fde9db1793eec6fe1a0818af1b24c8399c941280982bbbb456332aa2768d0950da0caa7bd21e1cbbe81770358cdcdd3a6b199c71df1432170506dadc718d88e1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QuickControls2.dll
Filesize
87KB

MD5
8641967f2caf274abb1be307cc70204f

SHA1
08dea9d79289dc90dc75554baf0dce8eb7c53023

SHA256
7065885b1374f55ade04621b52b5ddf6d6e24cb6d57d89d2a1c5cd6bb0d1dede

SHA512
a8cee79efcb002aa2eef263ed0492a212b017375577f42de13322a8f8ba9f942fae2b8658fd7468a7a7bf1a19192013fb092efdf7695b8ca7d291990157154f6

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QuickTemplates2.dll
Filesize
1.7MB

MD5
f5b138ab4c0ec16233fa6a9d15d9721d

SHA1
c927058d73c57bf34dd37ffc4c899945f38556c1

SHA256
000013ac37fb5f210fde72ee1d4b175dec38c45d6615d306e62431753b0d03fd

SHA512
40d6becc960d3133c326cce9b7caf1a0d5473605b3c30e935befe60a027f5f3fe5647d3d906a88eab8b347c697758c5a8789949f25bac4ffce3eb2112ba34b90

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Sql.dll
Filesize
291KB

MD5
04b54b342a7f3b56fe9b327cd3fffa86

SHA1
257cbc011eb1c1acb4121a1dbde801411fb3691b

SHA256
cec14ed64352d5c6e1e043d716cbd2d4575ddfff2e48633c6e6fa2670895ee59

SHA512
493003fa6b37c723ea08b0749348ca96fa0939a384ac452737947eb98195f1c1c78b9fd7c7220d0938cb526afc300232c0e52720d54919ceb05c311d6ed3b62f

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Widgets.dll
Filesize
6.2MB

MD5
34abb42b63e71b09b72b48cf5b1dba53

SHA1
9f3111aab57a5f28a4ce9bf82ea208fa3eadb9a6

SHA256
c71e65b882a84f47114590784a256f14ba19202ec30b218ce4841b2c7256060b

SHA512
06acab5a04a5d3e6834ddc95229758d4adc7a7f0ef003c80e8d59a8241e295b196aceacce20c88879e1676405a2538d032ec6ac543258538e686878fb29f77f1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll
Filesize
111KB

MD5
ac0838c665b3741666667e37e9063bab

SHA1
0d6f7377aa10b53727b1bc1126b17b7b8c766509

SHA256
98867ba613760d132096bc835d0704dde75143dcf5545fffdb452c31fc8adb00

SHA512
4d535c928703b0bdfaf5569ea2c8cbc848123225fe6b53fe64db6a71ace06d392093500e1fd3673542adf86c569e7ee8044b812428387e1babb5ed74f6e2530e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll
Filesize
623KB

MD5
cbbb8b877d4e4abc1cc5f7c87e52e4a3

SHA1
e0fbd3bfcbcfe1e9f85e9a03b5411b75cea5d206

SHA256
31a9512311013764320feba14e1d849dfc7bc0a689cadf5806a90043945128e5

SHA512
c201faefa7fb6fa5eaeb119da7f502951efc3251ad5a76eac1bd139379aa4b6da4f9e73bd0fc8dd0486f4973c9ccf21da401e01839f1a70032ff01bcf754e08d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
Filesize
7.1MB

MD5
b6eb17081c138903a98f4daddc5356ec

SHA1
95338c82ca76629178c342fabbcaf9fe8ad707cc

SHA256
88553acc42f9e638fe19771e0cb2badbe28f569583195d9306c8a8ef6343e297

SHA512
ef9242cd41585318d5daa47ac8cffc956672549f4ce9238db6227fa64ce800a7b64a25cd7b7175e3b1769f29fbc37e4b18c28375159eaa3bf294c1a48588e01d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
Filesize
136KB

MD5
bdd8417b62e8c1dd4352d654b1c0b887

SHA1
a4ca880967460b692351efdbf2e94438fb6f2630

SHA256
3f58d018ad24f506873b6e4eacae6e19585849e7d6638e72b585cff9a750ebf7

SHA512
9e2782c8543583b9f171e4aefd1685f32a70693998addc656169963ed973a93c0c81562c12ca52d07ac94cd628e7cb9909ba519344210cce4a36c64701f78aad

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\iconengines\qsvgicon.dll
Filesize
69KB

MD5
b57d0218475b81560454e6c0a1a6d9c8

SHA1
21206763e7121d4792bbf24075c6f6e27c2c11db

SHA256
8ab3b526b35a0dec08b4042da70f942b3b5f4d413ad4035c691f972b2008778e

SHA512
83464c21073edddcd77dc0978257bf13554ef01825672b60081d9d4ee5caefffe9ed6fbefda0bc7bdc413925b9265981a994195700190cd81cf6b1c93810e891

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\imageformats\qgif.dll
Filesize
47KB

MD5
000b3771b3dcf0d7eb72750edd80a192

SHA1
35506ee878b8ad21dbd35876baaf586c30152b71

SHA256
6ff0b57822dae5132e1640afe4f8fd6b75e21cf3f1eae53d70373c25a5506581

SHA512
4472089f5524172fcfd8d2f8acbf67a3f22b08f788b52d8f42d2736d050cecb87215a9b8d706baca12d5916d3ff79bf57420766746c2484981d679239b3f2924

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-3-x64.dll
Filesize
4.6MB

MD5
abbed3f87da630930d274871cb794a4b

SHA1
40398d1aa2c9b9be7aa7744e311b67b5296b0450

SHA256
7e8caae0c0e6bf6bc5ece9aad0cae238246a5a98c3409745f571316a50aea54b

SHA512
35c04b8ce4702bd6f8629011b382941d24a3122f8d6394e1d6dff3c11549993b16f2d1d4635f16b1d33aa0d5fd0d335d103e2199383934d52527366d6eb624ec

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll
Filesize
43KB

MD5
9c93f9c583bb077a23f50c5d64cf1bb9

SHA1
d2b2a91bfc9b6cbeccef00a0b8c49f0ca201d78a

SHA256
6434f084d00beff3a67b9a20eca0c8a1940d380bc12990258042859cd98c5a20

SHA512
27db1a016b6804a5c03d78d163eb6588ffc024c4bcbc0d1c582cdfd7081f351a5ee9beeb6684ca70fb9a1ee24f0eaf0cf8e18120efc5f347db10692d931c04f9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll
Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140_2.dll
Filesize
182KB

MD5
e35261e9f4478aabe736bb2269c20b59

SHA1
f17330804c159418d4acf7a803662b8c1f7686fd

SHA256
366af8e071f004da5d95a832a46b2e8821a8e0294340a93f7c95cf48c441067e

SHA512
2694d21431e9b72a9591c4658dc3ade5795a52fcf2bc8631928181a7aeee49184cf741d50e28581b96d439360d21cb176c6bb011db4fa742a2fc64afa38baaf9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\platforms\qwindows.dll
Filesize
869KB

MD5
6031ccd3785bafba8556008cbc058dfd

SHA1
885147d02060dab7b0a124865c8116a478297ce0

SHA256
2bdc29b85bd94170f97aadb1cd447eefe7a3ddf7950c535c81a9ef63e17d1ddc

SHA512
b35c58cddc461c0160ee223fddcc181d8e6c21b5713fd8d216334b69f6ab1e4c12f4da1d377fd5b718db2c723ab20b673ab89190a3acc88d3cab03ff23bfd23d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-9298V.tmp
Filesize
1KB

MD5
63340c8fcb71734ce4bbac29a86821b5

SHA1
0cfd02b3e95fa482cbd4bd83b0f2d9214acc9709

SHA256
78b5fc58e6d881d16351e92d32b8cadea6b14fbf8c20c1bc7e56d02946467ae8

SHA512
fe035bb77a32d0fe9d4983d90c65d4c2600a019ac20743dbec409f29ffbfbecd8bca2d15abfffb2e71b77e3c105e248627a176942cdf9d7b98ed9113e6f73ba0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-TQL61.tmp
Filesize
215B

MD5
2006d4b7d0da455aa4c7414653c0018a

SHA1
6685b8360b97799aa4d6b18789bf84a343e9e891

SHA256
a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a

SHA512
703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\quazip.dll
Filesize
227KB

MD5
514b4dd973694fe604c7ec22a3ec8481

SHA1
6285f9ce01e9d061e4d936b7fb44635a9ea19d93

SHA256
367ce7cbe3c20048ff6a19383b762efb31a3b5313fc8169a01c9256afd2cb7fd

SHA512
4eaacd3a196959d6579bb6c716dbba3d2ebb2f3121641c7b536839bd4c7744da5eae8315f65a4585f35bf76126a4468485b609a4ae9a2c62afd56640055352cb

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\service.xml
Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\styles\qwindowsvistastyle.dll
Filesize
140KB

MD5
cc096aea386047b0131eea248122c0d2

SHA1
6251253bbc6e4460884bfc22c1dd30cec32dbac4

SHA256
47a22e7958279e7668ace09849a669f7410bf8c7aed752bd6e60f23c9581cd50

SHA512
4b097b86a21ac26e8849bf3908de97479b3484f28a68060c06f75515b07b8878466bce4241aae6b0c06a1b671b59b5dd115c760f08dc6d3287f1b875963d1cb1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll
Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll
Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll
Filesize
698KB

MD5
8a839a29430dca22865dff4f2b5b0124

SHA1
600e3b1d00ed8b49e0947a470862da7b8944c48a

SHA256
0a8dae7bde1b75351c0f2a030e811f15cf2e341c57828bff22228539c3d574fb

SHA512
a374f2313e0f64bde4abf81fb5230cee4a8783c705824d55d44cc45157d272f7a488a4d911ac082eb9851ea4b57fcd817161643538e7587ba8a0feb2274d43c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
d6365bea8737a67826c94ada527bcecf

SHA1
5662928aac20466109a1bfd14446f3a884f3d5cd

SHA256
91fc3264cd9ef55464e41f09b8e408913c20de29982deb65ed2433cb01b1f9b0

SHA512
48c064e11fdc06382281960e9e7974957837d2de0a5c9c76da31b174074ba5e349760e2fc5d3c1c45175806886fe38dcf92e8df01b5271edf9234c3866270bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
4a71e418bfd3b12801962f11e6167077

SHA1
98ceac61c96dc6f16023a5611ec7ea4065ca8327

SHA256
0ea8bec0eed08c032f60d055bd706b7b4519cba73cdfa9b9d5b079c28dbffdb7

SHA512
06b455bc2c834c1bea70913e2465aed1c4d193f1907955d6b15fd3bc752e07ed0b96b3c894f827a89eb0a24d792a7b27c1e8852441a982135d2c6bf2d00b0271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
c0420a7658a2577e01f172711be614e9

SHA1
fc012b3d13369da6a03258271a821ad562c89891

SHA256
b6a082b365d6a6eef7c38c769ce323b6f7e25b01b9e590d89e96a244232ab2fb

SHA512
ea3105a376d32ada64b36d391c9dbc36332dc61e3955ed4b65d6aec9aea7f85c16fa6158d8f7aae07b289cc13e0224352ef1de04cee9b16d54780b421749b00f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
56141bf244924acd038fc11e2356acee

SHA1
87beb804611b94394f6b312ab0dbd2dd01d5505d

SHA256
f9143f7d0be2e93c45f84794f2cd0ed2b9a831de7dc6a94bcb279fab95984c22

SHA512
604b2f5bdb1f99aee8275efdf21e14287c68cf05c1fbc56bf04994088f0d7711fba926be8c10b2e23c384887abb4dfd83232e49fdb47a9e628b6ae4315a3e305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c8277c1b007b69d54d7049ece082f79f

SHA1
2aca5bf0c5223c5a91c1f518ab2de7b2eb22f97b

SHA256
f0834ac761c093a2f522937db025b1333eea59c831b0f49bfbba8aa84d6d20c6

SHA512
deac0a6ab7641ce0979bfe360a6fe0115fc9e7920bc0e0cc987b4b3f5edabf13160f2099d2b3907b8e28e0fb8d33478ea0a8646acc0de2b099bba26070d32e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
4bef37d020938128ad3fe8fc41577044

SHA1
e579d63291322192c98828443d29172cfc6b162a

SHA256
bfdbdee34e074bd5d8ce8ec19cf3792bc5f588ff25fa08acb8ea9c01c623b269

SHA512
1e1a7200b7e6dc0de87bcaa073a5bb1c09117de54fb6ad4d3976b8c9d885cede3f3863f9a932d02d3ac06c4da2353d566b88f019a445f113a8348408d2e5c375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
189fbf3d87ab20dafdccd48de2bed3fc

SHA1
3df381a7121f142214a59d74af1f2d70afeb2864

SHA256
6d520cda3ec55f29f7367c7dc18015cb3f4c611c25e4ed650aa205739b9d0374

SHA512
aca6c0737334078e12fa101ef52c4eba0a1a8ab4c750c0441edda7e3661273f7c8c890016d99e6a7fa8b9f0e3043aca0421c5e5ac1c8a2c6d396bcdae792da61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
a587d833842f8b7f8bf2404671181dd2

SHA1
4dbdbded9c95f87a5ec99cdd99e024059522658c

SHA256
a5d01287bb954abd57689a5347f300d9a2475eb7edbe74c23db520f34e9d1973

SHA512
872727bd135e010a2cd021c12663e72d9004908f0de0d18a701279418aa7b7c6448f03da5211b55735aaf2a267242025774ef500e7b3f90c1cc9c317dc70691e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
af392e0094be426f9058524680400d97

SHA1
cfdd6b46aa545b60c50f8f2e2fdbe3f9a51a2bc1

SHA256
8aad493be281bf3b338278604b7209b3d220b676743c855ce3199dad87331f4f

SHA512
0d5572bc8e6e336fac9fb9f06ae9d7f145194a5ecdf49ed98af6166e8bdf6e2d72b6b1da8e73cfe60a325b4c65e5345e191968836dbceba014dd6972de5c2f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
60879c45313d85023e38d6090e61a272

SHA1
df9c3712ea47972289949975452ba8462c8496db

SHA256
9d7f10d8c3196431bca22f21eb6b6b1149361d3471953196ec42242b1e60d07b

SHA512
0f7ecd23c42fadea113d4c127ecfc23bb0492a1a0702a20a0ab287f2cefb730a37cfd2e9c3da9510b5b6929d7a65837b84c4892c4c604725aa9cbff326fa89bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
3a6dc12a8d77a93bb7edd66ef30ced37

SHA1
55bc7c392a0a68ff3106a2b91773c9611afe2c33

SHA256
299b2ae7c7545ccfdfad8308d1b698fdfd47a8b7519bc1333457422cda8eaadc

SHA512
054ff2ad760f6be647f1c064e7d99908ac25adf1f678e008377567ea96de5b4c47c3c29f463a55a5b86ec9278bedeb0b623713dd283f6d314a5781df54b62857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
185KB

MD5
da0b39ffb002c93ddb6ec55fc16cbbea

SHA1
3bc27fe8668b9870577879ffddf306bf70a9015e

SHA256
527a6dd6f92dc32e085402ea7f517dec56edce7148a4b78e24a52c2e56ba5c73

SHA512
f126a1af6995ec11f6f1186c27a890c84ce984cab9a9b71b5f56aee6b27ecb581346264fd03d10e4b53e8258c39fdf9a9f2ea1cc84b43941fa073c09e9900dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
185KB

MD5
2bab83df456a3a2933b8efec3d5dc040

SHA1
20a53205413334186a4df1f3aacdde00182fc613

SHA256
c7aa8b84cbb26493fb81b4c7c599c49c66bf86aaf53fee69898a358ce011cd42

SHA512
1bc2137717921d212e37bd433b7116cc239b73f29df2deeccdb24a2a4ce24c1727524ecaeaaa26015924d766e193807ae16d7cd062bca5f0a3eb43db7b124dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
185KB

MD5
22e94c4cd6ce156cc19e94b1d9a1762f

SHA1
12577bae3ce3cb933545d836a60e0cfbfd2fbadf

SHA256
4f16360c03f87913b069043b4a234c1ef6192d820dae4bfd4bde2853af6cfa99

SHA512
0f994796c8113fdc0b2a08af29bdbcde453c76d8c5ab68d6b96232b86dfb0fcee486cd3dca4278b4fc566ae3e056eba019b94f09c578b50bb06b926ccc686788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
2bd41864dc9958d0be06c2cdb6412197

SHA1
56e666c60026a66b0169cec8e6a2e410e3b067c9

SHA256
f72c08f5638e055f3018f887e1efb361ff1bd850c110bc2feb74e8361ad89d1e

SHA512
b5c026d6ca191ab7209e770232102aaf96f5d909de89dfef01e017067437b9c932f179f94fb4f993bc925c4b320a8aa94cbb4ed5a3f48b32521ac1558cab52d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
ec2d748c720aeb1f5a44fc44bae7f0ee

SHA1
820eee58dd143a625c487c57558f4ecddda90994

SHA256
ea575246546a19d99f0039b1077e6ec654f80c32570461051cb58e3336456c4b

SHA512
b2b9e48319c5c4d29a395b5c99f381a486d1e5c01ffd3ae89832f475feed39cda28941c4ba747eee06cbaa7c9da097256ae9f77786de752c8b940961a66bc942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cfdc3face94f929b15a727fa90933b17

SHA1
261a2021eb2955ea1c50259f210c0f24907b5074

SHA256
19c814eb54319ddeae21a479dedd2380b651b3d995127f52911a826540fed518

SHA512
cd0a37101183f8e478f1729a0ba6b529364fca6a3868a4d63a36feaf0dd83b4c8bb5c72f8810e2e3e148ea942e8f0d8c603731073b0da331595fd71cacbef93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4cd69009c9a86c90ee9b3f150adab462

SHA1
1857e040bb98d0027ca3731ffd01ffd7d13203b8

SHA256
fc8d71ffbaf459f43c8e949c5ac4642413c77a6f55673c2712ba8924bb50742e

SHA512
bff85efd3370e9a1ff16f5a6c706755dca37020dcb0edb6a767754fc76f61ab44acbde1b683eb0b4fe90d0a20e21cc5f5f6d9a63a2c7633a9e9d5a8daae99ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
dedfc8dd57f5a4a0d89f94fe079b2d0a

SHA1
425111dddf1b00ad05834416b23d1e767a79fe12

SHA256
c8c67dfd8fe59b882da410017af563147d80be044e2d657795ee58f3268cefa9

SHA512
15ee3c97ac1a2094c40d2259729f09b676497894ade1809a819d240d7ed35413a8774e59e2d7d51d8a049a1dde88f42d3fbfbe3d45922b3eafe10e740759ba77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
41000a5de7f12756aa087973e3c74978

SHA1
1b297d1846f5514209f09a8d5d93c821c1356276

SHA256
10e310f64666e08ef1013aa5908f51861a973e2716fc294faa13a074da68a4b3

SHA512
89489deb8ae19b857fdb5691f19d0a9ea88e2a223a33f6e917ffbaa5e710ce439a8d4da21536dfa90ae4e3a9738b40bf12c6b90426c509cf25ee2e9b2eafcee3

Download Submit
C:\Users\Admin\AppData\Local\Softdeluxe\Free Download Manager\settings.ini.lock
Filesize
56B

MD5
dee2d34b08e08dca0bafa0f754f9119b

SHA1
7eb1e7f33bac104fdab5d340f76d30be3bdd1fa1

SHA256
2dfa9912fc4c855efe37b0c9ebd39222de8f37578e84cc9d0a945d9977972090

SHA512
4e929129a0295e5f7ee10c0704d6ddc88d8e9c9720f7fdb3683742c50c9b37c01eccfd705a2c39cde33bef09c9b70bdca8c1dcaf325c1fad60068895bb8eccd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KO1RS.tmp\fdm_x64_setup.tmp
Filesize
3.1MB

MD5
60f76f6e78d966f31d9c574c7465899d

SHA1
2c231f5a57d294ab2b6c1fc6f7902fb453fbeac7

SHA256
ced610b7c01111d289a511d35ada43d94fb4b2537ccfc0317a23e1d3eecd3bf8

SHA512
59b67dd82d6f3cee823d7fba1722455c52479413664f816c6756e42bee877ba854844b10c90d22e63b3631e3b8b83dbf35912507b7fedd7fda4f2724888e2cf0

Download Submit
memory/464-1588-0x000002BBE9C40000-0x000002BBE9E1D000-memory.dmp

Filesize
1.9MB

Download
memory/464-1512-0x00007FF6CD0E0000-0x00007FF6CD80A000-memory.dmp

Filesize
7.2MB

Download
memory/464-1515-0x00007FF867690000-0x00007FF867CBD000-memory.dmp

Filesize
6.2MB

Download
memory/464-1514-0x00007FF868810000-0x00007FF868D55000-memory.dmp

Filesize
5.3MB

Download
memory/1444-1524-0x00007FF867690000-0x00007FF867CBD000-memory.dmp

Filesize
6.2MB

Download
memory/3280-1616-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3280-1775-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3280-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3280-51-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3280-8-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3280-10-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4492-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4492-47-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4492-1776-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4492-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4492-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4800-1771-0x00007FF6CD0E0000-0x00007FF6CD80A000-memory.dmp

Filesize
7.2MB

Download
memory/4800-2277-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2274-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2276-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2295-0x000001D69C920000-0x000001D69C921000-memory.dmp

Filesize
4KB

Download
memory/4800-2294-0x000001D69C920000-0x000001D69C921000-memory.dmp

Filesize
4KB

Download
memory/4800-2293-0x000001D69C920000-0x000001D69C921000-memory.dmp

Filesize
4KB

Download
memory/4800-2292-0x000001D69C920000-0x000001D69C921000-memory.dmp

Filesize
4KB

Download
memory/4800-2291-0x000001D69C920000-0x000001D69C921000-memory.dmp

Filesize
4KB

Download
memory/4800-2290-0x000001D69C920000-0x000001D69C921000-memory.dmp

Filesize
4KB

Download
memory/4800-2289-0x000001D69C920000-0x000001D69C921000-memory.dmp

Filesize
4KB

Download
memory/4800-2288-0x000001D69C920000-0x000001D69C921000-memory.dmp

Filesize
4KB

Download
memory/4800-2287-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2286-0x000001D69C920000-0x000001D69C921000-memory.dmp

Filesize
4KB

Download
memory/4800-2284-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2283-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2282-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2281-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2280-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2279-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2278-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2270-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2275-0x000001D69C910000-0x000001D69C911000-memory.dmp

Filesize
4KB

Download
memory/4800-2272-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2271-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2269-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2268-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2266-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2267-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2264-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2265-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2262-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2263-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2261-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2259-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-2260-0x000001D69C7E0000-0x000001D69C7E1000-memory.dmp

Filesize
4KB

Download
memory/4800-1815-0x000001D699580000-0x000001D6999C2000-memory.dmp

Filesize
4.3MB

Download
memory/4800-1816-0x000001D6999D0000-0x000001D699BD2000-memory.dmp

Filesize
2.0MB

Download
memory/4800-1773-0x00007FF865EF0000-0x00007FF86651D000-memory.dmp

Filesize
6.2MB

Download
memory/4800-1772-0x00007FF866520000-0x00007FF866A65000-memory.dmp

Filesize
5.3MB

Download
memory/5044-1807-0x00007FF865EF0000-0x00007FF86651D000-memory.dmp

Filesize
6.2MB

Download