532a7d66259842f4a710ea7bc6dc48547de371bb69fc842f53934876e787efb8

Resubmissions

09-06-2022 14:50

220609-r718pshbel 8

09-06-2022 14:38

220609-rzy4dadde2 8

09-06-2022 13:59

220609-raf69sggdk 8

Analysis

max time kernel
297s
max time network
299s
platform
windows10_x64
resource
win10-20220414-en
submitted
09-06-2022 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_FileViewPro_2022.exe
Size

1.3MB
MD5

5cb079f8ec885592c5538dbe0362d593
SHA1

a5702ea5dfd73c619ad2625e645b93e0a39b1451
SHA256

532a7d66259842f4a710ea7bc6dc48547de371bb69fc842f53934876e787efb8
SHA512

8787a51f3e7eacfd5f507abdfacd58aef34a704d01f84c05ec8074cb77318d3b14223ff2ca3da399633ef82d3529266bcf3bb174bf746450697117915641fb90

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

FileViewPro-S-1.9.8.19.exeFileViewPro-S-1.9.8.19.tmpFileViewPro.exeFileViewPro.exe

pid process

2580 FileViewPro-S-1.9.8.19.exe
3868 FileViewPro-S-1.9.8.19.tmp
2360 FileViewPro.exe
4172 FileViewPro.exe

pid	process
2580	FileViewPro-S-1.9.8.19.exe
3868	FileViewPro-S-1.9.8.19.tmp
2360	FileViewPro.exe
4172	FileViewPro.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

FileViewPro-S-1.9.8.19.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Control Panel\International\Geo\Nation	FileViewPro-S-1.9.8.19.tmp

Loads dropped DLL 33 IoCs

Processes:

FileViewPro-S-1.9.8.19.tmpFileViewPro.exeFileViewPro.exe

pid	process
3868	FileViewPro-S-1.9.8.19.tmp
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
2360	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe
4172	FileViewPro.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

FileViewPro-S-1.9.8.19.tmp

description	ioc	process
File opened for modification	C:\Program Files\FileViewPro\Vlc.DotNet.Forms.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-BVMS6.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-ILUNN.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-0CGB4.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-542A8.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-1Q120.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\PaintDotNet.Core.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-CGODU.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-DFG8G.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Wps\is-P0O4R.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-Q7NGD.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\PaintDotNet.SystemLayer.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-RLFPM.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.XtraBars.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-6EFMM.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-B35BL.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-BR19V.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\unins000.dat	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\O2S.Components.PDFRender4NET.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\ICSharpCode.TextEditor.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-QSOEA.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-VDOLK.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-0STFD.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\unins000.msg	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Views.Message.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-97LHT.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-3USDG.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\contrib\suggest\browser\is-ILQ2Q.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-GNUKU.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\base\worker\is-3VAIO.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-DBG39.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\7z\7z.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Views.Torrent.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-2QEF9.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-RH0O9.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-CQESL.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-6QMSJ.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Views.Mime.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-0MB8H.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-PQ61R.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-08NLH.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\language\typescript\src\is-AMBND.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-7QEFV.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-Q8RD4.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-2CRUE.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.DataAccess.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\QlmLicenseLib.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-155T3.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.Data.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-ECQ1K.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Localization.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Wps\is-PPV7S.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-RFJ64.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Views.Wpd.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SDL.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-VF3TU.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\language\json\is-DBQ2O.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\language\html\is-816OI.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-VTJ3B.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-J4AF4.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\PaintDotNet.Base.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-45KE9.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-VDD9O.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\language\typescript\src\is-RTEG8.tmp	FileViewPro-S-1.9.8.19.tmp

Drops file in Windows directory 3 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exeMicrosoftEdge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = e17eaf304350d801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 40e7da29417cd801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 633651df0e7cd801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 073c5dcb0e7cd801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "cqerxrd"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "361608411"	MicrosoftEdge.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

FileViewPro.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	FileViewPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b688518687e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	FileViewPro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FileViewPro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	FileViewPro.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

FileViewPro-S-1.9.8.19.tmp

pid process

3868 FileViewPro-S-1.9.8.19.tmp
3868 FileViewPro-S-1.9.8.19.tmp
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

FileViewPro.exe

pid process

4172 FileViewPro.exe
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

2312 MicrosoftEdgeCP.exe
2312 MicrosoftEdgeCP.exe

pid	process
4172	FileViewPro.exe

pid	process
2312	MicrosoftEdgeCP.exe
2312	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeFileViewPro.exe

description	pid	process
Token: SeDebugPrivilege	2700	MicrosoftEdge.exe
Token: SeDebugPrivilege	2700	MicrosoftEdge.exe
Token: SeDebugPrivilege	2700	MicrosoftEdge.exe
Token: SeDebugPrivilege	2700	MicrosoftEdge.exe
Token: SeDebugPrivilege	1528	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1528	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1528	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1528	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4428	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4172	FileViewPro.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

FileViewPro-S-1.9.8.19.tmp

pid process

3868 FileViewPro-S-1.9.8.19.tmp

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

Setup_FileViewPro_2022.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeFileViewPro.exe

pid	process
3908	Setup_FileViewPro_2022.exe
3908	Setup_FileViewPro_2022.exe
3908	Setup_FileViewPro_2022.exe
3908	Setup_FileViewPro_2022.exe
3908	Setup_FileViewPro_2022.exe
3908	Setup_FileViewPro_2022.exe
3908	Setup_FileViewPro_2022.exe
2700	MicrosoftEdge.exe
2312	MicrosoftEdgeCP.exe
2312	MicrosoftEdgeCP.exe
4172	FileViewPro.exe
4172	FileViewPro.exe

Suspicious use of WriteProcessMemory 48 IoCs

Processes:

Setup_FileViewPro_2022.exeFileViewPro-S-1.9.8.19.exeFileViewPro-S-1.9.8.19.tmpMicrosoftEdgeCP.exeFileViewPro.exeexplorer.exe

description	pid	process	target process
PID 3908 wrote to memory of 2580	3908	Setup_FileViewPro_2022.exe	FileViewPro-S-1.9.8.19.exe
PID 3908 wrote to memory of 2580	3908	Setup_FileViewPro_2022.exe	FileViewPro-S-1.9.8.19.exe
PID 3908 wrote to memory of 2580	3908	Setup_FileViewPro_2022.exe	FileViewPro-S-1.9.8.19.exe
PID 2580 wrote to memory of 3868	2580	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 2580 wrote to memory of 3868	2580	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 2580 wrote to memory of 3868	2580	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 3868 wrote to memory of 2360	3868	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 3868 wrote to memory of 2360	3868	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 3868 wrote to memory of 2360	3868	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2360 wrote to memory of 4856	2360	FileViewPro.exe	explorer.exe
PID 2360 wrote to memory of 4856	2360	FileViewPro.exe	explorer.exe
PID 2360 wrote to memory of 4856	2360	FileViewPro.exe	explorer.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2312 wrote to memory of 1528	2312	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 5112 wrote to memory of 4172	5112	explorer.exe	FileViewPro.exe
PID 5112 wrote to memory of 4172	5112	explorer.exe	FileViewPro.exe
PID 5112 wrote to memory of 4172	5112	explorer.exe	FileViewPro.exe

C:\Users\Admin\AppData\Local\Temp\Setup_FileViewPro_2022.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_FileViewPro_2022.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3908

C:\Users\Admin\AppData\Local\Temp\{7FB8774D-C199-4B9A-966D-3B6FE8DD8EFA}\FileViewPro-S-1.9.8.19.exe
"C:\Users\Admin\AppData\Local\Temp\{7FB8774D-C199-4B9A-966D-3B6FE8DD8EFA}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG en-us
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\is-JH94J.tmp\FileViewPro-S-1.9.8.19.tmp
"C:\Users\Admin\AppData\Local\Temp\is-JH94J.tmp\FileViewPro-S-1.9.8.19.tmp" /SL5="$401DE,60311066,131584,C:\Users\Admin\AppData\Local\Temp\{7FB8774D-C199-4B9A-966D-3B6FE8DD8EFA}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG en-us
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3868

C:\Program Files\FileViewPro\FileViewPro.exe
"C:\Program Files\FileViewPro\FileViewPro.exe" /restartWithNoAdminRights lang=en-us
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2360

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" C:\Program Files\FileViewPro\FileViewPro.exe
5⤵
PID:4856

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3864

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1528

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4428

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:5112

C:\Program Files\FileViewPro\FileViewPro.exe
"C:\Program Files\FileViewPro\FileViewPro.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4172

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4540

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\FileViewPro\DevExpress.Data.v18.1.dll

Filesize
6.4MB

MD5
75e4c5f9581ef853d787961cf4f8830f

SHA1
04615d07cd402692f5c1a35474fc9ae01a1cb3cb

SHA256
a12b4168dcd3692fb8a68382c3d9413351c9d2c543b2d2061064de7994787209

SHA512
02efcef0a7250db93322c2c241a0f120985a730479517793fa8cbce8f0bfed3103bb2a22bde751b8fd333a89e6f85ffd3ebad821d1155d9d82c5f681f213a12b

Download Submit
C:\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll

Filesize
12.4MB

MD5
c5420b084a69cc5783d15bd9ee77d707

SHA1
ed47a4da79ce18af598a416633f4b9d9a032464e

SHA256
1a610b808c07247c0662b829fa703c5068f361194c301594b9594f414e0ebe84

SHA512
53994e509c56ac9435bcd06dc1341b589dc168ed5df2ebe13d2ca43cd50278e898768b1b5b65596542831b68d922612d3896c74d4dae8da829f5f0512905cb4e

Download Submit
C:\Program Files\FileViewPro\DevExpress.XtraBars.v18.1.dll

Filesize
6.1MB

MD5
70a4157ef8f50295748d78280d94b7b2

SHA1
e35b16bd2b77fab0d0156200070e642735ccbc2b

SHA256
eff8c03d4427b3eea68364f56cbd009fd1c1f4512bda3392cc8c80a8085eff63

SHA512
4b41715adc3bd9a3397c5b7223a2cfbdca52111f15c22ed6158179d3a2c4f91747fc9a875b3ec7cee061bb2cb4863c6676fad39886ba7214d6b8cd572088b437

Download Submit
C:\Program Files\FileViewPro\DevExpress.XtraEditors.v18.1.dll

Filesize
6.0MB

MD5
8c0d9ba800cffbabac77b2c320ab169d

SHA1
f28285a8b9b8a5086b5024a4352973019f689590

SHA256
7cd141c2fdc9dbaf634a02b51cc3740d98af3b21b694a444f5430a35a46b13f1

SHA512
52e29c064195b2eda58659aa3482c111f37b901e6053b764cbf1af4e498a14deefa7a74af069ae91446e71a6d8381b89a1f5ff178f2ac8bc1bb9cd04eb77b123

Download Submit
C:\Program Files\FileViewPro\FileViewPro.exe

Filesize
739KB

MD5
daa97924499885155278a306d3cd32d8

SHA1
5a315a56db58342c3d18dc73128492a67499c528

SHA256
a78a50b913083c2f3941035e19e48d0c895a1304365d202e491bc780bc9888f6

SHA512
b67f86e2fa693c31e974cefbc0c7c4610ffb6445fed0da3ee62549d6fca1655d23ed24e6fca9aac7dd15702e09f2ab0995df2f2297bfb18928cd8c117b9cc242

Download Submit
C:\Program Files\FileViewPro\FileViewPro.exe

Filesize
739KB

MD5
daa97924499885155278a306d3cd32d8

SHA1
5a315a56db58342c3d18dc73128492a67499c528

SHA256
a78a50b913083c2f3941035e19e48d0c895a1304365d202e491bc780bc9888f6

SHA512
b67f86e2fa693c31e974cefbc0c7c4610ffb6445fed0da3ee62549d6fca1655d23ed24e6fca9aac7dd15702e09f2ab0995df2f2297bfb18928cd8c117b9cc242

Download Submit
C:\Program Files\FileViewPro\FileViewPro.exe

Filesize
739KB

MD5
daa97924499885155278a306d3cd32d8

SHA1
5a315a56db58342c3d18dc73128492a67499c528

SHA256
a78a50b913083c2f3941035e19e48d0c895a1304365d202e491bc780bc9888f6

SHA512
b67f86e2fa693c31e974cefbc0c7c4610ffb6445fed0da3ee62549d6fca1655d23ed24e6fca9aac7dd15702e09f2ab0995df2f2297bfb18928cd8c117b9cc242

Download Submit
C:\Program Files\FileViewPro\FileViewPro.exe.config

Filesize
3KB

MD5
4e73c4ff8ea09cdc528e5eea378b9c89

SHA1
e3974580154b5897441a68b3a14bae74fbfab14d

SHA256
7c90b0bbb693a95518b394ff9fe96f975b1290cf51c017a4a8b5ef669d91e916

SHA512
155962cd814ded2d3d4d4120e8f5774fc381fdb8bf2aecc04e2c0ac84ea2079428f34f60890ad78c627164d33c7f82517750a116e70b00e1aea6e79ae8c32ce3

Download Submit
C:\Program Files\FileViewPro\IsLicense50.dll

Filesize
2.2MB

MD5
9c8e427d0fa333c78aa7dfa45a77ea28

SHA1
434e78a8d45ed5572fb554dda5d5e5796b00ce81

SHA256
692b75ceccf8f7c4fa4fce7cf26af25a15e22d8964ffc30dc2b97428a12c2117

SHA512
a91deee8b3d30b7e9fa402c9c5530e4be44d695c9892a727e364698b685d83f30c081fd95cffa01aa5d9576e691d5c91ef0ae70c2e5f8d160cbfbcdbe0b7ef39

Download Submit
C:\Program Files\FileViewPro\Langs\en.xml

Filesize
84KB

MD5
acfdec45e70b6825eb3b90d5f729b454

SHA1
5f5be74dc73b0ba35336d446eecdd4783be8a9a3

SHA256
4b75082298bf8abc385a0451c271c064b892d28646c493ca1c7ed4af3f4d3191

SHA512
6359ce72532471c47767d3e3a6e03a2ce0d0dabf711c010dc86c96eeeef685ca0ad56480e7dce2f1af0d7f200e8727769394774c0e99391b5aa784c2aed03a23

Download Submit
C:\Program Files\FileViewPro\QlmLicenseLib.dll

Filesize
530KB

MD5
630a267b01b169a4c1a26c0db188d205

SHA1
8cc73e203bafec1d054408feb3b66154194750cd

SHA256
65d9ca2ff2d46c4a46d97cc84dd313771a743eb83baeb7acc1172ff96e5d6fe5

SHA512
0aefbad11dfef128bd8975ed48afe57e81d1239368afb0a824d5d3c3e230665dc073fa31363522c6f35b97313f87acb251867998e504dcf3f6e7921f57562d43

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Common.dll

Filesize
353KB

MD5
591d7493dbefa4672affb597a76ebac6

SHA1
d0f6c5e2c16762e2087a1ed819f06e81f3e63f8b

SHA256
1223ed8b58295103739b0f7f87b3e4c5457157d659d750a4661433b2fd26559d

SHA512
e8a5b17f89df68bcaf8a35588e9a1211cb7a3ce2411efb8c8b7956a82ccb6fad0569c96b27fd970c001ab58880aecd4809527e49561e0976537f5f2970fcdcac

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Licensing.dll

Filesize
285KB

MD5
108e1bbee5db920dd019789324d04525

SHA1
5b8cc4e37e0a20e5263c98dbb132cad91301ee2e

SHA256
699a68bb79b9ea11a5a1857991fd1ea610335f91ee47c7a6adcad3880690ea5e

SHA512
c047557ddce8cae833f1cc293a0aea553cead4e30a62f2952ddfeb2c5c12b072e1a817d9493749aef2ea8dcfa504f06fe2efdfd3906b58a0752a1d61e4f2bbfa

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Localization.dll

Filesize
86KB

MD5
a1351945aa9ce65e2a3ed1e9b3963c3f

SHA1
5717a5d37e3be5bfd34dbc54a3a8cd273bf76ccc

SHA256
995b85c5d78a9b49e89c8293e3f56ed524f778e40113667fbdaa18a7178f557f

SHA512
811750775c6786414217e64e0d1a81cec7c80c85f3553ce818a25331991082d1c5b4eb98fc6ea49566bcafd80c3286b857f8b9992b7c33ebb6a84e7d015441a5

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Resources.dll

Filesize
101KB

MD5
08323903653f49087bfdc722668c203b

SHA1
cfd75889809a5861cc98be40524c0e64411ae7f1

SHA256
d9b298df75e88695673ad583966f6629378c8fd3007ed87d122cfb2ea4967dc9

SHA512
21bc8e3799994eb1d5b53905b29fd5c4dcd4a3d1378032ec40f0ff7c083cef61ad879c10d0e76bbf55ff4047fd6e8292a2a26823283230f72220b00c1bb78065

Download Submit
C:\ProgramData\IsolatedStorage\jsv31vsl.q4r\0fxzymeb.ief\Publisher.hobc41kkywtcc0rbz1btlitztrczryui\identity.dat

Filesize
1KB

MD5
05c9f19b4efe1e17616a590bf7ba78b4

SHA1
0b6af11405461794316cca1ba03f04e48368856a

SHA256
2065f492126f161ac0583f22dd1b72240bbee3d763d6a9e0d1eb365b8d9c9ff1

SHA512
e96f2b0c106dcc948225e34c867a23b8f2ec503cd9711a2a6cb4e90cedde8630530147fa4326044d19d9fe95ff45215edc29f2e72b5a6ac93dbc7da839819fb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17

Filesize
727B

MD5
49ef2b7012523079ccf54d4354e19ec9

SHA1
3cc3492fa953bcb60de33f124481ab4439834cba

SHA256
5669c050bc33326cc82e6659da89863c7e20a4349ea1442461b8091f42eb7828

SHA512
4d48acc455efc881ba537e1430bf28ec1e773902cdf011195f5d432c7385d87bcc34153174657a9842f413f9b0702c934307119c96dfbe08fdeddcb14199da07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
471B

MD5
2eac94298f927b399d52f5180a6b1bb8

SHA1
4eea9221337a02889064dfa1a79b17037043eee8

SHA256
d683738c25f5d44d35c2458c7893dc5b6a98861158fc40493ce3621eeb172a27

SHA512
bff893fda0d49d0127a7a0f852d2ae8f99f232731c36b3049c48b3914e7da444b5e427aa551f1d9fdf2def6138a040b5e58c3c338af87e52d2afdf6a98e017cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D7833C286363AD25C70511661A83D581_C8F25AE27487A9B785CB8B5A011F38CA

Filesize
509B

MD5
37b47cbd77b7e7e86d4d6a606288321a

SHA1
d076027c1d7a43dae97ee70bd93411c202a1264f

SHA256
2c6eaeaf516184934ead3e84d2c9647ed48a97a04e50807d461ada2b42c7a450

SHA512
583e985821944db31d9112b8504c6f76aed426d79a9a578f1ab2fe4882869f38c4271961cbdf0af6f7dc1b01bc8bca7621944065afcb44e928066722f6ae10af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17

Filesize
402B

MD5
96f94789e758f867157bd190cf4b422e

SHA1
887151e3765bb5d48ab4fd83e5c4d0a37e026f3c

SHA256
70d073fb6cadf666cde8b717422a1daeb179d0681efea9c04340bf17c6caf7cc

SHA512
77679a73288d26be06ebe5a95aab5a15542fa8ac66bd39dd82c9e708daad2c489f8087d4278a2593f83c6542b90cfd7e4d868f8862b0cd7caf9cc673e6a3c862

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
396B

MD5
82de425d42472adba7b7e4a1dcc705fa

SHA1
c2e374092c400e5e28cbd231054eef29e03adc47

SHA256
14d501b34deb4289616c55597a3c974c164605160249e2791f3f3d38424fb755

SHA512
8e543146791d03513251500e231e60bb3cc515f1e2a9299460fa7a4b5a0e982103b205aff5eac0d86f9085ff55cfaa9c04151d9becbccdab03f4195f8ec639dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D7833C286363AD25C70511661A83D581_C8F25AE27487A9B785CB8B5A011F38CA

Filesize
394B

MD5
c9d6f0ae5a98411c5c4bd04be47b1f0d

SHA1
d2477442a6e33da860d5600f074f898ed6682d34

SHA256
b7065a130fe7a2e9c584a8cb2471876acb832d97132b0fed6ba6bc33c01598bd

SHA512
c767890e34f405be98aeb86a1f83da6bafbdb05c12e5d8ee45a6ea4e724783511d267dbeb9a2419f3726f5a2317b59d0fb006abf490b590da421b5ebe52ca4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FileViewPro.exe.log

Filesize
1KB

MD5
2b22a24fdde1444a53a00d7145b910b0

SHA1
54562bd24ddf9f52533c8f028976dda1f6786caa

SHA256
389fb85c429b18e8c3b14df33147f1f0670d0a060207f3a291561c879c8fbbb5

SHA512
8501ddba57a463b9bc2f2a50f4badd4dd570dbf6912ba0be6b29b79b9ae02d7776e0499de4334447af8de6f8853f9826c549f2fcff6a163e7a66da8ec4285f3f

Download Submit
C:\Users\Admin\AppData\Local\Solvusoft_Corporation\FileViewPro.exe_Url_dnaugtvmzfhczvych303evrzkmck3wnr\1.9.8.19\user.config

Filesize
1KB

MD5
07f0cf7e59e9a356ce1b2a0e9ffebcd6

SHA1
13f236ef0c2e1cf7e59fff0eb77a17631d429dd7

SHA256
24bfdf20d5640dcb83eb6cc73828b04a1c0c2b82c938e1673fb2816583f362bf

SHA512
8173f57fcbccff2a79af574152c304901eda164970b6ebc133ed659e851fe3ba74a779adbcebb038f1133614006b4a06d44dfcf469cdbb3d9d7902dc068bca82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JH94J.tmp\FileViewPro-S-1.9.8.19.tmp

Filesize
1.1MB

MD5
1a81372fd72743199f885cfed00c8e34

SHA1
7bb1a83593d07b3833c58150a0a678fc5898aca2

SHA256
fa6030367c0645fe9856ab1b75910c94e4ef32fdcede0ccd2805c6b2cef5f5ab

SHA512
ec79c5efaf4ff5288cca4c9ab7ddc962f17e6b1d92a8b63463ee0fbad889229eae5f3af3af831f209bc8a322a73cafa783d7aef698663bbe288bdda6cd3e5c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JH94J.tmp\FileViewPro-S-1.9.8.19.tmp

Filesize
1.1MB

MD5
1a81372fd72743199f885cfed00c8e34

SHA1
7bb1a83593d07b3833c58150a0a678fc5898aca2

SHA256
fa6030367c0645fe9856ab1b75910c94e4ef32fdcede0ccd2805c6b2cef5f5ab

SHA512
ec79c5efaf4ff5288cca4c9ab7ddc962f17e6b1d92a8b63463ee0fbad889229eae5f3af3af831f209bc8a322a73cafa783d7aef698663bbe288bdda6cd3e5c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7FB8774D-C199-4B9A-966D-3B6FE8DD8EFA}\FileViewPro-S-1.9.8.19.exe

Filesize
58.1MB

MD5
35bc3d926698c1f580603e7a5c4b0cc6

SHA1
7aaacafbf325c08b4ef577994505fbf0cce87fc6

SHA256
b3a64b2c2d3292de9a9e9f590bf3ce04aecc8483af8f181f57aee1dad375e1be

SHA512
1e77629bba2eda9c4b7d0701785561c2326953b924984d08db177d02ef3f4e752ed1f37005e63aaa1b327db9294c076aa0447ed71c974da4410f4bee10872652

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7FB8774D-C199-4B9A-966D-3B6FE8DD8EFA}\FileViewPro-S-1.9.8.19.exe

Filesize
58.1MB

MD5
35bc3d926698c1f580603e7a5c4b0cc6

SHA1
7aaacafbf325c08b4ef577994505fbf0cce87fc6

SHA256
b3a64b2c2d3292de9a9e9f590bf3ce04aecc8483af8f181f57aee1dad375e1be

SHA512
1e77629bba2eda9c4b7d0701785561c2326953b924984d08db177d02ef3f4e752ed1f37005e63aaa1b327db9294c076aa0447ed71c974da4410f4bee10872652

Download Submit
C:\Users\Admin\AppData\Roaming\IsolatedStorage\Publisher.hobc41kkywtcc0rbz1btlitztrczryui\identity.dat

Filesize
1KB

MD5
05c9f19b4efe1e17616a590bf7ba78b4

SHA1
0b6af11405461794316cca1ba03f04e48368856a

SHA256
2065f492126f161ac0583f22dd1b72240bbee3d763d6a9e0d1eb365b8d9c9ff1

SHA512
e96f2b0c106dcc948225e34c867a23b8f2ec503cd9711a2a6cb4e90cedde8630530147fa4326044d19d9fe95ff45215edc29f2e72b5a6ac93dbc7da839819fb3

Download Submit
\Program Files\FileViewPro\DevExpress.Data.v18.1.dll

Filesize
6.4MB

MD5
75e4c5f9581ef853d787961cf4f8830f

SHA1
04615d07cd402692f5c1a35474fc9ae01a1cb3cb

SHA256
a12b4168dcd3692fb8a68382c3d9413351c9d2c543b2d2061064de7994787209

SHA512
02efcef0a7250db93322c2c241a0f120985a730479517793fa8cbce8f0bfed3103bb2a22bde751b8fd333a89e6f85ffd3ebad821d1155d9d82c5f681f213a12b

Download Submit
\Program Files\FileViewPro\DevExpress.Data.v18.1.dll

Filesize
6.4MB

MD5
75e4c5f9581ef853d787961cf4f8830f

SHA1
04615d07cd402692f5c1a35474fc9ae01a1cb3cb

SHA256
a12b4168dcd3692fb8a68382c3d9413351c9d2c543b2d2061064de7994787209

SHA512
02efcef0a7250db93322c2c241a0f120985a730479517793fa8cbce8f0bfed3103bb2a22bde751b8fd333a89e6f85ffd3ebad821d1155d9d82c5f681f213a12b

Download Submit
\Program Files\FileViewPro\DevExpress.Data.v18.1.dll

Filesize
6.4MB

MD5
75e4c5f9581ef853d787961cf4f8830f

SHA1
04615d07cd402692f5c1a35474fc9ae01a1cb3cb

SHA256
a12b4168dcd3692fb8a68382c3d9413351c9d2c543b2d2061064de7994787209

SHA512
02efcef0a7250db93322c2c241a0f120985a730479517793fa8cbce8f0bfed3103bb2a22bde751b8fd333a89e6f85ffd3ebad821d1155d9d82c5f681f213a12b

Download Submit
\Program Files\FileViewPro\DevExpress.Data.v18.1.dll

Filesize
6.4MB

MD5
75e4c5f9581ef853d787961cf4f8830f

SHA1
04615d07cd402692f5c1a35474fc9ae01a1cb3cb

SHA256
a12b4168dcd3692fb8a68382c3d9413351c9d2c543b2d2061064de7994787209

SHA512
02efcef0a7250db93322c2c241a0f120985a730479517793fa8cbce8f0bfed3103bb2a22bde751b8fd333a89e6f85ffd3ebad821d1155d9d82c5f681f213a12b

Download Submit
\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll

Filesize
12.4MB

MD5
c5420b084a69cc5783d15bd9ee77d707

SHA1
ed47a4da79ce18af598a416633f4b9d9a032464e

SHA256
1a610b808c07247c0662b829fa703c5068f361194c301594b9594f414e0ebe84

SHA512
53994e509c56ac9435bcd06dc1341b589dc168ed5df2ebe13d2ca43cd50278e898768b1b5b65596542831b68d922612d3896c74d4dae8da829f5f0512905cb4e

Download Submit
\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll

Filesize
12.4MB

MD5
c5420b084a69cc5783d15bd9ee77d707

SHA1
ed47a4da79ce18af598a416633f4b9d9a032464e

SHA256
1a610b808c07247c0662b829fa703c5068f361194c301594b9594f414e0ebe84

SHA512
53994e509c56ac9435bcd06dc1341b589dc168ed5df2ebe13d2ca43cd50278e898768b1b5b65596542831b68d922612d3896c74d4dae8da829f5f0512905cb4e

Download Submit
\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll

Filesize
12.4MB

MD5
c5420b084a69cc5783d15bd9ee77d707

SHA1
ed47a4da79ce18af598a416633f4b9d9a032464e

SHA256
1a610b808c07247c0662b829fa703c5068f361194c301594b9594f414e0ebe84

SHA512
53994e509c56ac9435bcd06dc1341b589dc168ed5df2ebe13d2ca43cd50278e898768b1b5b65596542831b68d922612d3896c74d4dae8da829f5f0512905cb4e

Download Submit
\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll

Filesize
12.4MB

MD5
c5420b084a69cc5783d15bd9ee77d707

SHA1
ed47a4da79ce18af598a416633f4b9d9a032464e

SHA256
1a610b808c07247c0662b829fa703c5068f361194c301594b9594f414e0ebe84

SHA512
53994e509c56ac9435bcd06dc1341b589dc168ed5df2ebe13d2ca43cd50278e898768b1b5b65596542831b68d922612d3896c74d4dae8da829f5f0512905cb4e

Download Submit
\Program Files\FileViewPro\DevExpress.XtraBars.v18.1.dll

Filesize
6.1MB

MD5
70a4157ef8f50295748d78280d94b7b2

SHA1
e35b16bd2b77fab0d0156200070e642735ccbc2b

SHA256
eff8c03d4427b3eea68364f56cbd009fd1c1f4512bda3392cc8c80a8085eff63

SHA512
4b41715adc3bd9a3397c5b7223a2cfbdca52111f15c22ed6158179d3a2c4f91747fc9a875b3ec7cee061bb2cb4863c6676fad39886ba7214d6b8cd572088b437

Download Submit
\Program Files\FileViewPro\DevExpress.XtraBars.v18.1.dll

Filesize
6.1MB

MD5
70a4157ef8f50295748d78280d94b7b2

SHA1
e35b16bd2b77fab0d0156200070e642735ccbc2b

SHA256
eff8c03d4427b3eea68364f56cbd009fd1c1f4512bda3392cc8c80a8085eff63

SHA512
4b41715adc3bd9a3397c5b7223a2cfbdca52111f15c22ed6158179d3a2c4f91747fc9a875b3ec7cee061bb2cb4863c6676fad39886ba7214d6b8cd572088b437

Download Submit
\Program Files\FileViewPro\DevExpress.XtraEditors.v18.1.dll

Filesize
6.0MB

MD5
8c0d9ba800cffbabac77b2c320ab169d

SHA1
f28285a8b9b8a5086b5024a4352973019f689590

SHA256
7cd141c2fdc9dbaf634a02b51cc3740d98af3b21b694a444f5430a35a46b13f1

SHA512
52e29c064195b2eda58659aa3482c111f37b901e6053b764cbf1af4e498a14deefa7a74af069ae91446e71a6d8381b89a1f5ff178f2ac8bc1bb9cd04eb77b123

Download Submit
\Program Files\FileViewPro\DevExpress.XtraEditors.v18.1.dll

Filesize
6.0MB

MD5
8c0d9ba800cffbabac77b2c320ab169d

SHA1
f28285a8b9b8a5086b5024a4352973019f689590

SHA256
7cd141c2fdc9dbaf634a02b51cc3740d98af3b21b694a444f5430a35a46b13f1

SHA512
52e29c064195b2eda58659aa3482c111f37b901e6053b764cbf1af4e498a14deefa7a74af069ae91446e71a6d8381b89a1f5ff178f2ac8bc1bb9cd04eb77b123

Download Submit
\Program Files\FileViewPro\IsLicense50.dll

Filesize
2.2MB

MD5
9c8e427d0fa333c78aa7dfa45a77ea28

SHA1
434e78a8d45ed5572fb554dda5d5e5796b00ce81

SHA256
692b75ceccf8f7c4fa4fce7cf26af25a15e22d8964ffc30dc2b97428a12c2117

SHA512
a91deee8b3d30b7e9fa402c9c5530e4be44d695c9892a727e364698b685d83f30c081fd95cffa01aa5d9576e691d5c91ef0ae70c2e5f8d160cbfbcdbe0b7ef39

Download Submit
\Program Files\FileViewPro\IsLicense50.dll

Filesize
2.2MB

MD5
9c8e427d0fa333c78aa7dfa45a77ea28

SHA1
434e78a8d45ed5572fb554dda5d5e5796b00ce81

SHA256
692b75ceccf8f7c4fa4fce7cf26af25a15e22d8964ffc30dc2b97428a12c2117

SHA512
a91deee8b3d30b7e9fa402c9c5530e4be44d695c9892a727e364698b685d83f30c081fd95cffa01aa5d9576e691d5c91ef0ae70c2e5f8d160cbfbcdbe0b7ef39

Download Submit
\Program Files\FileViewPro\QlmLicenseLib.dll

Filesize
530KB

MD5
630a267b01b169a4c1a26c0db188d205

SHA1
8cc73e203bafec1d054408feb3b66154194750cd

SHA256
65d9ca2ff2d46c4a46d97cc84dd313771a743eb83baeb7acc1172ff96e5d6fe5

SHA512
0aefbad11dfef128bd8975ed48afe57e81d1239368afb0a824d5d3c3e230665dc073fa31363522c6f35b97313f87acb251867998e504dcf3f6e7921f57562d43

Download Submit
\Program Files\FileViewPro\QlmLicenseLib.dll

Filesize
530KB

MD5
630a267b01b169a4c1a26c0db188d205

SHA1
8cc73e203bafec1d054408feb3b66154194750cd

SHA256
65d9ca2ff2d46c4a46d97cc84dd313771a743eb83baeb7acc1172ff96e5d6fe5

SHA512
0aefbad11dfef128bd8975ed48afe57e81d1239368afb0a824d5d3c3e230665dc073fa31363522c6f35b97313f87acb251867998e504dcf3f6e7921f57562d43

Download Submit
\Program Files\FileViewPro\QlmLicenseLib.dll

Filesize
530KB

MD5
630a267b01b169a4c1a26c0db188d205

SHA1
8cc73e203bafec1d054408feb3b66154194750cd

SHA256
65d9ca2ff2d46c4a46d97cc84dd313771a743eb83baeb7acc1172ff96e5d6fe5

SHA512
0aefbad11dfef128bd8975ed48afe57e81d1239368afb0a824d5d3c3e230665dc073fa31363522c6f35b97313f87acb251867998e504dcf3f6e7921f57562d43

Download Submit
\Program Files\FileViewPro\QlmLicenseLib.dll

Filesize
530KB

MD5
630a267b01b169a4c1a26c0db188d205

SHA1
8cc73e203bafec1d054408feb3b66154194750cd

SHA256
65d9ca2ff2d46c4a46d97cc84dd313771a743eb83baeb7acc1172ff96e5d6fe5

SHA512
0aefbad11dfef128bd8975ed48afe57e81d1239368afb0a824d5d3c3e230665dc073fa31363522c6f35b97313f87acb251867998e504dcf3f6e7921f57562d43

Download Submit
\Program Files\FileViewPro\SolvuSoft.Common.dll

Filesize
353KB

MD5
591d7493dbefa4672affb597a76ebac6

SHA1
d0f6c5e2c16762e2087a1ed819f06e81f3e63f8b

SHA256
1223ed8b58295103739b0f7f87b3e4c5457157d659d750a4661433b2fd26559d

SHA512
e8a5b17f89df68bcaf8a35588e9a1211cb7a3ce2411efb8c8b7956a82ccb6fad0569c96b27fd970c001ab58880aecd4809527e49561e0976537f5f2970fcdcac

Download Submit
\Program Files\FileViewPro\SolvuSoft.Common.dll

Filesize
353KB

MD5
591d7493dbefa4672affb597a76ebac6

SHA1
d0f6c5e2c16762e2087a1ed819f06e81f3e63f8b

SHA256
1223ed8b58295103739b0f7f87b3e4c5457157d659d750a4661433b2fd26559d

SHA512
e8a5b17f89df68bcaf8a35588e9a1211cb7a3ce2411efb8c8b7956a82ccb6fad0569c96b27fd970c001ab58880aecd4809527e49561e0976537f5f2970fcdcac

Download Submit
\Program Files\FileViewPro\SolvuSoft.Licensing.dll

Filesize
285KB

MD5
108e1bbee5db920dd019789324d04525

SHA1
5b8cc4e37e0a20e5263c98dbb132cad91301ee2e

SHA256
699a68bb79b9ea11a5a1857991fd1ea610335f91ee47c7a6adcad3880690ea5e

SHA512
c047557ddce8cae833f1cc293a0aea553cead4e30a62f2952ddfeb2c5c12b072e1a817d9493749aef2ea8dcfa504f06fe2efdfd3906b58a0752a1d61e4f2bbfa

Download Submit
\Program Files\FileViewPro\SolvuSoft.Licensing.dll

Filesize
285KB

MD5
108e1bbee5db920dd019789324d04525

SHA1
5b8cc4e37e0a20e5263c98dbb132cad91301ee2e

SHA256
699a68bb79b9ea11a5a1857991fd1ea610335f91ee47c7a6adcad3880690ea5e

SHA512
c047557ddce8cae833f1cc293a0aea553cead4e30a62f2952ddfeb2c5c12b072e1a817d9493749aef2ea8dcfa504f06fe2efdfd3906b58a0752a1d61e4f2bbfa

Download Submit
\Program Files\FileViewPro\SolvuSoft.Licensing.dll

Filesize
285KB

MD5
108e1bbee5db920dd019789324d04525

SHA1
5b8cc4e37e0a20e5263c98dbb132cad91301ee2e

SHA256
699a68bb79b9ea11a5a1857991fd1ea610335f91ee47c7a6adcad3880690ea5e

SHA512
c047557ddce8cae833f1cc293a0aea553cead4e30a62f2952ddfeb2c5c12b072e1a817d9493749aef2ea8dcfa504f06fe2efdfd3906b58a0752a1d61e4f2bbfa

Download Submit
\Program Files\FileViewPro\SolvuSoft.Licensing.dll

Filesize
285KB

MD5
108e1bbee5db920dd019789324d04525

SHA1
5b8cc4e37e0a20e5263c98dbb132cad91301ee2e

SHA256
699a68bb79b9ea11a5a1857991fd1ea610335f91ee47c7a6adcad3880690ea5e

SHA512
c047557ddce8cae833f1cc293a0aea553cead4e30a62f2952ddfeb2c5c12b072e1a817d9493749aef2ea8dcfa504f06fe2efdfd3906b58a0752a1d61e4f2bbfa

Download Submit
\Program Files\FileViewPro\SolvuSoft.Localization.dll

Filesize
86KB

MD5
a1351945aa9ce65e2a3ed1e9b3963c3f

SHA1
5717a5d37e3be5bfd34dbc54a3a8cd273bf76ccc

SHA256
995b85c5d78a9b49e89c8293e3f56ed524f778e40113667fbdaa18a7178f557f

SHA512
811750775c6786414217e64e0d1a81cec7c80c85f3553ce818a25331991082d1c5b4eb98fc6ea49566bcafd80c3286b857f8b9992b7c33ebb6a84e7d015441a5

Download Submit
\Program Files\FileViewPro\SolvuSoft.Localization.dll

Filesize
86KB

MD5
a1351945aa9ce65e2a3ed1e9b3963c3f

SHA1
5717a5d37e3be5bfd34dbc54a3a8cd273bf76ccc

SHA256
995b85c5d78a9b49e89c8293e3f56ed524f778e40113667fbdaa18a7178f557f

SHA512
811750775c6786414217e64e0d1a81cec7c80c85f3553ce818a25331991082d1c5b4eb98fc6ea49566bcafd80c3286b857f8b9992b7c33ebb6a84e7d015441a5

Download Submit
\Program Files\FileViewPro\SolvuSoft.Localization.dll

Filesize
86KB

MD5
a1351945aa9ce65e2a3ed1e9b3963c3f

SHA1
5717a5d37e3be5bfd34dbc54a3a8cd273bf76ccc

SHA256
995b85c5d78a9b49e89c8293e3f56ed524f778e40113667fbdaa18a7178f557f

SHA512
811750775c6786414217e64e0d1a81cec7c80c85f3553ce818a25331991082d1c5b4eb98fc6ea49566bcafd80c3286b857f8b9992b7c33ebb6a84e7d015441a5

Download Submit
\Program Files\FileViewPro\SolvuSoft.Localization.dll

Filesize
86KB

MD5
a1351945aa9ce65e2a3ed1e9b3963c3f

SHA1
5717a5d37e3be5bfd34dbc54a3a8cd273bf76ccc

SHA256
995b85c5d78a9b49e89c8293e3f56ed524f778e40113667fbdaa18a7178f557f

SHA512
811750775c6786414217e64e0d1a81cec7c80c85f3553ce818a25331991082d1c5b4eb98fc6ea49566bcafd80c3286b857f8b9992b7c33ebb6a84e7d015441a5

Download Submit
\Program Files\FileViewPro\SolvuSoft.Resources.dll

Filesize
101KB

MD5
08323903653f49087bfdc722668c203b

SHA1
cfd75889809a5861cc98be40524c0e64411ae7f1

SHA256
d9b298df75e88695673ad583966f6629378c8fd3007ed87d122cfb2ea4967dc9

SHA512
21bc8e3799994eb1d5b53905b29fd5c4dcd4a3d1378032ec40f0ff7c083cef61ad879c10d0e76bbf55ff4047fd6e8292a2a26823283230f72220b00c1bb78065

Download Submit
\Program Files\FileViewPro\SolvuSoft.Resources.dll

Filesize
101KB

MD5
08323903653f49087bfdc722668c203b

SHA1
cfd75889809a5861cc98be40524c0e64411ae7f1

SHA256
d9b298df75e88695673ad583966f6629378c8fd3007ed87d122cfb2ea4967dc9

SHA512
21bc8e3799994eb1d5b53905b29fd5c4dcd4a3d1378032ec40f0ff7c083cef61ad879c10d0e76bbf55ff4047fd6e8292a2a26823283230f72220b00c1bb78065

Download Submit
\Program Files\FileViewPro\SolvuSoft.Resources.dll

Filesize
101KB

MD5
08323903653f49087bfdc722668c203b

SHA1
cfd75889809a5861cc98be40524c0e64411ae7f1

SHA256
d9b298df75e88695673ad583966f6629378c8fd3007ed87d122cfb2ea4967dc9

SHA512
21bc8e3799994eb1d5b53905b29fd5c4dcd4a3d1378032ec40f0ff7c083cef61ad879c10d0e76bbf55ff4047fd6e8292a2a26823283230f72220b00c1bb78065

Download Submit
\Program Files\FileViewPro\SolvuSoft.Resources.dll

Filesize
101KB

MD5
08323903653f49087bfdc722668c203b

SHA1
cfd75889809a5861cc98be40524c0e64411ae7f1

SHA256
d9b298df75e88695673ad583966f6629378c8fd3007ed87d122cfb2ea4967dc9

SHA512
21bc8e3799994eb1d5b53905b29fd5c4dcd4a3d1378032ec40f0ff7c083cef61ad879c10d0e76bbf55ff4047fd6e8292a2a26823283230f72220b00c1bb78065

Download Submit
\Users\Admin\AppData\Local\Temp\is-MKQ7I.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
memory/2360-519-0x00000000084F0000-0x000000000851E000-memory.dmp

Filesize
184KB

Download
memory/2360-494-0x0000000006000000-0x000000000600A000-memory.dmp

Filesize
40KB

Download
memory/2360-457-0x0000000005B20000-0x0000000005B40000-memory.dmp

Filesize
128KB

Download
memory/2360-516-0x0000000007BA0000-0x0000000007BBC000-memory.dmp

Filesize
112KB

Download
memory/2360-517-0x00000000077C0000-0x00000000077C6000-memory.dmp

Filesize
24KB

Download
memory/2360-493-0x0000000006050000-0x00000000060A0000-memory.dmp

Filesize
320KB

Download
memory/2360-443-0x0000000005650000-0x00000000056A6000-memory.dmp

Filesize
344KB

Download
memory/2360-518-0x00000000077E0000-0x00000000077E6000-memory.dmp

Filesize
24KB

Download
memory/2360-503-0x0000000007BC0000-0x0000000007C8E000-memory.dmp

Filesize
824KB

Download
memory/2360-502-0x0000000007A60000-0x0000000007AEA000-memory.dmp

Filesize
552KB

Download
memory/2360-442-0x0000000005460000-0x000000000546A000-memory.dmp

Filesize
40KB

Download
memory/2360-361-0x0000000000000000-mapping.dmp

Download
memory/2360-520-0x0000000008560000-0x0000000008598000-memory.dmp

Filesize
224KB

Download
memory/2360-447-0x0000000006580000-0x00000000071F2000-memory.dmp

Filesize
12.4MB

Download
memory/2360-426-0x00000000054F0000-0x0000000005582000-memory.dmp

Filesize
584KB

Download
memory/2360-452-0x00000000087D0000-0x0000000008E32000-memory.dmp

Filesize
6.4MB

Download
memory/2360-415-0x0000000000A20000-0x0000000000ADE000-memory.dmp

Filesize
760KB

Download
memory/2360-422-0x0000000002DB0000-0x0000000002E08000-memory.dmp

Filesize
352KB

Download
memory/2360-423-0x0000000009A70000-0x0000000009B0C000-memory.dmp

Filesize
624KB

Download
memory/2360-424-0x000000000A010000-0x000000000A50E000-memory.dmp

Filesize
5.0MB

Download
memory/2580-393-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2580-334-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2580-262-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2580-226-0x0000000000000000-mapping.dmp

Download
memory/3868-267-0x0000000000000000-mapping.dmp

Download
memory/3908-157-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-147-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-180-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-179-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-178-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-177-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-176-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-173-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-175-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-174-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-172-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-171-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-170-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-169-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-168-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-167-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-166-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-165-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-164-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-163-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-162-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-161-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-160-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-159-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-158-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-118-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-156-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-155-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-154-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-153-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-152-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-151-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-150-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-149-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-148-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-181-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-146-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-145-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-144-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-143-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-142-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-141-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-140-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-139-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-138-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-136-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-137-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-135-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-134-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-133-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-132-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-131-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-130-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-129-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-128-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-126-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-127-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-125-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-119-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-120-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-124-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-123-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-122-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/3908-121-0x0000000077930000-0x0000000077ABE000-memory.dmp

Filesize
1.6MB

Download
memory/4172-698-0x00000000073F0000-0x000000000744E000-memory.dmp

Filesize
376KB

Download
memory/4172-583-0x0000000000000000-mapping.dmp

Download
memory/4172-702-0x0000000007B10000-0x0000000008134000-memory.dmp

Filesize
6.1MB

Download
memory/4172-706-0x000000000A750000-0x000000000AD54000-memory.dmp

Filesize
6.0MB

Download
memory/4172-707-0x0000000007800000-0x0000000007820000-memory.dmp

Filesize
128KB

Download
memory/4172-714-0x0000000008140000-0x000000000814C000-memory.dmp

Filesize
48KB

Download
memory/4856-527-0x0000000000000000-mapping.dmp

Download