2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7

Analysis

max time kernel
390s
max time network
392s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x64_setup.exe
Size

38.5MB
MD5

dded481da831784a00d556a1280c124c
SHA1

48b40f82f66dd678f1c2f4c1298eaae2875f75e6
SHA256

2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7
SHA512

78dd1b42e918e9670edaaecd1765fb26e349ab7a5bc7b4dc3b85bd387f073a8ac0a4abc6b8a50d5b3cc6cce753cc8745b26bd47b42953723b21b949e7956cbcd
SSDEEP

786432:jketduUzNdogfpTmDvwLIDH8StVQFkatYPexssk:jkiuUtpTmDvwE78+IHUe

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

4340 netsh.exe
1192 netsh.exe
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

fdm.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation fdm.exe
Executes dropped EXE 8 IoCs

Processes:

fdm_x64_setup.tmphelperservice.exefdm.exeimportwizard.exefdm5rhwin.exefdm5rhwin.exefdm.exeimportwizard.exe

pid process

1444 fdm_x64_setup.tmp
3388 helperservice.exe
1564 fdm.exe
2864 importwizard.exe
4360 fdm5rhwin.exe
3916 fdm5rhwin.exe
4876 fdm.exe
5164 importwizard.exe

pid	process
4340	netsh.exe
1192	netsh.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	fdm.exe

Loads dropped DLL 64 IoCs

Processes:

fdm.exehelperservice.exeimportwizard.exe

pid	process
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
3388	helperservice.exe
3388	helperservice.exe
3388	helperservice.exe
3388	helperservice.exe
3388	helperservice.exe
3388	helperservice.exe
3388	helperservice.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
1564	fdm.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe
2864	importwizard.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

fdm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden"	fdm.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

fdm.exe

description ioc process

File opened (read-only) \??\D: fdm.exe
File opened (read-only) \??\F: fdm.exe

description	ioc	process
File opened (read-only)	\??\D:	fdm.exe
File opened (read-only)	\??\F:	fdm.exe

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-VNSV3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-3UKP9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-NI13H.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-96U58.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-1MTQO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-OD9FJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-A21D3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-6AJ21.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-4SOJF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-TUA9Q.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-2RQKU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-GOUHC.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-9GG2T.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-1GTC9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Window\is-KOUGQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-98PU2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-K6CFI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-NJTU6.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-00CM5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-QR836.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-QSOEQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-VRT22.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-JH0HO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-BOKMB.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-MOGPV.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-21N8F.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt\labs\folderlistmodel\is-8T1OU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\impl\is-QNBIK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-A57O6.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-3FD1G.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-TREN5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-6SS98.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-48LOF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-IFJTO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-L3H0V.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-3IQSN.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt\labs\settings\is-0PPRS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-AH7VT.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-G8E6M.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-F7P41.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-BEIHJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-7FJS2.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-MELH1.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\is-BFS81.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\is-E5K4G.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-MNDD6.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-JLO7N.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQml\is-817QK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-3MIK9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-OVPRU.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-2S4T8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-D0ESS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-J4U6R.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-FRO54.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-LOE3T.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-F7HBE.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\impl\is-KSHCM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-MT4IJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-1SI2A.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-6OR7G.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-T73LS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-V69FI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Shapes\is-6BPRS.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-VDJ2U.tmp	fdm_x64_setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

Processes:

resource	yara_rule
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-3-x64.dll	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

netsh.exenetsh.exe

description	ioc	process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

fdm_x64_setup.exefdm_x64_setup.tmp

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdm_x64_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdm_x64_setup.tmp

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

fdm_x64_setup.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686645752980173"	chrome.exe

Modifies registry class 17 IoCs

Processes:

fdm.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\shell\open\command	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\DefaultIcon\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\DefaultIcon\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\", 1"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\shell\open\command\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\shell\open	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\shell\open\command\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\command	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\ = "URL:fdm link"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\shell\ = "open"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\icon	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\Content Type	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\URL Protocol	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\shell\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\fdm\shell	fdm.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exe

pid process

3660 schtasks.exe
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

fdm.exefdm.exe

pid process

1564 fdm.exe
4876 fdm.exe

pid	process
3660	schtasks.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

fdm5rhwin.exefdm5rhwin.exemsedge.exemsedge.exeidentity_helper.exemsedge.exechrome.exemsedge.exechrome.exe

pid	process
4360	fdm5rhwin.exe
4360	fdm5rhwin.exe
3916	fdm5rhwin.exe
3916	fdm5rhwin.exe
4916	msedge.exe
4916	msedge.exe
3188	msedge.exe
3188	msedge.exe
3016	identity_helper.exe
3016	identity_helper.exe
5312	msedge.exe
5312	msedge.exe
2172	chrome.exe
2172	chrome.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

fdm.exe

pid process

4876 fdm.exe

pid	process
4876	fdm.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exechrome.exe

pid	process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

fdm.exechrome.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1564	fdm.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

fdm_x64_setup.tmpmsedge.exefdm.exechrome.exe

pid	process
1444	fdm_x64_setup.tmp
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
4876	fdm.exe
4876	fdm.exe
4876	fdm.exe
4876	fdm.exe
4876	fdm.exe
4876	fdm.exe
4876	fdm.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SendNotifyMessage 54 IoCs

Processes:

msedge.exefdm.exechrome.exe

pid	process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
4876	fdm.exe
4876	fdm.exe
4876	fdm.exe
4876	fdm.exe
4876	fdm.exe
4876	fdm.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

fdm.exe

pid process

4876 fdm.exe

pid	process
4876	fdm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpfdm.exemsedge.exe

description	pid	process	target process
PID 4520 wrote to memory of 1444	4520	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 4520 wrote to memory of 1444	4520	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 4520 wrote to memory of 1444	4520	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 1444 wrote to memory of 1400	1444	fdm_x64_setup.tmp	schtasks.exe
PID 1444 wrote to memory of 1400	1444	fdm_x64_setup.tmp	schtasks.exe
PID 1444 wrote to memory of 3660	1444	fdm_x64_setup.tmp	schtasks.exe
PID 1444 wrote to memory of 3660	1444	fdm_x64_setup.tmp	schtasks.exe
PID 1444 wrote to memory of 1964	1444	fdm_x64_setup.tmp	schtasks.exe
PID 1444 wrote to memory of 1964	1444	fdm_x64_setup.tmp	schtasks.exe
PID 1444 wrote to memory of 4420	1444	fdm_x64_setup.tmp	schtasks.exe
PID 1444 wrote to memory of 4420	1444	fdm_x64_setup.tmp	schtasks.exe
PID 1444 wrote to memory of 1564	1444	fdm_x64_setup.tmp	fdm.exe
PID 1444 wrote to memory of 1564	1444	fdm_x64_setup.tmp	fdm.exe
PID 1564 wrote to memory of 2864	1564	fdm.exe	importwizard.exe
PID 1564 wrote to memory of 2864	1564	fdm.exe	importwizard.exe
PID 3188 wrote to memory of 1848	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1848	3188	msedge.exe	msedge.exe
PID 1444 wrote to memory of 4360	1444	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 1444 wrote to memory of 4360	1444	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 1444 wrote to memory of 3916	1444	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 1444 wrote to memory of 3916	1444	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 1444 wrote to memory of 4340	1444	fdm_x64_setup.tmp	netsh.exe
PID 1444 wrote to memory of 4340	1444	fdm_x64_setup.tmp	netsh.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1624	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 4916	3188	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4520

C:\Users\Admin\AppData\Local\Temp\is-HMEV2.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-HMEV2.tmp\fdm_x64_setup.tmp" /SL5="$90060,39406194,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1444

C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:1400

C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Scheduled Task/Job: Scheduled Task
PID:3660

C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:1964

C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:4420

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1564

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=10.0&osarchitecture=x86_64&architecture=x86_64&version=6.24.0.5818&uuid=f8e85aa6-931a-405d-8dac-5f05f7891d13&locale=en_US&ac=1&au=1
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95c0946f8,0x7ff95c094708,0x7ff95c094718
5⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
5⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
5⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
5⤵
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
5⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
5⤵
PID:3752

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
5⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
5⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
5⤵
PID:5128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
5⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
5⤵
PID:5668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
5⤵
PID:3752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
5⤵
PID:572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3356 /prefetch:8
5⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,14753725866813493982,1448504638739973691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4440

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4360

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3916

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:4340

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:1192

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
3⤵
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4876

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
4⤵
- Executes dropped EXE
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --url https://chrome.google.com/webstore/detail/free-download-manager-chr/ahmpjcflkgiildlgicmcieglgoilbfdp
4⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95c0946f8,0x7ff95c094708,0x7ff95c094718
5⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5378294416062371137,18051700027240250761,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
5⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5378294416062371137,18051700027240250761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5312

C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff956bccc40,0x7ff956bccc4c,0x7ff956bccc58
2⤵
PID:5948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1368,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:2
2⤵
PID:6044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2136 /prefetch:3
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2476 /prefetch:8
2⤵
PID:6112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3760 /prefetch:1
2⤵
PID:5380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:8
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3372,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:8
2⤵
PID:5396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4824,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3296,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:8
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3144,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
2⤵
PID:5320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3432,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4892 /prefetch:8
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3308,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5096 /prefetch:8
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5172,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5196 /prefetch:1
2⤵
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4560,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4600,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5416,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5440 /prefetch:8
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5448,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5472 /prefetch:8
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=1248,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:5868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5152,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5312,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:8
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3040,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3036 /prefetch:8
2⤵
PID:5848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5612,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5668 /prefetch:8
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4392,i,12797447258583803855,14759317815675122532,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8
2⤵
PID:5492

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Softdeluxe\Free Download Manager\Qt6Core.dll

Filesize
6.0MB

MD5
46a0dbd38cb28d8e79c80c9a033f6ae9

SHA1
1be5f3e78485f9b08e32346f13155a94001de50e

SHA256
225bd38093416c825f2e3220213f64e1079e9ab20f4738decc0fc6eb992e8a9e

SHA512
3fb62bce7b1d5129237914269aa3dd9a24f9e797927f2f4f937a0a291d357a40ec51b9c829094dc0bae1edcd6c580f1c9a03ca2c84d5526599c3608246f00bd0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Core5Compat.dll

Filesize
851KB

MD5
e50b9b3fa16362c86a40e6255c6b45e7

SHA1
fa8ce8fd6d4415abdb67597735575dc83a8fc634

SHA256
c95ab3df8dc0bfd92925b7b8b51bce859ae09008691874a5c6f5630969557564

SHA512
03a8ac0ae14e8420dd9fd91bc1619d072882d152127b3f2f1c6f7e670b7c54c524490e7c84a7cd0b76e2db413439a1ca55c4e03416fd6beb47b1067c3e960cba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Gui.dll

Filesize
8.5MB

MD5
7875aad0d0d426e9d1b132a35266de32

SHA1
8b7656e3412ae546153d2d3df91a6ff506d64749

SHA256
fc2464f62d7915ddeaebb5490bee6d60e7b42ad5a223d5812f0993c27c35be19

SHA512
9fa16c5c628f2e9b242323aed4c1aa70f093cee9f341ac61640287ff9be8663658f502769e037a8409943d3c9ab826bb1c6f88532f0fbacdaea28b2353cdfba9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Multimedia.dll

Filesize
833KB

MD5
e8fa5ba349752d18f6302434658229f4

SHA1
1e7696e1ae887734f017e7c4e521ff648e090508

SHA256
7b2aaffd8bd1b042d1d028b071d4fbb42420f52d04f45de06c4a80315b9f1b29

SHA512
771a41622b045724604568c18e5df00f99b3da3fa67d25f5a60024db34b01b7b70cd0aa9bb39c53cab4eef7a6059e5855fb205e83d131580626a4b43505bf621

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Network.dll

Filesize
1.4MB

MD5
960f50470059381c65833145036fef29

SHA1
270e230bfc9248e5ecff9ea8dfbc5f1066df02ee

SHA256
1071f4f88c65317401bf93a2ffb55e661adcbb84f05911879ab21a6656521a68

SHA512
cb0a0d63aaae1b9646dad722759b1c53b36ed13a4231a30b054f6124bcc69e7285c5777ab6bbbb8296756d6c31fc94e735db42c5155db35274e0ec25c1406582

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6OpenGL.dll

Filesize
1.9MB

MD5
2a2a628e23cada5d2eba63dee642438e

SHA1
73cbc92073eaedde3f2fc432edda0677e7a49c9d

SHA256
054b0a8d87fc735aa2eb281e5078f8d28bd1c395b7e32de13ef64a8bbc10bb04

SHA512
ca87b5e95ba9c3b1268b14a6587305ea52512224e9ba48e73e64b292713df295e9d64587f446fd28f0e2788d7cb78ca460d962f06cf43ccde53fe45ae65cbe90

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Qml.dll

Filesize
4.8MB

MD5
6404ca802e99e8520d6229982e382cf0

SHA1
204e0446b4989ef2df2c71a4ef7482240039da45

SHA256
477747d49a8b7f51c408fe7a49cc3dcfa99078040d3059c5586c77d9b04d1a0d

SHA512
90998283c98eb7002cb0342b664a9f03902a6ee8141781ab03f723fddfb925d0a0e450e3c89589eebec41b95f1e73ec298808857151782b3c00b6c3fecf17df0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QmlModels.dll

Filesize
708KB

MD5
623c7740fc301a398c40dc9504d04fd6

SHA1
fb0e711c49c2ff488c7d3be9daebe2779bd42157

SHA256
4ae023a87636f5c70c08dbd787e47eecfa0ac15ff741677db323d70bd70a36a1

SHA512
2343081e57448e3922eeb86bcedb861ed8fde1dc51ab0e42e7930cf07834e9fcfe41a9b1d64a89341037abee421d242d4ece91dec8a8b26a0a552989e130fc34

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Quick.dll

Filesize
5.3MB

MD5
e739a7f0e54081125d1381a42eb7c226

SHA1
20ef3724f878bfe7773e006c29de3ff4e6e8a8c3

SHA256
35e8842051211a1654d6717b8786357e7a93b21a004f941151e7a4af23e16a84

SHA512
fde9db1793eec6fe1a0818af1b24c8399c941280982bbbb456332aa2768d0950da0caa7bd21e1cbbe81770358cdcdd3a6b199c71df1432170506dadc718d88e1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QuickControls2.dll

Filesize
87KB

MD5
8641967f2caf274abb1be307cc70204f

SHA1
08dea9d79289dc90dc75554baf0dce8eb7c53023

SHA256
7065885b1374f55ade04621b52b5ddf6d6e24cb6d57d89d2a1c5cd6bb0d1dede

SHA512
a8cee79efcb002aa2eef263ed0492a212b017375577f42de13322a8f8ba9f942fae2b8658fd7468a7a7bf1a19192013fb092efdf7695b8ca7d291990157154f6

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QuickTemplates2.dll

Filesize
1.7MB

MD5
f5b138ab4c0ec16233fa6a9d15d9721d

SHA1
c927058d73c57bf34dd37ffc4c899945f38556c1

SHA256
000013ac37fb5f210fde72ee1d4b175dec38c45d6615d306e62431753b0d03fd

SHA512
40d6becc960d3133c326cce9b7caf1a0d5473605b3c30e935befe60a027f5f3fe5647d3d906a88eab8b347c697758c5a8789949f25bac4ffce3eb2112ba34b90

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Sql.dll

Filesize
291KB

MD5
04b54b342a7f3b56fe9b327cd3fffa86

SHA1
257cbc011eb1c1acb4121a1dbde801411fb3691b

SHA256
cec14ed64352d5c6e1e043d716cbd2d4575ddfff2e48633c6e6fa2670895ee59

SHA512
493003fa6b37c723ea08b0749348ca96fa0939a384ac452737947eb98195f1c1c78b9fd7c7220d0938cb526afc300232c0e52720d54919ceb05c311d6ed3b62f

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Widgets.dll

Filesize
6.2MB

MD5
34abb42b63e71b09b72b48cf5b1dba53

SHA1
9f3111aab57a5f28a4ce9bf82ea208fa3eadb9a6

SHA256
c71e65b882a84f47114590784a256f14ba19202ec30b218ce4841b2c7256060b

SHA512
06acab5a04a5d3e6834ddc95229758d4adc7a7f0ef003c80e8d59a8241e295b196aceacce20c88879e1676405a2538d032ec6ac543258538e686878fb29f77f1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll

Filesize
111KB

MD5
ac0838c665b3741666667e37e9063bab

SHA1
0d6f7377aa10b53727b1bc1126b17b7b8c766509

SHA256
98867ba613760d132096bc835d0704dde75143dcf5545fffdb452c31fc8adb00

SHA512
4d535c928703b0bdfaf5569ea2c8cbc848123225fe6b53fe64db6a71ace06d392093500e1fd3673542adf86c569e7ee8044b812428387e1babb5ed74f6e2530e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll

Filesize
623KB

MD5
cbbb8b877d4e4abc1cc5f7c87e52e4a3

SHA1
e0fbd3bfcbcfe1e9f85e9a03b5411b75cea5d206

SHA256
31a9512311013764320feba14e1d849dfc7bc0a689cadf5806a90043945128e5

SHA512
c201faefa7fb6fa5eaeb119da7f502951efc3251ad5a76eac1bd139379aa4b6da4f9e73bd0fc8dd0486f4973c9ccf21da401e01839f1a70032ff01bcf754e08d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
7.1MB

MD5
b6eb17081c138903a98f4daddc5356ec

SHA1
95338c82ca76629178c342fabbcaf9fe8ad707cc

SHA256
88553acc42f9e638fe19771e0cb2badbe28f569583195d9306c8a8ef6343e297

SHA512
ef9242cd41585318d5daa47ac8cffc956672549f4ce9238db6227fa64ce800a7b64a25cd7b7175e3b1769f29fbc37e4b18c28375159eaa3bf294c1a48588e01d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe

Filesize
136KB

MD5
bdd8417b62e8c1dd4352d654b1c0b887

SHA1
a4ca880967460b692351efdbf2e94438fb6f2630

SHA256
3f58d018ad24f506873b6e4eacae6e19585849e7d6638e72b585cff9a750ebf7

SHA512
9e2782c8543583b9f171e4aefd1685f32a70693998addc656169963ed973a93c0c81562c12ca52d07ac94cd628e7cb9909ba519344210cce4a36c64701f78aad

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-3-x64.dll

Filesize
4.6MB

MD5
abbed3f87da630930d274871cb794a4b

SHA1
40398d1aa2c9b9be7aa7744e311b67b5296b0450

SHA256
7e8caae0c0e6bf6bc5ece9aad0cae238246a5a98c3409745f571316a50aea54b

SHA512
35c04b8ce4702bd6f8629011b382941d24a3122f8d6394e1d6dff3c11549993b16f2d1d4635f16b1d33aa0d5fd0d335d103e2199383934d52527366d6eb624ec

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll

Filesize
43KB

MD5
9c93f9c583bb077a23f50c5d64cf1bb9

SHA1
d2b2a91bfc9b6cbeccef00a0b8c49f0ca201d78a

SHA256
6434f084d00beff3a67b9a20eca0c8a1940d380bc12990258042859cd98c5a20

SHA512
27db1a016b6804a5c03d78d163eb6588ffc024c4bcbc0d1c582cdfd7081f351a5ee9beeb6684ca70fb9a1ee24f0eaf0cf8e18120efc5f347db10692d931c04f9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140_1.dll

Filesize
23KB

MD5
0832532fab0d5c949aa0c65169aa9d61

SHA1
26f1bee679b7a6289b663c4fa4e65eba33a234e8

SHA256
8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617

SHA512
03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140_2.dll

Filesize
182KB

MD5
e35261e9f4478aabe736bb2269c20b59

SHA1
f17330804c159418d4acf7a803662b8c1f7686fd

SHA256
366af8e071f004da5d95a832a46b2e8821a8e0294340a93f7c95cf48c441067e

SHA512
2694d21431e9b72a9591c4658dc3ade5795a52fcf2bc8631928181a7aeee49184cf741d50e28581b96d439360d21cb176c6bb011db4fa742a2fc64afa38baaf9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-TJV7P.tmp

Filesize
1KB

MD5
63340c8fcb71734ce4bbac29a86821b5

SHA1
0cfd02b3e95fa482cbd4bd83b0f2d9214acc9709

SHA256
78b5fc58e6d881d16351e92d32b8cadea6b14fbf8c20c1bc7e56d02946467ae8

SHA512
fe035bb77a32d0fe9d4983d90c65d4c2600a019ac20743dbec409f29ffbfbecd8bca2d15abfffb2e71b77e3c105e248627a176942cdf9d7b98ed9113e6f73ba0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-QNKST.tmp

Filesize
215B

MD5
2006d4b7d0da455aa4c7414653c0018a

SHA1
6685b8360b97799aa4d6b18789bf84a343e9e891

SHA256
a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a

SHA512
703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\quazip.dll

Filesize
227KB

MD5
514b4dd973694fe604c7ec22a3ec8481

SHA1
6285f9ce01e9d061e4d936b7fb44635a9ea19d93

SHA256
367ce7cbe3c20048ff6a19383b762efb31a3b5313fc8169a01c9256afd2cb7fd

SHA512
4eaacd3a196959d6579bb6c716dbba3d2ebb2f3121641c7b536839bd4c7744da5eae8315f65a4585f35bf76126a4468485b609a4ae9a2c62afd56640055352cb

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\service.xml

Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
698KB

MD5
8a839a29430dca22865dff4f2b5b0124

SHA1
600e3b1d00ed8b49e0947a470862da7b8944c48a

SHA256
0a8dae7bde1b75351c0f2a030e811f15cf2e341c57828bff22228539c3d574fb

SHA512
a374f2313e0f64bde4abf81fb5230cee4a8783c705824d55d44cc45157d272f7a488a4d911ac082eb9851ea4b57fcd817161643538e7587ba8a0feb2274d43c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\809be190-2af6-4fb1-b2ee-fb82a1dac01e.tmp

Filesize
9KB

MD5
be7ff00f29d6cbbb432ff5861a86cbf3

SHA1
a7879938d373ccb603d9092cda360ba81b3c07a2

SHA256
c8e3e4b7a357c9be614ed2355086231401a0f3fdd115387cb636ea94e9052ded

SHA512
09b01716554f0a70f719d01cdf6e45437be68d8af0caf634fcefa3d89b0f88f028e3d17c9f45498330a273c6ae7598d8c59e4cee3becd1b6520117b012b5e923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1976c0a41a1853601d16b73e2c71e3f6

SHA1
213a14b7a28c499f65b063930a988a3765798461

SHA256
12adfc0ee7182c73dc7171c3a00d4431b101cfef6c8b59e689ef1fb49a6c14b1

SHA512
c61c5cb611e1125e74efb88c9c24524c701286976e7e75ea15fa6d2e0857630e1d3017ba0a28ca22758d0d9b463ca6ecc5fe42536fd67577b02ac55af01aec3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
32KB

MD5
3b53e5f73943ed3c8211e9094c309179

SHA1
0c84c0d3889a512718b0c2d83608835da15b4441

SHA256
c6abbd977451299500e01eae9b4c99693a98d78a958baa3d96d1079627fedb69

SHA512
8ce1926529b90c4857e3287b37c2fb08bdb1acec4c3a46587459488db7a80dcd4c90403de5cff8ab096ce90ee2fb4a03d2cebaf99f4eaf069a0962cf30f9f6a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
30KB

MD5
eb11bfb369775ff0739dabb3a5f379cc

SHA1
2eebaea2f7080c0b256fbfc70ab91473243af0f8

SHA256
2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0

SHA512
59e89752e932aade54d5b2b940e09f3c8b12a836f1c5eb515e82036a97492f42e12a4fb3dc156cb8d969d6cb4e8fd8f18b358715f972e12d4596ad390430cb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
200KB

MD5
10772ac9561886e475181f68e7c70be3

SHA1
db2acd873f903af054163d7086cedc5d5e2f0f24

SHA256
73fbbcdf1ef091d5528fcd3152bf4d19736668b68bc3283c9d020fd12358708c

SHA512
327ba45adc43da8c4093b263238729e77a7dcb473e6909135f2fd898762b7dd38d46331a06bc9291a2d5a7bd095d722a1151475eed26e1ce496ab6afba30a528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
76KB

MD5
e75e077ddaa02015ce4034519830f4c6

SHA1
4d8a861eeb9a83388fe161a917dd896e5f34ebee

SHA256
d3b1a1cf9dfbfb1a8c7a40507dcbcd24e4d35efa91facfb502a1cf108f4b7eac

SHA512
a57b6ac3e864804ef254b04c1b63d7317cfa7e8869ece63ae73638e12e2cbef6b84ab590efe697e35899025e0a2b8449323594458d9ea83ecc562298ba2f262f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
342KB

MD5
149d914c2a4024699e14e6d5865f4bf9

SHA1
4ab1e21a476db333542973e35ce5352aa74686a6

SHA256
490eedcf21c7bd0bf570e5a38b33d4df68a1a179cc6d31cbc389900ff84c7489

SHA512
090727ebee03f1b91325602be3654fd9252a2814a0dd48c6fceeb0e07d7724565bb0524459e64063a665e918755331a30cfa45fbd10e4344e71fd2bdfeb2643a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
41KB

MD5
9a25111c0e90867c7b8f41c5462abfaf

SHA1
0619625d479f31cf145c2e3714de0df4a69169d1

SHA256
41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

SHA512
0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
38KB

MD5
01878e75d1fce92e01b84928a847cba5

SHA1
d5d64db040cd5bd917f1c4760bdc4c1a5051db54

SHA256
a47a157277975d17829c84a6f40ac3b29da0b641da0fc71b6a32574a9ae958dc

SHA512
055449f70873534ca3f269d3c97986922bebbbfd06ceb882771a17cda8c9a60d6df7ee6778e9abade92b8a635378a3735710c3e4f34053639333a521ea8528d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
71KB

MD5
938e640dab142a9fd0bc386b38973795

SHA1
0fa6d957bf8c78abd587069bb6a44e61d6527a3f

SHA256
d7cd5db9e91fb47a14d82107840b2f535d65ff7e45e2bdbcc10ba9c52185675a

SHA512
0f433260fcc49afecca678d7a0c75b16afd369da53c2edf7580a40e1260bf12f3922cc399e7f8a7f1712a968dd31cfc5cd79b6b705a346a58b2eff4036dde4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
59a71c8919202d756809447737cdcc82

SHA1
0d3592abbaee5ee9e8f7375954fa775c5c07e3d7

SHA256
23483eebc2504e72a17d43f937d884b6395effbc7004754689653458cdb1e201

SHA512
53f27eccf4367cd5fb5ef255b1e0b1e0737bb630dc303eee171b6898cc804a27fff4b847b1ffec6a498b2f060002b05322ec637779389f7dbc0df522aa7eec60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
835de5cbbba75d30a4d80a7699ad79a0

SHA1
4746f6d9bb4fa9a85880d36de424fbb1de30261c

SHA256
6d60070e11260996d875487eac7989ec500497290e2de2edaa701d7fc9486a65

SHA512
fbfd0517b259f1a3ae7a95f80e7bc6f80835721d9325ee1a16e14c3117d9c042e99386ee357cca55745e3c71c8c0e56e589c13a02de149fdc2a7946a8bb6c83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
697fb8307ff601cc05ba6dfd1165da09

SHA1
a1851dcb15d092e105ae4a56b588fa4f5fce98b4

SHA256
2ce621eeab2d744a5592dea68d7dd77f4b5cff9f7d0896a9773712b5a7104f65

SHA512
b7f3fe75770e7e6ccfbda57c7a037237cf3b153fff2cb9935d66ccc9b91847546afec2812861fb206aae63316be6be82257d051601bd56155e38c934606dd92c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
eaf3505cd19893e322fabe169f8c9da1

SHA1
478b28096ec524bd6e4026df538ec6a94af26318

SHA256
3c7ccc9bd6f3b5cd35305b39aa1ca94bbfcd37975e9e07d350d4fcb1c10e0b96

SHA512
da3bba05aa72f5032ff00e551845221a93c2609160c3a9e6f880988d4a61dfe98e3c060ff336948a12872b5300302e2f432e9e545f7e7c7a77f82dcfe484e3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
9c3ba545d952afc9faebca52cccf0093

SHA1
9a3f0cae1108ef8d299e1866dc26f144414544e6

SHA256
16b9909501d4418645e895c93e7445fce09f5279daa611c0419905ec3c10fc3a

SHA512
79a3ad607cc86bae20bf67dff866581edc867a319c1d72c6ec16a6088788bb38f631b4b5bde05f1a6cbe3ff82e9c0382b320f17a53904dd34f49968a4947dc3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
da6dfdc11511916466fb0bbcb75a0443

SHA1
18c5f481c58063a105df199ecddae7ca743a3cb7

SHA256
7c5168dc3dcf98103ead1f444b5051883a9e48fc74186c604a71a571eb82e284

SHA512
85ddf91ab336271ae92cf48c932f424a1328ab9d182c9e5eab79612460fa7de1bc2dc795629bd6340bd32a9734a5f38dfe54bd63f767afad21964cc9ef448320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
377c8ca5252b06685df85f653cf004c9

SHA1
b06ac40c16db802ed040517741ca850a37419fd5

SHA256
8ba146dd2790ae3caba4856511dbeb7673ef0936cb340737b2c6febdd6e5bd7b

SHA512
4defbec8e97f0c8d9a5f388b60a29c72a1bfd86a53fbeb82d3b7aba58088de4e0f88b14c053298c7cf596f20b867695332452004082a3f9a33a1a50df7630303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
3f54c2e705c2fe6bc8f137dae4146f0d

SHA1
523f58309470180a8efa7caf8e52765e1b378500

SHA256
a3a81fdb9dd36507a7ee4031faa4223938536baf8d7a0b633d169892b607ca32

SHA512
d95c6df8eac3587634eadd19431b6662317d53db8fe306e58972e113b062c40e561e531d0277f33b013937df11a466bbae09d6c5ecc559c3480c3278722cbbe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
e57921285fe3e917ab188ee0206775cb

SHA1
a76050e6bc4d68d42c848aa8f7dd9e5d4a722814

SHA256
24a65367f9bd7077e91c05d480cf7be5e9ed5a9709c0361212b153e8d3efc9fe

SHA512
bca8b3147b387774aeee4eb6b6cd10994a6a6b1e1afe254047f37e4c191049280ff422342ffbf15e2549dffda6d56ceb170f22b195a0501a20d7244ea7ee3c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2759f1737efc89ef6b5e4ded50cb6563

SHA1
f1704bb3c1cac7bcad677b88531df6a9e3039f8a

SHA256
62669d3f4e8e71fed9fe1df8ef4c84774dd64e710ce4d3fa33c037cf79baacb8

SHA512
6e6c1d079d1a1bab8500aaa340a1d24ae094d2bd7b9e5da64299d7f37dd3a0835c5175dd558a475d45af45e3e1a74bbb8f7f86cf601cdc38b39f25f8bc6ab9ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3bc23660966458d9e8979a80d64bd466

SHA1
83fc8056edbc1019114b5cd3cbb2f0e98149fdd8

SHA256
4c00fce43457ab2350cca58763e269531e9659558b81a42b420caa51cbacf3ca

SHA512
d31d571351a2e4ad73269f22cf64de74cbfb756140d07b3b170d87811510527581d083979415b4fc813bb676762c7123a8a0317cb0ed45f4d4bffd875c39c040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
6359ab5275dba161e13a2b545ca5f3d7

SHA1
292927f10dc95071eabb1469f0e4413d2eac1976

SHA256
3c8d63d68d090d7254349ff949288e4b7317754a0410fe62b17275c330673b41

SHA512
0fb95d31314daae33ce67141f939349347da910edabe2122e501d4cd000b061e6d19d02b3ef58d9f22d0b64f26fd874b81e31f0eb1a5fbb8cada69ab0fad3ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b00b259fc76dad20faf716aa935e0e3e

SHA1
303065a8f6d67e3cb10c28545eba5b1a7be8e39a

SHA256
6bc126655542c4240d6d5190eb461722d4f3f36dc854d2f05bbab2950db86684

SHA512
a55491f7a1136d3feb966a3a04e981c2bff6934971f89910a0858cd6f8d3a0abf0eeaccdb77303327fefb78c0996e5bd4382e59b5db4070a7e657472b43a3c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
8ffa137ce7948bbbbe987b51e5d6fc1f

SHA1
eb52f8ce6f80c6721abbb7af26de82c600969ff6

SHA256
a3029b344f66dd735cf9f620ff41d86c8dfd1269b153a6d838e662e6b772a530

SHA512
921d65c4dd3e3b6731980466192193d4593ded830a76cc0808cb09525e9a100402731061acd8bb1722768aa9fe509841c6e23c4a5184945f5b4706a844739673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4812cae541fca71dc39a1f3f9fdec45d

SHA1
4254c1fd1ce5e304d282d1b7cf3858dbd91e4a9a

SHA256
337637d19f31c4ecccfc38ba93379ba6b8af593395679761eb5fef1f9633c75d

SHA512
28c0a1c661d9e3bbf0879cc1450046930b6e8980f500e3ba4d61a6335ea62258443b79d453314419b3e340f8d993065ef9b545206cb9ba4f55b81c6759372294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c565dbd2f8c223b9cb4a29454518705e

SHA1
26a9cae0fbce0a66e56cd1d69efb2aa87c515e09

SHA256
f9716894bf8de7b3716eee6dfc51e4e83d413ca535ddd84d8ff4bc3941c51a93

SHA512
21badf8c1c7f765d8fd2c6e23a77430dcb4f6164f62be6403a30ed1d49ba51ef645c973dd3ef3860844a06af5ea5242003176217ca441a262ab17f2d940446a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c7a124c99108e20f1eee95ae2bcafcf1

SHA1
aa18e5ef55c773cc07ee3402c0beb10673d19f23

SHA256
0232a3f0ea720514145946e2eee06533a2ac9bf9fc10d6e751cfe86658314889

SHA512
8f39466f438f9e99af91442165662211760d11f5da9b21da0c0a9330924e313db5edadd7419e497637ca34f07a1ed90a51437629ce32ec6fc069a9d2d9792ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
67f6f7549fa0139e751818ffb1f7ac8e

SHA1
9e9d4cb059aa93e7848c02e62fc5241da0f3db6f

SHA256
a692bb0962814087606aea5ea14a0bf277ebd17adfc878c20950f9530b410cf1

SHA512
2bcf9c9047e2ba5d9488d9a2c8eb6deed6261c1d0cea1277f2da72370d136fe3f22441ef10eb6266e981eada4b673f3aed5f6405c9820398477cdd2b57416622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c75fc79b2d0a2a4c93c14e7770c9181

SHA1
72116ad49d714b073909f5d345acb8958e7cb4ba

SHA256
de83a3525acfda98e65396aea6cd3e639d1d9e708ea3e4d030dcf25ab4ebd788

SHA512
70a16f6a3680edd118c83f0f5981d2ddd598e522a1ac5783ba47c61937979132ba2a961fb8c51d572a763ab4759ab0be871d8b1bce3f5d776ce13ef3ab50b443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cdd80704dac2c41b3d82afae210d213

SHA1
c9a6bdf31211169b9776e1f6024d992289cf5add

SHA256
cfe664ca9a90c9bbd2a97c9642f6bc4f08e394fb041dddba4cdcdb901f47a9ee

SHA512
08498729f443d12fd1eb4dea38c7e155ad7f970ec4eef467ff077c3566894e009ce86e31d8fcd74884b61125b94c5edf11bbf00c8713bf7f3fafd584081aa0e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7246196cc1f6c62e3f4be36dfbc462a4

SHA1
117da1feba6fecae937b725745782435bf588bcb

SHA256
cfad608323d7c84864805310ed3510c2b8bd8045ed0e6c21a1f858fccae7837e

SHA512
ca1bae3ce6935e872ad875865be869eb60fe959601a40bcfcc843c3e2f1b4611b54a951cf68547c10aad90ec93ae1d3594032342f1925d703b0a0e7d4490d8da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b264b64bc40195420bae04ff6a6a263

SHA1
74012b112107b35995f8819a833ced29343a2198

SHA256
a9ab317aac033ea6f9d0a0a424be2e1612e58d0cfc8697ee5915fd9184e6ae34

SHA512
f84688587f980c8dd9d0777a1a097a4fc9937c7a642c7cd182d117877649694cb8e86165148d721665cd033cb002550c47057289827adb6061c59f2cc057a701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ce1fe92c3be9e735d3635435ff067af

SHA1
19e9907e310955eb01f7f2d220a8dabe7e4194de

SHA256
807dfd981b45c10b0b4fb0d9edf6b6f7a91256002d0ca0cfc3ca7a0658fe1818

SHA512
886df4afee5b4a63e07b1729b8f1fded748c815f4396ccfc6ab021af66f3ef100815a966b123f0859c6874dd82a62f3b32d77bba0e6c3fca093ac20f3b737c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4355620d185c59e33975dde228aa98e8

SHA1
c27354a0f93f5cbcb12753c15afa9d24b45cbb98

SHA256
7f2408d5a9389be79662c6f7678692a203f6d5d9f6eb551514f332fcc75329be

SHA512
e90a8cafc36a75431839ae89dbfd26f7a687d07d6bb1f4f4fe2e993dd239485cd7820604d5199e0d3ab346c3f1faaa06f3cae69268954bc5ccfa844af83552d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f56d99df588868b98415073ec48fd89b

SHA1
c9b4300babe0ee7777f92b7805db69339e84e3ce

SHA256
dc495ddc3982743cb5e2148b5ea00c8ee2a2b8c98035cdf9194aea6f38232d0c

SHA512
1dde91c82ece8363fa89c78ec39344e41ae00d8c35a972c6e4fea5546549e97211671178bdbdd4285f3dc8d6bc74947b0112cf484d377583b089dcf35ddc38a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aac86e4f79df79763f1f34c7c068036a

SHA1
1f1b8a22597c0fde8dd6eec7e69ee8d1c90e5ac9

SHA256
f25141634687e72ad7d2e92c310629adee721680524610f3a751444e291de53c

SHA512
448d1eb8071c8e9e30b78a8157f0c298de5eca5e5e1c17d7c6ba82035ed47ba0b7dbd7b591f444f65a53520b120bcb75827e6892eb6e759eb2d4ae75f5561f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ad70518f97127cf9fde49c8e32db368f

SHA1
07afa645eded9676a39d7f0a474b07bafb133f67

SHA256
def5ef9eee164f0987dd331ebcc756dbb3b23798399467d90ba2795b3f499048

SHA512
e814c3c28fc9f614f1b755bbb13d98e010f327fdbe391a2262b9bd09711a9130c72fdf14e1bdb1d1a952b4617e95a1e7dded8cf6db01629367133fd17cc72bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43c038143b71dc7060fb27069a5130b3

SHA1
24c0f563d8ea419fe54132ee9f945088ccdf79a2

SHA256
42d2ce0dbeceb9af503320c78dae9fe6538a37dddad919cd534dc05f6b3ae06c

SHA512
d3ec4c75543db6b1575d4dde3fb86a699f68242dda525904842d33db845b3cde2a13c816b0115229f78e2510ecf0bfdfaf9ff807e2d4ec7499abb7b9ea236a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a9dd76678977bfd42eb43f88e3b7868

SHA1
c1994b849efdcb4ca6ad3983a97cb6b8027313fb

SHA256
5ffc3e948d3c6a08e09031ab534cb2cad462ef87656dae603806337d4598b4a8

SHA512
0e80450e03c9061171378e66ede655bb2233fd7e082984006e597f191fdf67b59f9388be9b2b7429c73380309998965f234905a0fd239dd0754ee4b9613f892b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f53925636268e7e5ecff1c09efbeab91

SHA1
1e3652ac76e2d9c7fd09c4d3fcd1e1dcf11df2cc

SHA256
8d0a9087f6097a2683f2012f2d42eca11b417b3b7d381d0b4acf8ac4fd3e2007

SHA512
c42fcbea414d8be4d66d39ba64155bd1dd78f62ec52daf1f8d1270576f2fe4fa3956fe5c634a4d4adb653731c67a18453553a4945d0e3b919f7c3b5b999180c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1dbe62c1c24880b939f0ece4315e9a0d

SHA1
bc3f5ed7ff212061583957a0310ad1fa825f8d27

SHA256
f6cdcff2f4b3dc61ec8058b00dfa2196e7787562159302d243b9a272ca013792

SHA512
614ff98fe9b7c5340554d5ac45aa701393d27c1c7567a8bcf2b21162b3957708e2129656655b81ea0601c7270a820aba38c55615e42ec9115c36e51e8455179e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9845ee7063c9108733e2795c21bb12f8

SHA1
2fb46380eca904a2519b28e79afdd8d2456ca51e

SHA256
5ca43629832a365686c3c9557b6953757e70f64418c878d21305bdd90507aba3

SHA512
54ba426fe8c839875405522caa4d2270da9ad2db38c19d0ed54a671eb27d60f85528d8cd6bfb7060f591b5bab61b6730f5514bc91db2c1685d92086408178e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb276e13c8e1173e42004e9d7020929b

SHA1
fd03ea79ee73285b6696f9520b09222b1addc8fd

SHA256
70881a7d54f8455e08f2b9f000f0503375bc3626d49ec65b8c226735750f2efd

SHA512
ed4deb05f39b0033755d414af7bb5004479b735327a6e8dad477270daa39f44dc05c7909377b9f5a9982455183a187b9fe6825c00cfb953290aefa5852b616a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f5f10d5b2583c220ca57d6e56b719b8

SHA1
26cabbc74b41d14bceaa24ce5a8a81c8c7a51ce9

SHA256
6d75c19d3895f6ba6e82ff3a7917132a5a3091b135f48e7a0404b472806589dd

SHA512
9d30ca688a74ca0119c76be63f6d0de1fe9485d5fd3e2f05451993f574c644dbd050aa1e8c5db8221dbd4a7bcadfa7079960cb69a9a3d86ab48022980218d1af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98ef9f43b99d0e6636c1f7df4dbb78a8

SHA1
100f4dee9bcb3f7068710d2498245d294c89504a

SHA256
fcaafbb56fef5f37daf20638d9a500d6d3c46881f9d381141147ac19873ee5f0

SHA512
1e680fbbd50f8ce0f31201426c35e9f96329c14acec6e7578559ef2d24f819b2f5fb2622df7f255d7351327bf35d90e694530ebb97f01ce39e661de1588daa09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b0ab833ec6f8af39e37f37dc1e54f10f

SHA1
f9ffd0adac6c550501bb622b235e38d3297d522e

SHA256
47b7bca73139e95f3979eb898010ee0c2be0cda44661942cf2b539f86ff6e936

SHA512
febaa4337a026f6cc0743147d6b3cacb23f0cb5dc7dfea14985e9142c313a879400082b138e6e3bbd33b38b225a143ccb73a51e4815a9a48d71344aae6b5f2a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb07f88cd52fc491a94ab6c0206e1d8f

SHA1
9855dd3213f1051e77c7358a9c48b3d7eaacfd36

SHA256
5907fbf0b0e98acbff985da7028c4c44117adbd6d32c00639330649d929e86c0

SHA512
f3c0ef0c75c45a6cd81a895c72ea2d3944a7144490f16d568f1c212faed4db3f5e34f08c6afe19c9cd6b73f659d49b4cc7d5c39615cb18a88a0d44118e42ee16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e6a0e3d8de7107b2e8d74092e7feb8f6

SHA1
9313fcdc103f295813626d73950b6b6756d390be

SHA256
aea4e08d381d784372f11053c8998a98f5fff95230d0911633d45dfbfbbe07ab

SHA512
2d84091d30d9ae5c369234e2482c3699ffd1061884a56524f8f35b08b5aa475a4c7962bf932d44a924eeed41aad536579326abcd84f1ce534fb4fc15d7b8742e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5b8c7d.TMP

Filesize
140B

MD5
526a78ed6c9e478e8980c156323fe330

SHA1
4cd54a7c07782c1ae591ca7986b225b9fa142b9a

SHA256
e1637893292601a201dbb4d673d43ab3db10902c4e22e5210a4d2d9f471e0c78

SHA512
f0be70dcbe550b0c2bb73146d951eac6ec9a5f16749f78b525317a1b39865c6d78caf29af9fb0be606113ba640549b34b39d345b071f7bf95747b4199558c72e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
3a4846cb75237c18467dd13751e09a70

SHA1
71ea2728899ae09c851e90a4975cffd84fb40a0a

SHA256
17a18ddf4f380cab0aea36157476e3e0811eaa6f3a2034995fd6f9a458e2956d

SHA512
c8d8309b233a7e3d16cad9a4d9426a737e356df0ac564533ea926047c5c7c025e712ff3665470373b3f239ba4123c3585832f39dbc223415846a2037fb2bab8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
59ef1ea9c529e04c202ebf633f706a4a

SHA1
776a1e2ddded29220d06edbea7093fc3390c5688

SHA256
96bc4b4463916e9e7c29beb74e64e8e9bc5ed12d5cbf990234f5c1a68c9f8501

SHA512
544ae092a1d433ee39658b0520fa17c132b582a4200e0e1a4ec1ad3968d758b358b51024acd030e52d7791be6b79c766b67f676d02e07a6b4acb0cc976d7b090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
33bdfbc6f639a7b567045cc662216627

SHA1
d4944285b4a6e6175d837317ee9659653205de50

SHA256
d84b8263ea11c2f40f84b078aeca3b46963e1c9dcd3f825bcdaeb8556783ebed

SHA512
7878e6044ff07072eb37f2bd9bf72fa629016fea296af82143ac14f1d4119dc0e96eb9aab1f2ae3839e6974b3adff373cb11a08ca5dc4a3a0a68543d6aa70e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3fe117fce25c113f7c50a2251f64bbb

SHA1
669b401c0186695eab005cf4ac2736eb1be00767

SHA256
ebea96c94fa1c2c6eb433acafd7b7085b3ee987decf6a05c6af61f4a8838c14e

SHA512
8651b56a31ab86377d850d8ca6bfd29cbde10d165cf8314d5fdb06219d769089a493e8579c93c401ca8aa0188f2a240c6fc4d3df59bfeea0272ba4cafcb89ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ad23a76b91ff112a80c440cd82aca1aa

SHA1
f3f5d73e4294c14398eaa2745c0570b10f775c63

SHA256
077e106beb88a95e4d6563f8c6ba63493824d09d4e13fe87b47f5e55c13f2aef

SHA512
165c4405359e37bdb7408f5ddd7db159cbe543bcdac3d15ec4ba015eb1350951fe71f61a6205408fe661123963c7430b2a9048f98edfb229f0e09472fe08afe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
7f34e1205cd6f5d1aeaa820de88a5b6a

SHA1
28dea545db83713d4f54f3fdde05829549dd63b9

SHA256
d17e30b3103ebcf44e4d0527ac4520957c1ea4d6e6aeb4f9e903a90b5433e31f

SHA512
40fbf955199647796abd417b2b8ccce0a43cc1b88549b0343a9b3a7c2c5744ce8394c5ecf1a92a0101c693b9e98f40d0f60603d317312b13b2ab8f91a4012dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ab92655ab89bc854dc53f43bb946d9cf

SHA1
e56cc9a3c6f20c5216441777e7dd4022c68bd841

SHA256
caea6e6ab57d455a0f7327df24c25651b38d737fc5d360b8cf57c230bcba63d8

SHA512
7ae1e11596a1c696523ef0ad930d011c1612139d12c7b1a0d5bfff796697682c5c1ab9e675eb7a817d28bb8f966ec5eff1520fffecc73229b699ac71a1400529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a6d25f5c127e538d1905b1cc7546b703

SHA1
e25ac8d7f06a8a7fb2fc4b195d24261d0e5019bc

SHA256
d26a515f78a05f7c9ad123252aaa44d09d9912185540286e1d948c4242eaa21a

SHA512
e3d11c50b364164b5cbfa122f84ddd69f7238307a7d0d321bb9ce18ebddccebcd0f774adf009026bffc3076badb55e80f03965ea029f84f443c80de24a59dc5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3840b8a5a01dce5209cebc87cc62cdea

SHA1
c826a0ebb14da05c0e5c5e57b2640c2d904f67dd

SHA256
12f725f4bb121973aaa9f26c1882cc6f539ac7bafc9016bdb11af6443c6befec

SHA512
95f7ded83d6998cca48c41a5144f850c1d84b04bfa638558be866e10fc2121d3cc7e98c16b9e38dd9e042843786f39e6df8879b3b90f30b8220d79fd43e1a597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e789dcbbbc7ffc518d3385ab779ab8f6

SHA1
325957edf4c48f0d1479da9bc5bd6788de2db4e7

SHA256
eca31c3c6db178f8176b9ad44ae55109e2dce487b858b82d1d903079253812b9

SHA512
0f23458c82bdec8d5cc6ced1945f877c143642a336c02a08d270854bee08b7920ccea9c93ad4dcd14901e7a0725cf028b7cd063e7728742d30183358282b15df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a2b80bcd82cd3132b13e6ab36005c73

SHA1
81f1bf3e8756bf726b19cab3dce5edb5c308fadc

SHA256
9fa7bcd34b897981d9a5eb0ced2cd8eed4539bc2975b063fc62561efe62d865b

SHA512
894755f7e1b36448508a4d0286bc55d277bc1a5ec49e4131a42d04d53a6b94a19cb3e4da6778fe2dab0949578044154258370e5ba61bd455c0305daef751dc2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a64c4bd5aa198e43fbcb295f953fd9a4

SHA1
1cf674a9f128db882df57463884a28b7d6ca7608

SHA256
015bf952dfbda753a1fe7a326a2a00ffda1100a12da9476a9c04c875df758748

SHA512
7464cc122e228b8bd46caed6f2cffa18244c40567de441963a699f4159e9336bf022795bf1274eb1e522138d0b58ccf8087d54bff6e6a478358981a890b9a8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
d928168de92e4d8ea9b2b60a137444c8

SHA1
489159762b710c148c04a4ab302abccc70dff7d5

SHA256
abdb2a1e8f395d3e30624b11efa25920de71a670ce7a0afee6883b5a3a016fcc

SHA512
ac5ba2a73b2ccbdf024dd8857192d66b1f793d391ee978753399dbf6df088d8c706350cde894d42e4be79f34d5166887847d5e1f4d25e0dd3f0512560be41879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
92cfba62cea37bd6f8f280bb390cfb22

SHA1
8e4b86bef8792a9a93bad5f5968d47aaaead1f0c

SHA256
0004ad8f13daee245d031691d2287607ced108a9ff950042015048de08b1ecf3

SHA512
52779a6fdd8336bb0b6e4f6c060e454f305e40280848552af67a39ba8879f7ed38e253c94bc98b2c5005d5c189c657f72b9b44230baa37afc9f7370accb1acae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a97cffbd-9b9d-46eb-90a4-903dab666479.tmp

Filesize
3KB

MD5
9f9e2493d3e246b252d5d92c531fa10b

SHA1
90bab00184a2fa4124ad4b97c7758c44d74f3af1

SHA256
447bc0d563ccf167e01066d302c3e85eee62aaf2ebfeda2433be39b4ac66c6de

SHA512
7ee4e821abf8f88f4bb69e807de5ea15614f7399303393c2ebe7771cb249c3f39f1a3a25d66f160fd46f691c181be64466b64ee15bc9eb4d69bc2e49b95fc353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2eb4aeea4fcc6ab967e495ea51b3ce3c

SHA1
a2c562ca89ad6044d0fb1295f925daae1aca174e

SHA256
15223c7c5ef88badabae6bb56cdca39aa43115be78458d78e9890b2bfe3a6f68

SHA512
541fb077de5f5785e21ac7c9443d3f34f0492616abdaca622b541ecc5af300c77d596d84e0f0f4914ffe7e560d8ba2fc120eb217fc00c58f0bbcb4d41827471e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
567aed39c66d6fb12c5317204f076f61

SHA1
4679c5adff3fa1bfbcec6d55596af8a987494622

SHA256
20d4558aaf2cf734312cfa7495031f13093da75727c752564b2b1034416aaacf

SHA512
4a4faae7d6b141b74ef5612469dfcfeac916606ee43ef131873b77b6885b6c7367a03bb6fa025802c9ab4354bcd7303189a405dd330c3f8592eba564f2ecf95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2638c6803b486d488f5bb5966488e795

SHA1
ea6ea13c1f34cc1744dc56708369ed5d98ba244f

SHA256
7629f74d840449d52f8ef31bfc88a8afb1285e00017c04f899d57dc0700531dc

SHA512
9636a4e67df5f6f6d954745f902a77ee543821ebdf265f5b2510866bac62183eabfa4f7627c7d1a1b95f623efbeca7f562318b191f7049012a06bdd8cd74314d

Download Submit
C:\Users\Admin\AppData\Local\Softdeluxe\Free Download Manager\settings.ini.lock

Filesize
56B

MD5
673e455dc1b877b1a3cd490e0d401d8b

SHA1
b3ee8df118054da7b6d87f48b7b614f91c4eaa0b

SHA256
080001e47ef45a88a3ffea2772ac64ac3e0ea6f1f60e977d1f08472938dbfaee

SHA512
820518b7643dd0672bcb90a3141d029e743f28a1db65399eda317d29ca03f293300369165d6b93da54f9dc8d5ce96cdd32e60ece8948b9c6cede250e89c107af

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HMEV2.tmp\fdm_x64_setup.tmp

Filesize
3.1MB

MD5
60f76f6e78d966f31d9c574c7465899d

SHA1
2c231f5a57d294ab2b6c1fc6f7902fb453fbeac7

SHA256
ced610b7c01111d289a511d35ada43d94fb4b2537ccfc0317a23e1d3eecd3bf8

SHA512
59b67dd82d6f3cee823d7fba1722455c52479413664f816c6756e42bee877ba854844b10c90d22e63b3631e3b8b83dbf35912507b7fedd7fda4f2724888e2cf0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 340860.crdownload

Filesize
8.5MB

MD5
91207917e473770f5f548fbd570a5a32

SHA1
b74d2daf36eb0a0a403205bcc71676bbd5b601d0

SHA256
085a521073ff8ee98bfaefc1626ef1289916ec32bb11276aa03db2f37f5434b4

SHA512
0e1e88699b1cb6417ff072c61d2045e1bdf6b9adf37c506e3dfe5c2fc1634f5296d9c466c4ed376cea40219ffa86b4482a3d0c6a3595e56ba510ffd1897b78a0

Download Submit
memory/1444-1633-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1444-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1444-1672-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1444-9-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1444-1169-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/1564-1514-0x00007FF95CF00000-0x00007FF95D445000-memory.dmp

Filesize
5.3MB

Download
memory/1564-1510-0x00007FF6E5DB0000-0x00007FF6E64DA000-memory.dmp

Filesize
7.2MB

Download
memory/1564-1508-0x00007FF95EDF0000-0x00007FF95F41D000-memory.dmp

Filesize
6.2MB

Download
memory/2864-1523-0x00007FF95EDF0000-0x00007FF95F41D000-memory.dmp

Filesize
6.2MB

Download
memory/4520-1166-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4520-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4520-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4520-1675-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4520-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4876-2167-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2184-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2168-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2166-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2173-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2189-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2165-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2163-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2164-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2161-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2162-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2159-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2160-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2188-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2158-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2156-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2157-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-1711-0x000001E706D20000-0x000001E707162000-memory.dmp

Filesize
4.3MB

Download
memory/4876-1713-0x000001E705560000-0x000001E705762000-memory.dmp

Filesize
2.0MB

Download
memory/4876-2172-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2187-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2186-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2185-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2169-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-1663-0x00007FF95A530000-0x00007FF95AB5D000-memory.dmp

Filesize
6.2MB

Download
memory/4876-1661-0x00007FF6E5DB0000-0x00007FF6E64DA000-memory.dmp

Filesize
7.2MB

Download
memory/4876-1662-0x00007FF95AB60000-0x00007FF95B0A5000-memory.dmp

Filesize
5.3MB

Download
memory/4876-2183-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2181-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2180-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2179-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2178-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2177-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2176-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2175-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/4876-2174-0x000001E709B30000-0x000001E709B31000-memory.dmp

Filesize
4KB

Download
memory/4876-2190-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2191-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2192-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2194-0x000001E70A010000-0x000001E70A011000-memory.dmp

Filesize
4KB

Download
memory/4876-2195-0x000001E70A010000-0x000001E70A011000-memory.dmp

Filesize
4KB

Download
memory/4876-2196-0x000001E70A000000-0x000001E70A001000-memory.dmp

Filesize
4KB

Download
memory/4876-2197-0x000001E70A010000-0x000001E70A011000-memory.dmp

Filesize
4KB

Download
memory/4876-2171-0x000001E709FF0000-0x000001E709FF1000-memory.dmp

Filesize
4KB

Download
memory/5164-1704-0x00007FF95A530000-0x00007FF95AB5D000-memory.dmp

Filesize
6.2MB

Download