2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7

Analysis

max time kernel
270s
max time network
260s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20-08-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdm_x64_setup.exe
Size

38.5MB
MD5

dded481da831784a00d556a1280c124c
SHA1

48b40f82f66dd678f1c2f4c1298eaae2875f75e6
SHA256

2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7
SHA512

78dd1b42e918e9670edaaecd1765fb26e349ab7a5bc7b4dc3b85bd387f073a8ac0a4abc6b8a50d5b3cc6cce753cc8745b26bd47b42953723b21b949e7956cbcd
SSDEEP

786432:jketduUzNdogfpTmDvwLIDH8StVQFkatYPexssk:jkiuUtpTmDvwE78+IHUe

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

1624 netsh.exe
1816 netsh.exe
Executes dropped EXE 8 IoCs

Processes:

fdm_x64_setup.tmphelperservice.exefdm.exeimportwizard.exefdm5rhwin.exefdm5rhwin.exefdm.exeimportwizard.exe

pid process

4568 fdm_x64_setup.tmp
1136 helperservice.exe
1676 fdm.exe
3856 importwizard.exe
2908 fdm5rhwin.exe
1040 fdm5rhwin.exe
5092 fdm.exe
772 importwizard.exe

pid	process
1624	netsh.exe
1816	netsh.exe

Loads dropped DLL 64 IoCs

Processes:

fdm.exehelperservice.exeimportwizard.exe

pid	process
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1136	helperservice.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1136	helperservice.exe
1676	fdm.exe
1676	fdm.exe
1136	helperservice.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1136	helperservice.exe
1136	helperservice.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1136	helperservice.exe
1136	helperservice.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1136	helperservice.exe
1136	helperservice.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
1676	fdm.exe
3856	importwizard.exe
3856	importwizard.exe
3856	importwizard.exe
3856	importwizard.exe
3856	importwizard.exe
3856	importwizard.exe
3856	importwizard.exe
3856	importwizard.exe
3856	importwizard.exe
3856	importwizard.exe
3856	importwizard.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

fdm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden"	fdm.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

fdm.exe

description ioc process

File opened (read-only) \??\D: fdm.exe
File opened (read-only) \??\F: fdm.exe

description	ioc	process
File opened (read-only)	\??\D:	fdm.exe
File opened (read-only)	\??\F:	fdm.exe

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

Processes:

fdm_x64_setup.tmp

description	ioc	process
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-JPHDO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\private\is-3SKUN.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\impl\is-4IEOQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-RU3TL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\impl\is-VQJJ8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-PFESM.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\impl\is-2I8UI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-RG18F.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-8V5U7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\is-UML5H.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-V3V6J.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\is-CGMO3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-6RMLF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-RLL2A.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-KPJ4U.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Universal\is-SUNV9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-M8943.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-DRUEJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-V0EKP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-JMIEC.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-NVLS6.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-2VNND.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-2HUKP.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-SVOVF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-MB2CO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\is-CPHNQ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-K085C.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-FE6HO.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-52ATF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-ASEA5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Material\is-GAKGL.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-H478S.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-5P03P.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-I8RGC.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-IV1SG.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\NativeStyle\controls\is-4KC1A.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-36C1J.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\is-QRVJF.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\impl\is-F5QT9.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-6BS1U.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-06SP5.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\sqldrivers\is-1S8DG.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-FKPS8.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-AR6UD.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-CHMUK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-D4ED3.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Imagine\is-NEHJ7.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\NativeStyle\controls\is-IV92S.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\sqldrivers\is-GEJJA.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-7U1RC.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-6VHQI.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-VTF5Q.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-0LF0V.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-6I49U.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-VQQJJ.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Templates\is-B2067.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-CQ225.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-EP69Q.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\is-MNA7O.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-43SRD.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-9RLNK.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-FH43N.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-LO04K.tmp	fdm_x64_setup.tmp
File created	C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-7MGFV.tmp	fdm_x64_setup.tmp

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

Processes:

resource	yara_rule
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-3-x64.dll	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

netsh.exenetsh.exe

description	ioc	process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

fdm_x64_setup.exefdm_x64_setup.tmp

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdm_x64_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdm_x64_setup.tmp

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

fdm_x64_setup.tmp

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING	fdm_x64_setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1"	fdm_x64_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	fdm_x64_setup.tmp

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686645850257089"	chrome.exe

Modifies registry class 17 IoCs

Processes:

fdm.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\shell	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\shell\open\command\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" \"%1\""	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\DefaultIcon\ = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\", 1"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\shell\ = "open"	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\shell\open\command\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\DefaultIcon\	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\ = "URL:fdm link"	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\Content Type	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\URL Protocol	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\shell\	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\shell\open	fdm.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\shell\open\command	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\command	fdm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\fdm\{17FF5AC0-1D17-4A53-A10F-85E3EFA3DF17}\icon	fdm.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exe

pid process

2336 schtasks.exe
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

fdm.exefdm.exe

pid process

1676 fdm.exe
5092 fdm.exe

pid	process
2336	schtasks.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

fdm5rhwin.exefdm5rhwin.exemsedge.exemsedge.exemsedge.exeidentity_helper.exechrome.exechrome.exe

pid	process
2908	fdm5rhwin.exe
2908	fdm5rhwin.exe
1040	fdm5rhwin.exe
1040	fdm5rhwin.exe
3232	msedge.exe
3232	msedge.exe
4716	msedge.exe
4716	msedge.exe
1076	msedge.exe
1076	msedge.exe
768	identity_helper.exe
768	identity_helper.exe
4984	chrome.exe
4984	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

msedge.exechrome.exe

pid process

4716 msedge.exe
4716 msedge.exe
4984 chrome.exe
4984 chrome.exe
4984 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

fdm.exechrome.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1676	fdm.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

Processes:

fdm_x64_setup.tmpmsedge.exefdm.exechrome.exe

pid	process
4568	fdm_x64_setup.tmp
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
5092	fdm.exe
5092	fdm.exe
5092	fdm.exe
5092	fdm.exe
5092	fdm.exe
5092	fdm.exe
5092	fdm.exe
4716	msedge.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

Processes:

msedge.exefdm.exechrome.exe

pid	process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
5092	fdm.exe
5092	fdm.exe
5092	fdm.exe
5092	fdm.exe
5092	fdm.exe
5092	fdm.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

fdm.exe

pid process

5092 fdm.exe

pid	process
5092	fdm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fdm_x64_setup.exefdm_x64_setup.tmpfdm.exemsedge.exe

description	pid	process	target process
PID 3320 wrote to memory of 4568	3320	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 3320 wrote to memory of 4568	3320	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 3320 wrote to memory of 4568	3320	fdm_x64_setup.exe	fdm_x64_setup.tmp
PID 4568 wrote to memory of 4920	4568	fdm_x64_setup.tmp	schtasks.exe
PID 4568 wrote to memory of 4920	4568	fdm_x64_setup.tmp	schtasks.exe
PID 4568 wrote to memory of 2336	4568	fdm_x64_setup.tmp	schtasks.exe
PID 4568 wrote to memory of 2336	4568	fdm_x64_setup.tmp	schtasks.exe
PID 4568 wrote to memory of 3768	4568	fdm_x64_setup.tmp	schtasks.exe
PID 4568 wrote to memory of 3768	4568	fdm_x64_setup.tmp	schtasks.exe
PID 4568 wrote to memory of 2740	4568	fdm_x64_setup.tmp	schtasks.exe
PID 4568 wrote to memory of 2740	4568	fdm_x64_setup.tmp	schtasks.exe
PID 4568 wrote to memory of 1676	4568	fdm_x64_setup.tmp	fdm.exe
PID 4568 wrote to memory of 1676	4568	fdm_x64_setup.tmp	fdm.exe
PID 1676 wrote to memory of 3856	1676	fdm.exe	importwizard.exe
PID 1676 wrote to memory of 3856	1676	fdm.exe	importwizard.exe
PID 4716 wrote to memory of 3820	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 3820	4716	msedge.exe	msedge.exe
PID 4568 wrote to memory of 2908	4568	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4568 wrote to memory of 2908	4568	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4568 wrote to memory of 1040	4568	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4568 wrote to memory of 1040	4568	fdm_x64_setup.tmp	fdm5rhwin.exe
PID 4568 wrote to memory of 1624	4568	fdm_x64_setup.tmp	netsh.exe
PID 4568 wrote to memory of 1624	4568	fdm_x64_setup.tmp	netsh.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2332	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 3232	4716	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3320

C:\Users\Admin\AppData\Local\Temp\is-97Q3F.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-97Q3F.tmp\fdm_x64_setup.tmp" /SL5="$801AA,39406194,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4568

C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
3⤵
PID:4920

C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
3⤵
- Scheduled Task/Job: Scheduled Task
PID:2336

C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
3⤵
PID:3768

C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
3⤵
PID:2740

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1676

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=11.0&osarchitecture=x86_64&architecture=x86_64&version=6.24.0.5818&uuid=ccbed646-143b-4806-8457-93efed413ef9&locale=en_US&ac=1&au=1
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd4e7a3cb8,0x7ffd4e7a3cc8,0x7ffd4e7a3cd8
5⤵
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,11233923369854619621,17307223029296463499,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
5⤵
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,11233923369854619621,17307223029296463499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,11233923369854619621,17307223029296463499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
5⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11233923369854619621,17307223029296463499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
5⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11233923369854619621,17307223029296463499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
5⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,11233923369854619621,17307223029296463499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1076

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,11233923369854619621,17307223029296463499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:768

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2908

C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1040

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:1624

C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:1816

C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5092

C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
4⤵
- Executes dropped EXE
PID:772

C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5197cc40,0x7ffd5197cc4c,0x7ffd5197cc58
2⤵
PID:560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,13961066005054834260,1738731618317888824,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1784 /prefetch:2
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,13961066005054834260,1738731618317888824,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:3
2⤵
PID:4808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,13961066005054834260,1738731618317888824,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2400 /prefetch:8
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,13961066005054834260,1738731618317888824,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,13961066005054834260,1738731618317888824,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,13961066005054834260,1738731618317888824,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:1
2⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,13961066005054834260,1738731618317888824,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:8
2⤵
PID:464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,13961066005054834260,1738731618317888824,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4940 /prefetch:8
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4448,i,13961066005054834260,1738731618317888824,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4392 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2616

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Softdeluxe\Free Download Manager\MSVCP140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Core.dll

Filesize
6.0MB

MD5
46a0dbd38cb28d8e79c80c9a033f6ae9

SHA1
1be5f3e78485f9b08e32346f13155a94001de50e

SHA256
225bd38093416c825f2e3220213f64e1079e9ab20f4738decc0fc6eb992e8a9e

SHA512
3fb62bce7b1d5129237914269aa3dd9a24f9e797927f2f4f937a0a291d357a40ec51b9c829094dc0bae1edcd6c580f1c9a03ca2c84d5526599c3608246f00bd0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Core5Compat.dll

Filesize
851KB

MD5
e50b9b3fa16362c86a40e6255c6b45e7

SHA1
fa8ce8fd6d4415abdb67597735575dc83a8fc634

SHA256
c95ab3df8dc0bfd92925b7b8b51bce859ae09008691874a5c6f5630969557564

SHA512
03a8ac0ae14e8420dd9fd91bc1619d072882d152127b3f2f1c6f7e670b7c54c524490e7c84a7cd0b76e2db413439a1ca55c4e03416fd6beb47b1067c3e960cba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Gui.dll

Filesize
8.5MB

MD5
7875aad0d0d426e9d1b132a35266de32

SHA1
8b7656e3412ae546153d2d3df91a6ff506d64749

SHA256
fc2464f62d7915ddeaebb5490bee6d60e7b42ad5a223d5812f0993c27c35be19

SHA512
9fa16c5c628f2e9b242323aed4c1aa70f093cee9f341ac61640287ff9be8663658f502769e037a8409943d3c9ab826bb1c6f88532f0fbacdaea28b2353cdfba9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Multimedia.dll

Filesize
833KB

MD5
e8fa5ba349752d18f6302434658229f4

SHA1
1e7696e1ae887734f017e7c4e521ff648e090508

SHA256
7b2aaffd8bd1b042d1d028b071d4fbb42420f52d04f45de06c4a80315b9f1b29

SHA512
771a41622b045724604568c18e5df00f99b3da3fa67d25f5a60024db34b01b7b70cd0aa9bb39c53cab4eef7a6059e5855fb205e83d131580626a4b43505bf621

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Network.dll

Filesize
1.4MB

MD5
960f50470059381c65833145036fef29

SHA1
270e230bfc9248e5ecff9ea8dfbc5f1066df02ee

SHA256
1071f4f88c65317401bf93a2ffb55e661adcbb84f05911879ab21a6656521a68

SHA512
cb0a0d63aaae1b9646dad722759b1c53b36ed13a4231a30b054f6124bcc69e7285c5777ab6bbbb8296756d6c31fc94e735db42c5155db35274e0ec25c1406582

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6OpenGL.dll

Filesize
1.9MB

MD5
2a2a628e23cada5d2eba63dee642438e

SHA1
73cbc92073eaedde3f2fc432edda0677e7a49c9d

SHA256
054b0a8d87fc735aa2eb281e5078f8d28bd1c395b7e32de13ef64a8bbc10bb04

SHA512
ca87b5e95ba9c3b1268b14a6587305ea52512224e9ba48e73e64b292713df295e9d64587f446fd28f0e2788d7cb78ca460d962f06cf43ccde53fe45ae65cbe90

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Qml.dll

Filesize
4.8MB

MD5
6404ca802e99e8520d6229982e382cf0

SHA1
204e0446b4989ef2df2c71a4ef7482240039da45

SHA256
477747d49a8b7f51c408fe7a49cc3dcfa99078040d3059c5586c77d9b04d1a0d

SHA512
90998283c98eb7002cb0342b664a9f03902a6ee8141781ab03f723fddfb925d0a0e450e3c89589eebec41b95f1e73ec298808857151782b3c00b6c3fecf17df0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QmlModels.dll

Filesize
708KB

MD5
623c7740fc301a398c40dc9504d04fd6

SHA1
fb0e711c49c2ff488c7d3be9daebe2779bd42157

SHA256
4ae023a87636f5c70c08dbd787e47eecfa0ac15ff741677db323d70bd70a36a1

SHA512
2343081e57448e3922eeb86bcedb861ed8fde1dc51ab0e42e7930cf07834e9fcfe41a9b1d64a89341037abee421d242d4ece91dec8a8b26a0a552989e130fc34

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Quick.dll

Filesize
5.3MB

MD5
e739a7f0e54081125d1381a42eb7c226

SHA1
20ef3724f878bfe7773e006c29de3ff4e6e8a8c3

SHA256
35e8842051211a1654d6717b8786357e7a93b21a004f941151e7a4af23e16a84

SHA512
fde9db1793eec6fe1a0818af1b24c8399c941280982bbbb456332aa2768d0950da0caa7bd21e1cbbe81770358cdcdd3a6b199c71df1432170506dadc718d88e1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QuickControls2.dll

Filesize
87KB

MD5
8641967f2caf274abb1be307cc70204f

SHA1
08dea9d79289dc90dc75554baf0dce8eb7c53023

SHA256
7065885b1374f55ade04621b52b5ddf6d6e24cb6d57d89d2a1c5cd6bb0d1dede

SHA512
a8cee79efcb002aa2eef263ed0492a212b017375577f42de13322a8f8ba9f942fae2b8658fd7468a7a7bf1a19192013fb092efdf7695b8ca7d291990157154f6

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6QuickTemplates2.dll

Filesize
1.7MB

MD5
f5b138ab4c0ec16233fa6a9d15d9721d

SHA1
c927058d73c57bf34dd37ffc4c899945f38556c1

SHA256
000013ac37fb5f210fde72ee1d4b175dec38c45d6615d306e62431753b0d03fd

SHA512
40d6becc960d3133c326cce9b7caf1a0d5473605b3c30e935befe60a027f5f3fe5647d3d906a88eab8b347c697758c5a8789949f25bac4ffce3eb2112ba34b90

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Sql.dll

Filesize
291KB

MD5
04b54b342a7f3b56fe9b327cd3fffa86

SHA1
257cbc011eb1c1acb4121a1dbde801411fb3691b

SHA256
cec14ed64352d5c6e1e043d716cbd2d4575ddfff2e48633c6e6fa2670895ee59

SHA512
493003fa6b37c723ea08b0749348ca96fa0939a384ac452737947eb98195f1c1c78b9fd7c7220d0938cb526afc300232c0e52720d54919ceb05c311d6ed3b62f

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\Qt6Widgets.dll

Filesize
6.2MB

MD5
34abb42b63e71b09b72b48cf5b1dba53

SHA1
9f3111aab57a5f28a4ce9bf82ea208fa3eadb9a6

SHA256
c71e65b882a84f47114590784a256f14ba19202ec30b218ce4841b2c7256060b

SHA512
06acab5a04a5d3e6834ddc95229758d4adc7a7f0ef003c80e8d59a8241e295b196aceacce20c88879e1676405a2538d032ec6ac543258538e686878fb29f77f1

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll

Filesize
111KB

MD5
ac0838c665b3741666667e37e9063bab

SHA1
0d6f7377aa10b53727b1bc1126b17b7b8c766509

SHA256
98867ba613760d132096bc835d0704dde75143dcf5545fffdb452c31fc8adb00

SHA512
4d535c928703b0bdfaf5569ea2c8cbc848123225fe6b53fe64db6a71ace06d392093500e1fd3673542adf86c569e7ee8044b812428387e1babb5ed74f6e2530e

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll

Filesize
623KB

MD5
cbbb8b877d4e4abc1cc5f7c87e52e4a3

SHA1
e0fbd3bfcbcfe1e9f85e9a03b5411b75cea5d206

SHA256
31a9512311013764320feba14e1d849dfc7bc0a689cadf5806a90043945128e5

SHA512
c201faefa7fb6fa5eaeb119da7f502951efc3251ad5a76eac1bd139379aa4b6da4f9e73bd0fc8dd0486f4973c9ccf21da401e01839f1a70032ff01bcf754e08d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe

Filesize
7.1MB

MD5
b6eb17081c138903a98f4daddc5356ec

SHA1
95338c82ca76629178c342fabbcaf9fe8ad707cc

SHA256
88553acc42f9e638fe19771e0cb2badbe28f569583195d9306c8a8ef6343e297

SHA512
ef9242cd41585318d5daa47ac8cffc956672549f4ce9238db6227fa64ce800a7b64a25cd7b7175e3b1769f29fbc37e4b18c28375159eaa3bf294c1a48588e01d

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe

Filesize
136KB

MD5
bdd8417b62e8c1dd4352d654b1c0b887

SHA1
a4ca880967460b692351efdbf2e94438fb6f2630

SHA256
3f58d018ad24f506873b6e4eacae6e19585849e7d6638e72b585cff9a750ebf7

SHA512
9e2782c8543583b9f171e4aefd1685f32a70693998addc656169963ed973a93c0c81562c12ca52d07ac94cd628e7cb9909ba519344210cce4a36c64701f78aad

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-3-x64.dll

Filesize
4.6MB

MD5
abbed3f87da630930d274871cb794a4b

SHA1
40398d1aa2c9b9be7aa7744e311b67b5296b0450

SHA256
7e8caae0c0e6bf6bc5ece9aad0cae238246a5a98c3409745f571316a50aea54b

SHA512
35c04b8ce4702bd6f8629011b382941d24a3122f8d6394e1d6dff3c11549993b16f2d1d4635f16b1d33aa0d5fd0d335d103e2199383934d52527366d6eb624ec

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\logger.dll

Filesize
43KB

MD5
9c93f9c583bb077a23f50c5d64cf1bb9

SHA1
d2b2a91bfc9b6cbeccef00a0b8c49f0ca201d78a

SHA256
6434f084d00beff3a67b9a20eca0c8a1940d380bc12990258042859cd98c5a20

SHA512
27db1a016b6804a5c03d78d163eb6588ffc024c4bcbc0d1c582cdfd7081f351a5ee9beeb6684ca70fb9a1ee24f0eaf0cf8e18120efc5f347db10692d931c04f9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140_1.dll

Filesize
23KB

MD5
0832532fab0d5c949aa0c65169aa9d61

SHA1
26f1bee679b7a6289b663c4fa4e65eba33a234e8

SHA256
8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617

SHA512
03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\msvcp140_2.dll

Filesize
182KB

MD5
e35261e9f4478aabe736bb2269c20b59

SHA1
f17330804c159418d4acf7a803662b8c1f7686fd

SHA256
366af8e071f004da5d95a832a46b2e8821a8e0294340a93f7c95cf48c441067e

SHA512
2694d21431e9b72a9591c4658dc3ade5795a52fcf2bc8631928181a7aeee49184cf741d50e28581b96d439360d21cb176c6bb011db4fa742a2fc64afa38baaf9

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-E4DL8.tmp

Filesize
1KB

MD5
63340c8fcb71734ce4bbac29a86821b5

SHA1
0cfd02b3e95fa482cbd4bd83b0f2d9214acc9709

SHA256
78b5fc58e6d881d16351e92d32b8cadea6b14fbf8c20c1bc7e56d02946467ae8

SHA512
fe035bb77a32d0fe9d4983d90c65d4c2600a019ac20743dbec409f29ffbfbecd8bca2d15abfffb2e71b77e3c105e248627a176942cdf9d7b98ed9113e6f73ba0

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-42H1U.tmp

Filesize
215B

MD5
2006d4b7d0da455aa4c7414653c0018a

SHA1
6685b8360b97799aa4d6b18789bf84a343e9e891

SHA256
a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a

SHA512
703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\quazip.dll

Filesize
227KB

MD5
514b4dd973694fe604c7ec22a3ec8481

SHA1
6285f9ce01e9d061e4d936b7fb44635a9ea19d93

SHA256
367ce7cbe3c20048ff6a19383b762efb31a3b5313fc8169a01c9256afd2cb7fd

SHA512
4eaacd3a196959d6579bb6c716dbba3d2ebb2f3121641c7b536839bd4c7744da5eae8315f65a4585f35bf76126a4468485b609a4ae9a2c62afd56640055352cb

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\service.xml

Filesize
2KB

MD5
85c61b85b0ffe2609b00379a5512790d

SHA1
2dfaf069df408819b06916381ac80b3ec097214c

SHA256
24f6062b8679b4140b5c15900deefa8ba187ed5e3c5cb8efc91b26b31769664d

SHA512
3a18c17ddcd10cd89d1c666134f13be6ed441fbe2c36a9567e894c0e1674232d5882e696ad2d385bd5eb4d50b6a1b4225bb992389aad93a77b203318293ca6fa

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll

Filesize
698KB

MD5
8a839a29430dca22865dff4f2b5b0124

SHA1
600e3b1d00ed8b49e0947a470862da7b8944c48a

SHA256
0a8dae7bde1b75351c0f2a030e811f15cf2e341c57828bff22228539c3d574fb

SHA512
a374f2313e0f64bde4abf81fb5230cee4a8783c705824d55d44cc45157d272f7a488a4d911ac082eb9851ea4b57fcd817161643538e7587ba8a0feb2274d43c1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
44fb249f59f3fdd7c890887b702115ce

SHA1
b68d4ab674bf6e4c7b0d97f55465edd695de0264

SHA256
5af5dbe8cba1678201da8a9df47c04f3b7b5b534c7193360fa3e961d826895df

SHA512
c8b68c84d6f3b647089efe90c07c5fba5ae0593bf9e794e67a3e3e44251a4f3833fb7752e515bc08dce8fa167b8b07e924dcb48539227c8626b123a57db3a88a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d605d6e7709597059f5458299249d029

SHA1
7bd637aa4c269d62d3e18de3ea28a569b201eeb2

SHA256
cd65f803d843698cbee0043a65feff3df10476370a51dbbefaaa6c0d4fb9b14a

SHA512
0e0bb6f927bea91a6bf2d1f45dab8b10d9762d55fcbbeea009af806021760c8a5be699305dff5bb0ddcb033812065f952cba04b4fbd30d4346aad474b0c18b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5c5aed2d0930d7d082d5b32318a2a86d

SHA1
65af42acd31706fa2a3ca59073a639de84968e2d

SHA256
b77b602ef1a1a0cc5dde45ebe1c0f35fc1dc9419116c6a0313261d458da57e7e

SHA512
5ff45550b6dd32b102e62f5562e06e6d866cd9af5113ceb9d4a66d229de51e7c2f73e01e5c29c2effbf6eb41a17b22fd7ada15cc6df347226af8b727e12f3c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22a8d2967bdb7b14d3fcfca55f0ee0ec

SHA1
5a9e94d632f73c9c0ac2d4ee9f4b83509ddec7fd

SHA256
503ad537480ebd88414c0ad720f7c8c1794e19b8c2e4fd1be0b32a787c9e619b

SHA512
80188da8702ff8177358579dccb502f8f3ccf0b4bfe7b280a075212b07379976a74401aca49a852b57308cfbdf00ac625ec70916d8c4388c018f73bb616d08a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c0bf35346759da493db3880f5611507

SHA1
7a4b091b5aa197a81ba32d4327538907afa3c53b

SHA256
87ecaf86e28553b353168bec046c87010086d7538e530a2a3430b75610dacf5a

SHA512
4bfd8daf51659d83c44a26eba24866e85377d4c66bbb5454c653434019401cebab16ae3890fa096204343c31271ceb3b2e6c45f9941f42c5c5f5a3d1b4254f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16df36d1acb452d944a87df1fe211f67

SHA1
10111bafc050b6961e1bed3c000564c3b7b27f49

SHA256
bc213c81ed65f48f52a425dbe5a6161e60c2b5a22f1dc8005387e8f9ff3911f1

SHA512
68e5be7c3db7ca3594831197c927687494fd497e60f27e1c382bf5d61bfe5b1066b1828df6b7804c9b78b471c5d6b30f7b3b7fcfc44f0a9ae146ab8ba1870a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
42505099c5d0ba65b1e859030186d8a5

SHA1
9faa976e6f21c2005b68e6ef245ebe6cab54c3e1

SHA256
997e7c516ec96846a435a98603a84625e3655c21da7e5c73c0e5f032ec25d9ce

SHA512
de2738267df5598e0455ba32f583f61edb8804ec80c9d18fff7e2f52356ecaf4c6c01d0c3fb905393a49980c80f97bdfd99d0dd22a77673617be459dbd306b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05e4dfe6e1bc3e34341103cd12c0d1ec

SHA1
e01b86d584c885258a405947c8a78ddd18155591

SHA256
9a0d565350489ce3e454bf6b581cfc88f4029cce8c9fb9021bc52c423d462284

SHA512
b6692e1cc77f227de8e2d9641f33e84d8d18a241f1d04fbeaa08eb2bf1350f397eaa7e1c7c8f6d6ff0bd18697e7423679819f3f4fa118aa6f405f94821bf8e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1d56f467f2b63d130384cfa18e53ae45

SHA1
bc41034575369b592d3caa835f9dad08a18d92ae

SHA256
ad15e3be9c566e1efe12174ca8b2ddad51a96d7217f4ee8924a496b1dbbd6067

SHA512
ff4ae13e87dac6b6ad0d64d17fd568e3b670bbaf94268dbbcc9c800025a079a92996813bf56b67700b60ac1bf3e876b1c0714e3845792681de62443e13844803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dffb3d97ba4e293f3432ed88746fd7fd

SHA1
9d43cac8fc16347de68b6ba74dec72d8e81ba550

SHA256
9eeb2bc2007f96d81907fc67cd414955393b952e72cae77c6ce235d602a82e83

SHA512
19969ea52511411c03aa071dbea71269f87848990061d87d2332a17b77f3d0b62564250d0b78e6ebf09e1bbbf84d5364d30c9f91d694bba178078572224ca65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
921f4c3ba790d9017106402d6d0ea330

SHA1
1517c2c372be79736e9f8d5f195c5e368530fd7e

SHA256
7908a83c54151579700b7731f71b4fcf0b61ccde808320c85551025b76379cff

SHA512
ef1425968f6ced8872e4bf89aa420de0c8e7207f8dc57b26a39f51de65cf477dfc2854e45c02255ccc0c83f79d8849d22bbcf97dd114d512b0f9262825db9f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e103546c9d2b4a80e784fb68a3e24f1

SHA1
b755233173b291a89347c468ecc2313674157e46

SHA256
4d9e3880642f28916a27cc098488b916a4eeb59e7a7bbac8b2b7e5986237ea52

SHA512
015b03c72a9573547bb2dde42329e3f90d3b3a8cbfef12933819fa8d5b7b0abf3064258b29a61dce5c432769750f321a191cfd0dd6ec8450946d318ed87ccfde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4254982f9859e3647953346c86fb32ee

SHA1
321e43f24a85df6b722d219f26cc70f0d5f0eba4

SHA256
d073ce9f693c334e6e755b473baa378738ed00ab25c979238af837f1bfc55903

SHA512
1296b2fec8002452f6f97d5417439a9d2004f9c74856fa20d786b857f3a41d481b13ff996438a1ebdab7d185db7d4eef00bbef28e5678dc096aca4cbf6ca4854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f99e0e7419ba00292f73e9da1b66ad09

SHA1
06fa52fab0538ab34f849797358b2c820639e9fe

SHA256
b53fec47bd0a7e015724ebc485dcdbd2bd9b3db72dd8b3e4539e4671a7ec71a3

SHA512
c7bcb089ffd247cf45136cd0a41f484e86d9fd3545e4d3144c58be4c5bf0dac46bc14a3035308a507be13ef01002055b4984188e9c549ace470a25263bf44811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e210f9ef6c9a84c9557bf76df03b9b4

SHA1
5174353c1e5e8d65f4a32b0a5fb35bd0c142bc80

SHA256
42a1a4dd8890aea9b43088da027eb838937fcc444c13ba4a3f11dcb21d875a94

SHA512
90e7672ccd725dc128a29f6972ff96c14c24c53af72f6a5c6391811f8d10aa105de52e8cf83987937e3abbc0184a9094205c7c25ca67297c3a6f11d66a6149ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
40ad364ca357d20dc162f3a06dec3bc1

SHA1
04a9b152cbc3e05b8dc4b66b89c177df01965ae3

SHA256
84f7f2d5aac8fe60d1a6782fd4fe2a020bec427f8f87f02934d9f78cad8db280

SHA512
e30b33af4303d9005ce66e16853cc3a562800b4e4785c3afd3dc49bd95166c6485e2c1f3b5aa6f14b0c0eb15ef7e8cf146bbe76359f17729fdf36f308c47ab68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
4941b0091f653e6ab763ead89fca3f34

SHA1
827e70ffda58bb8fb5b27f1c76c4982984402d4e

SHA256
6483fd0357e24e62118a26bd64f97de6ae7e08fdd0802e53b455f5faf6e703bc

SHA512
e29a56e59398e2bc611ed30b448b785ef6354e08a8f51801d9ec1bc0d5803b93ae6c1650eda63caf88ac3f991ff97174c2fb535f8b82bc8973f2c629d3c1c04d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
afeaebf542ab2f840d569db67b641e59

SHA1
1fb83cf2a29ca9b6569bf8fa1546a4887b822e29

SHA256
3effeecfa05470cb5b4ef3965430c2d403857fcdd4e24b2c07aec62ff318654e

SHA512
5e7069bc731bbfd159841ee5c7b1e47333e523b59559ca6ea2c93ee93efba5cc9c1ecd8fe622707839cc19e729f57d49d916bb935e9baa490b3e9c8ba3ac62aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
000435f14772feedaab353994559141b

SHA1
b340385c1fc666b1c3a3c6b20b071c5395c54a37

SHA256
8cf082f2dfdb1989dbebea3ad6e2a2a5aa7dd7688be6cecfd6cfa5ea47cb7d85

SHA512
48f44247d17950cb49af230cf94d88207f4d85b7b4fa31f3cbaadcba0dcfc070ad207ecd717422c575b06c033f6fa63d43a782b61f560b524ac199ea160e1a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a5f4ddecc44b9c4a464a7b7d0be75eb4

SHA1
ce3a60f9eddc9c8f4aff199e19d979465b2f33ae

SHA256
632177b85c5eb2b9e482466ab50e33278355ebdde94eb40211e205827cfc7558

SHA512
e8699a37d4c995aae03ec734b3df39264b9e3b1ea46132c77267e14d59cf897f53f1d2102ca8e53974e0c70178ae4f9983d6c9a99d3f4d099fa14aba5edca735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a1565997ea9aff442fad53702514ec4

SHA1
5bdcd7dc1bb90c579805781cbb4127e6bb4a5b8f

SHA256
d08def382d0cc70a7d853dc72c41150b73e74928460bad0fbc8832bb7f5a8f58

SHA512
af8580456840f0b90a9c519ac1e283feec0b74ed0f8a80fa138920efba5a7469af11bf54971b70c912ede6c8ca464ea687199dced318128d85266036d2205007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7605ae8299e9178f7a0e9eb566d5fc9

SHA1
0797a212ab1c916fba9ff53d236e25a14442d592

SHA256
74e1b423c4edc75de75f0e43c00333fd68f7dab069a58e945f2a57b11ac6d342

SHA512
32cd2804ce82957da82047cba8f80192376b61813e054a724553140b828f457835d36ea964ecaec3381225a495a3f63679b048fed7d015fac0fd72cc142a8a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16db10a7804a894cfbfd33e5f0294ead

SHA1
fdbedc7d660b5fe4f569076789fb4f7f74efd7bd

SHA256
e83d868360280488a129bfdb36c692658049e175be7f899a9c6fa9c830903ae6

SHA512
9dd981ca234d15549063a5ecb3377393e3c9d447bec866eff088a3e222a7a4bd681e2e53e1df999bc9427c061a096b815466e59ee78944f0a8f2c602fe8ecd7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b2d8550ad55e7bcc66d4c82af690b541

SHA1
0809c1b435fe16afe85f3f6d6ba4e832e169339a

SHA256
6ff5c1d2169bc8490d8af83f2352212ec6f260249457bca794f952b085fe9512

SHA512
dacfffe86456599d272b2ca562becbfcda810523a1ee59bc3e3bf335fa8836e01204005720d2b7d2279237b1926428b178f159cdf792f4d35b5b3728b4efeb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c449088a7dfb5b751a6094d39359a8b8

SHA1
c6e26f88d404d7e810949c297f0fb8438a592faf

SHA256
f8a0d34f43d67fe23a87cca8c7f3656af8258071e5e116413a863cdd3c49811e

SHA512
80b2df34dc6886555fabc841f70d0da6243421112393f881b0a43e3fe5a60330bae5bccf024eda0fdbd2b6743fb51597eac5935f6c257aa80b77e7941b36864f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-97Q3F.tmp\fdm_x64_setup.tmp

Filesize
3.1MB

MD5
60f76f6e78d966f31d9c574c7465899d

SHA1
2c231f5a57d294ab2b6c1fc6f7902fb453fbeac7

SHA256
ced610b7c01111d289a511d35ada43d94fb4b2537ccfc0317a23e1d3eecd3bf8

SHA512
59b67dd82d6f3cee823d7fba1722455c52479413664f816c6756e42bee877ba854844b10c90d22e63b3631e3b8b83dbf35912507b7fedd7fda4f2724888e2cf0

Download Submit
memory/772-1676-0x00007FFD4E050000-0x00007FFD4E67D000-memory.dmp

Filesize
6.2MB

Download
memory/1676-1522-0x00007FFD50E70000-0x00007FFD513B5000-memory.dmp

Filesize
5.3MB

Download
memory/1676-1523-0x00007FF61E1F0000-0x00007FF61E91A000-memory.dmp

Filesize
7.2MB

Download
memory/1676-1520-0x00007FFD4FFA0000-0x00007FFD505CD000-memory.dmp

Filesize
6.2MB

Download
memory/3320-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/3320-1646-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3320-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3320-1501-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3320-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3856-1525-0x00007FFD4FFA0000-0x00007FFD505CD000-memory.dmp

Filesize
6.2MB

Download
memory/4568-1643-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4568-1635-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4568-1502-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4568-11-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4568-9-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4568-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/5092-2154-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2180-0x0000021E42CA0000-0x0000021E42CA1000-memory.dmp

Filesize
4KB

Download
memory/5092-2179-0x0000021E42CA0000-0x0000021E42CA1000-memory.dmp

Filesize
4KB

Download
memory/5092-2178-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2177-0x0000021E42CA0000-0x0000021E42CA1000-memory.dmp

Filesize
4KB

Download
memory/5092-2175-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2174-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2173-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2172-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2171-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2170-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2169-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2168-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2167-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2166-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2165-0x0000021E42C90000-0x0000021E42C91000-memory.dmp

Filesize
4KB

Download
memory/5092-2181-0x0000021E42CA0000-0x0000021E42CA1000-memory.dmp

Filesize
4KB

Download
memory/5092-2182-0x0000021E42CA0000-0x0000021E42CA1000-memory.dmp

Filesize
4KB

Download
memory/5092-2183-0x0000021E42CA0000-0x0000021E42CA1000-memory.dmp

Filesize
4KB

Download
memory/5092-2184-0x0000021E42CA0000-0x0000021E42CA1000-memory.dmp

Filesize
4KB

Download
memory/5092-2185-0x0000021E42CA0000-0x0000021E42CA1000-memory.dmp

Filesize
4KB

Download
memory/5092-2186-0x0000021E42CA0000-0x0000021E42CA1000-memory.dmp

Filesize
4KB

Download
memory/5092-2188-0x0000021E42CB0000-0x0000021E42CB1000-memory.dmp

Filesize
4KB

Download
memory/5092-2189-0x0000021E42CB0000-0x0000021E42CB1000-memory.dmp

Filesize
4KB

Download
memory/5092-2155-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2156-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2157-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2158-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2159-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2160-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2161-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2162-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2163-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2153-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2150-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2152-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-2151-0x0000021E41B90000-0x0000021E41B91000-memory.dmp

Filesize
4KB

Download
memory/5092-1697-0x0000021E3F9B0000-0x0000021E3FDF2000-memory.dmp

Filesize
4.3MB

Download
memory/5092-1699-0x0000021E3FE00000-0x0000021E40002000-memory.dmp

Filesize
2.0MB

Download
memory/5092-1639-0x00007FF61E1F0000-0x00007FF61E91A000-memory.dmp

Filesize
7.2MB

Download
memory/5092-1641-0x00007FFD4E050000-0x00007FFD4E67D000-memory.dmp

Filesize
6.2MB

Download
memory/5092-1640-0x00007FFD4E940000-0x00007FFD4EE85000-memory.dmp

Filesize
5.3MB

Download