532a7d66259842f4a710ea7bc6dc48547de371bb69fc842f53934876e787efb8

Analysis

max time kernel
158s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-03-2023 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_FileViewPro_2022.exe
Size

1.3MB
MD5

5cb079f8ec885592c5538dbe0362d593
SHA1

a5702ea5dfd73c619ad2625e645b93e0a39b1451
SHA256

532a7d66259842f4a710ea7bc6dc48547de371bb69fc842f53934876e787efb8
SHA512

8787a51f3e7eacfd5f507abdfacd58aef34a704d01f84c05ec8074cb77318d3b14223ff2ca3da399633ef82d3529266bcf3bb174bf746450697117915641fb90
SSDEEP

24576:Ch6SVFzDl6eZmL4v9IoYOlrQ14T1+G05hKwzlXX8l8whkwBY2/+WLHkOU:q6UXtvDz85hK8XM8rcY/OU

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Setup_FileViewPro_2022.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Setup_FileViewPro_2022.exe

Executes dropped EXE 3 IoCs

Processes:

FileViewPro-S-1.9.8.19.exeFileViewPro-S-1.9.8.19.tmpFileViewPro.exe

pid process

3628 FileViewPro-S-1.9.8.19.exe
752 FileViewPro-S-1.9.8.19.tmp
4228 FileViewPro.exe

pid	process
3628	FileViewPro-S-1.9.8.19.exe
752	FileViewPro-S-1.9.8.19.tmp
4228	FileViewPro.exe

Loads dropped DLL 16 IoCs

Processes:

FileViewPro-S-1.9.8.19.tmpFileViewPro.exe

pid	process
752	FileViewPro-S-1.9.8.19.tmp
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe
4228	FileViewPro.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files\FileViewPro\Wps\wps2html.exe	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

FileViewPro-S-1.9.8.19.tmpsetup.exe

description	ioc	process
File created	C:\Program Files\FileViewPro\is-D40K7.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-JHNRG.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-S5O24.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-0S2AI.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-PV127.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-LM84N.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-9LILB.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\contrib\suggest\browser\is-EQ345.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-M1O7V.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-6K69E.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.RichEdit.v18.1.Export.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-VDG64.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-6BL2S.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-6BD2C.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.RichEdit.v18.1.Core.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-OR2RA.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\is-HMO4C.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-0S9L3.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.XtraPrinting.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\swscale-0.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-CRCT7.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-CMPC6.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\ImageView.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-QKHMU.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-1TFGE.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-BIPCR.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-UOHTU.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4abfa947-bb5c-478c-96eb-4bbb66049f38.tmp	setup.exe
File created	C:\Program Files\FileViewPro\is-OKDKP.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\PaintDotNet.Data.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-AMIM7.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-S3SRQ.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-U6818.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Licensing.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-VJB3K.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-QVBVQ.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-QG7QA.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-S3TLM.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\unins000.msg	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-4TOJ6.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-AOQC9.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\language\typescript\src\is-7AFLB.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-5H34H.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.BonusSkins.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\Word.Resources.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-9BKVI.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-UUMAL.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.XtraCharts.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\ICSharpCode.SharpZipLib.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\PaintDotNet.Effects.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-V73Q2.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-A1RT0.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-381C3.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.Printing.v18.1.Core.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\TorrentParser.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-9RB0S.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-AGPE3.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\language\typescript\lib\is-HM97B.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-1HE7U.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-7QBQE.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-46MDB.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Views.Document.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\language\json\is-HI6FL.tmp	FileViewPro-S-1.9.8.19.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

FileViewPro.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FileViewPro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	FileViewPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	FileViewPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	FileViewPro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FileViewPro.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

FileViewPro-S-1.9.8.19.tmpmsedge.exemsedge.exeidentity_helper.exe

pid	process
752	FileViewPro-S-1.9.8.19.tmp
752	FileViewPro-S-1.9.8.19.tmp
1628	msedge.exe
1628	msedge.exe
2232	msedge.exe
2232	msedge.exe
4824	identity_helper.exe
4824	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

2232 msedge.exe
2232 msedge.exe
2232 msedge.exe
2232 msedge.exe
2232 msedge.exe
2232 msedge.exe
2232 msedge.exe
2232 msedge.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

FileViewPro-S-1.9.8.19.tmpmsedge.exe

pid process

752 FileViewPro-S-1.9.8.19.tmp
2232 msedge.exe
2232 msedge.exe
2232 msedge.exe

pid	process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

Setup_FileViewPro_2022.exe

pid	process
3208	Setup_FileViewPro_2022.exe
3208	Setup_FileViewPro_2022.exe
3208	Setup_FileViewPro_2022.exe
3208	Setup_FileViewPro_2022.exe
3208	Setup_FileViewPro_2022.exe
3208	Setup_FileViewPro_2022.exe
3208	Setup_FileViewPro_2022.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Setup_FileViewPro_2022.exeFileViewPro-S-1.9.8.19.exeFileViewPro-S-1.9.8.19.tmpmsedge.exe

description	pid	process	target process
PID 3208 wrote to memory of 3628	3208	Setup_FileViewPro_2022.exe	FileViewPro-S-1.9.8.19.exe
PID 3208 wrote to memory of 3628	3208	Setup_FileViewPro_2022.exe	FileViewPro-S-1.9.8.19.exe
PID 3208 wrote to memory of 3628	3208	Setup_FileViewPro_2022.exe	FileViewPro-S-1.9.8.19.exe
PID 3628 wrote to memory of 752	3628	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 3628 wrote to memory of 752	3628	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 3628 wrote to memory of 752	3628	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 752 wrote to memory of 2232	752	FileViewPro-S-1.9.8.19.tmp	msedge.exe
PID 752 wrote to memory of 2232	752	FileViewPro-S-1.9.8.19.tmp	msedge.exe
PID 752 wrote to memory of 4228	752	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 752 wrote to memory of 4228	752	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 752 wrote to memory of 4228	752	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 2232 wrote to memory of 4280	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 4280	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1824	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1628	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 1628	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 3108	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 3108	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 3108	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 3108	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 3108	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 3108	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 3108	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 3108	2232	msedge.exe	msedge.exe
PID 2232 wrote to memory of 3108	2232	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Setup_FileViewPro_2022.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_FileViewPro_2022.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3208

C:\Users\Admin\AppData\Local\Temp\{57812B4A-9CE6-4F6F-B42C-3C6BB8D412FC}\FileViewPro-S-1.9.8.19.exe
"C:\Users\Admin\AppData\Local\Temp\{57812B4A-9CE6-4F6F-B42C-3C6BB8D412FC}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG en-us
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3628

C:\Users\Admin\AppData\Local\Temp\is-R3ODS.tmp\FileViewPro-S-1.9.8.19.tmp
"C:\Users\Admin\AppData\Local\Temp\is-R3ODS.tmp\FileViewPro-S-1.9.8.19.tmp" /SL5="$301E4,60311066,131584,C:\Users\Admin\AppData\Local\Temp\{57812B4A-9CE6-4F6F-B42C-3C6BB8D412FC}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG en-us
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.solvusoft.com/en-us/fileviewpro/install/?utm_source=fileviewpro&utm_campaign=version_1.9.8.19_06042019&utm_medium=bundle-winthruster
4⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7cb946f8,0x7ffe7cb94708,0x7ffe7cb94718
5⤵
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
5⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
5⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
5⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
5⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
5⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
5⤵
PID:1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
5⤵
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
5⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
5⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
5⤵
- Drops file in Program Files directory
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x130,0x10c,0x140,0x110,0x7ff741ab5460,0x7ff741ab5470,0x7ff741ab5480
6⤵
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
5⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13565479622559368894,2190261713948624172,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
5⤵
PID:4584

C:\Program Files\FileViewPro\FileViewPro.exe
"C:\Program Files\FileViewPro\FileViewPro.exe" /restartWithNoAdminRights lang=en-us
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\FileViewPro\DevExpress.Data.v18.1.dll

Filesize
6.4MB

MD5
75e4c5f9581ef853d787961cf4f8830f

SHA1
04615d07cd402692f5c1a35474fc9ae01a1cb3cb

SHA256
a12b4168dcd3692fb8a68382c3d9413351c9d2c543b2d2061064de7994787209

SHA512
02efcef0a7250db93322c2c241a0f120985a730479517793fa8cbce8f0bfed3103bb2a22bde751b8fd333a89e6f85ffd3ebad821d1155d9d82c5f681f213a12b

Download Submit
C:\Program Files\FileViewPro\DevExpress.Data.v18.1.dll

Filesize
6.4MB

MD5
75e4c5f9581ef853d787961cf4f8830f

SHA1
04615d07cd402692f5c1a35474fc9ae01a1cb3cb

SHA256
a12b4168dcd3692fb8a68382c3d9413351c9d2c543b2d2061064de7994787209

SHA512
02efcef0a7250db93322c2c241a0f120985a730479517793fa8cbce8f0bfed3103bb2a22bde751b8fd333a89e6f85ffd3ebad821d1155d9d82c5f681f213a12b

Download Submit
C:\Program Files\FileViewPro\DevExpress.Data.v18.1.dll

Filesize
6.4MB

MD5
75e4c5f9581ef853d787961cf4f8830f

SHA1
04615d07cd402692f5c1a35474fc9ae01a1cb3cb

SHA256
a12b4168dcd3692fb8a68382c3d9413351c9d2c543b2d2061064de7994787209

SHA512
02efcef0a7250db93322c2c241a0f120985a730479517793fa8cbce8f0bfed3103bb2a22bde751b8fd333a89e6f85ffd3ebad821d1155d9d82c5f681f213a12b

Download Submit
C:\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll

Filesize
12.4MB

MD5
c5420b084a69cc5783d15bd9ee77d707

SHA1
ed47a4da79ce18af598a416633f4b9d9a032464e

SHA256
1a610b808c07247c0662b829fa703c5068f361194c301594b9594f414e0ebe84

SHA512
53994e509c56ac9435bcd06dc1341b589dc168ed5df2ebe13d2ca43cd50278e898768b1b5b65596542831b68d922612d3896c74d4dae8da829f5f0512905cb4e

Download Submit
C:\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll

Filesize
12.4MB

MD5
c5420b084a69cc5783d15bd9ee77d707

SHA1
ed47a4da79ce18af598a416633f4b9d9a032464e

SHA256
1a610b808c07247c0662b829fa703c5068f361194c301594b9594f414e0ebe84

SHA512
53994e509c56ac9435bcd06dc1341b589dc168ed5df2ebe13d2ca43cd50278e898768b1b5b65596542831b68d922612d3896c74d4dae8da829f5f0512905cb4e

Download Submit
C:\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll

Filesize
12.4MB

MD5
c5420b084a69cc5783d15bd9ee77d707

SHA1
ed47a4da79ce18af598a416633f4b9d9a032464e

SHA256
1a610b808c07247c0662b829fa703c5068f361194c301594b9594f414e0ebe84

SHA512
53994e509c56ac9435bcd06dc1341b589dc168ed5df2ebe13d2ca43cd50278e898768b1b5b65596542831b68d922612d3896c74d4dae8da829f5f0512905cb4e

Download Submit
C:\Program Files\FileViewPro\DevExpress.XtraEditors.v18.1.dll

Filesize
6.0MB

MD5
8c0d9ba800cffbabac77b2c320ab169d

SHA1
f28285a8b9b8a5086b5024a4352973019f689590

SHA256
7cd141c2fdc9dbaf634a02b51cc3740d98af3b21b694a444f5430a35a46b13f1

SHA512
52e29c064195b2eda58659aa3482c111f37b901e6053b764cbf1af4e498a14deefa7a74af069ae91446e71a6d8381b89a1f5ff178f2ac8bc1bb9cd04eb77b123

Download Submit
C:\Program Files\FileViewPro\DevExpress.XtraEditors.v18.1.dll

Filesize
6.0MB

MD5
8c0d9ba800cffbabac77b2c320ab169d

SHA1
f28285a8b9b8a5086b5024a4352973019f689590

SHA256
7cd141c2fdc9dbaf634a02b51cc3740d98af3b21b694a444f5430a35a46b13f1

SHA512
52e29c064195b2eda58659aa3482c111f37b901e6053b764cbf1af4e498a14deefa7a74af069ae91446e71a6d8381b89a1f5ff178f2ac8bc1bb9cd04eb77b123

Download Submit
C:\Program Files\FileViewPro\DevExpress.XtraEditors.v18.1.dll

Filesize
6.0MB

MD5
8c0d9ba800cffbabac77b2c320ab169d

SHA1
f28285a8b9b8a5086b5024a4352973019f689590

SHA256
7cd141c2fdc9dbaf634a02b51cc3740d98af3b21b694a444f5430a35a46b13f1

SHA512
52e29c064195b2eda58659aa3482c111f37b901e6053b764cbf1af4e498a14deefa7a74af069ae91446e71a6d8381b89a1f5ff178f2ac8bc1bb9cd04eb77b123

Download Submit
C:\Program Files\FileViewPro\FileViewPro.exe

Filesize
739KB

MD5
daa97924499885155278a306d3cd32d8

SHA1
5a315a56db58342c3d18dc73128492a67499c528

SHA256
a78a50b913083c2f3941035e19e48d0c895a1304365d202e491bc780bc9888f6

SHA512
b67f86e2fa693c31e974cefbc0c7c4610ffb6445fed0da3ee62549d6fca1655d23ed24e6fca9aac7dd15702e09f2ab0995df2f2297bfb18928cd8c117b9cc242

Download Submit
C:\Program Files\FileViewPro\FileViewPro.exe

Filesize
739KB

MD5
daa97924499885155278a306d3cd32d8

SHA1
5a315a56db58342c3d18dc73128492a67499c528

SHA256
a78a50b913083c2f3941035e19e48d0c895a1304365d202e491bc780bc9888f6

SHA512
b67f86e2fa693c31e974cefbc0c7c4610ffb6445fed0da3ee62549d6fca1655d23ed24e6fca9aac7dd15702e09f2ab0995df2f2297bfb18928cd8c117b9cc242

Download Submit
C:\Program Files\FileViewPro\FileViewPro.exe

Filesize
739KB

MD5
daa97924499885155278a306d3cd32d8

SHA1
5a315a56db58342c3d18dc73128492a67499c528

SHA256
a78a50b913083c2f3941035e19e48d0c895a1304365d202e491bc780bc9888f6

SHA512
b67f86e2fa693c31e974cefbc0c7c4610ffb6445fed0da3ee62549d6fca1655d23ed24e6fca9aac7dd15702e09f2ab0995df2f2297bfb18928cd8c117b9cc242

Download Submit
C:\Program Files\FileViewPro\FileViewPro.exe.config

Filesize
3KB

MD5
4e73c4ff8ea09cdc528e5eea378b9c89

SHA1
e3974580154b5897441a68b3a14bae74fbfab14d

SHA256
7c90b0bbb693a95518b394ff9fe96f975b1290cf51c017a4a8b5ef669d91e916

SHA512
155962cd814ded2d3d4d4120e8f5774fc381fdb8bf2aecc04e2c0ac84ea2079428f34f60890ad78c627164d33c7f82517750a116e70b00e1aea6e79ae8c32ce3

Download Submit
C:\Program Files\FileViewPro\IsLicense50.dll

Filesize
2.2MB

MD5
9c8e427d0fa333c78aa7dfa45a77ea28

SHA1
434e78a8d45ed5572fb554dda5d5e5796b00ce81

SHA256
692b75ceccf8f7c4fa4fce7cf26af25a15e22d8964ffc30dc2b97428a12c2117

SHA512
a91deee8b3d30b7e9fa402c9c5530e4be44d695c9892a727e364698b685d83f30c081fd95cffa01aa5d9576e691d5c91ef0ae70c2e5f8d160cbfbcdbe0b7ef39

Download Submit
C:\Program Files\FileViewPro\IsLicense50.dll

Filesize
2.2MB

MD5
9c8e427d0fa333c78aa7dfa45a77ea28

SHA1
434e78a8d45ed5572fb554dda5d5e5796b00ce81

SHA256
692b75ceccf8f7c4fa4fce7cf26af25a15e22d8964ffc30dc2b97428a12c2117

SHA512
a91deee8b3d30b7e9fa402c9c5530e4be44d695c9892a727e364698b685d83f30c081fd95cffa01aa5d9576e691d5c91ef0ae70c2e5f8d160cbfbcdbe0b7ef39

Download Submit
C:\Program Files\FileViewPro\QlmLicenseLib.dll

Filesize
530KB

MD5
630a267b01b169a4c1a26c0db188d205

SHA1
8cc73e203bafec1d054408feb3b66154194750cd

SHA256
65d9ca2ff2d46c4a46d97cc84dd313771a743eb83baeb7acc1172ff96e5d6fe5

SHA512
0aefbad11dfef128bd8975ed48afe57e81d1239368afb0a824d5d3c3e230665dc073fa31363522c6f35b97313f87acb251867998e504dcf3f6e7921f57562d43

Download Submit
C:\Program Files\FileViewPro\QlmLicenseLib.dll

Filesize
530KB

MD5
630a267b01b169a4c1a26c0db188d205

SHA1
8cc73e203bafec1d054408feb3b66154194750cd

SHA256
65d9ca2ff2d46c4a46d97cc84dd313771a743eb83baeb7acc1172ff96e5d6fe5

SHA512
0aefbad11dfef128bd8975ed48afe57e81d1239368afb0a824d5d3c3e230665dc073fa31363522c6f35b97313f87acb251867998e504dcf3f6e7921f57562d43

Download Submit
C:\Program Files\FileViewPro\QlmLicenseLib.dll

Filesize
530KB

MD5
630a267b01b169a4c1a26c0db188d205

SHA1
8cc73e203bafec1d054408feb3b66154194750cd

SHA256
65d9ca2ff2d46c4a46d97cc84dd313771a743eb83baeb7acc1172ff96e5d6fe5

SHA512
0aefbad11dfef128bd8975ed48afe57e81d1239368afb0a824d5d3c3e230665dc073fa31363522c6f35b97313f87acb251867998e504dcf3f6e7921f57562d43

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Licensing.dll

Filesize
285KB

MD5
108e1bbee5db920dd019789324d04525

SHA1
5b8cc4e37e0a20e5263c98dbb132cad91301ee2e

SHA256
699a68bb79b9ea11a5a1857991fd1ea610335f91ee47c7a6adcad3880690ea5e

SHA512
c047557ddce8cae833f1cc293a0aea553cead4e30a62f2952ddfeb2c5c12b072e1a817d9493749aef2ea8dcfa504f06fe2efdfd3906b58a0752a1d61e4f2bbfa

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Licensing.dll

Filesize
285KB

MD5
108e1bbee5db920dd019789324d04525

SHA1
5b8cc4e37e0a20e5263c98dbb132cad91301ee2e

SHA256
699a68bb79b9ea11a5a1857991fd1ea610335f91ee47c7a6adcad3880690ea5e

SHA512
c047557ddce8cae833f1cc293a0aea553cead4e30a62f2952ddfeb2c5c12b072e1a817d9493749aef2ea8dcfa504f06fe2efdfd3906b58a0752a1d61e4f2bbfa

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Licensing.dll

Filesize
285KB

MD5
108e1bbee5db920dd019789324d04525

SHA1
5b8cc4e37e0a20e5263c98dbb132cad91301ee2e

SHA256
699a68bb79b9ea11a5a1857991fd1ea610335f91ee47c7a6adcad3880690ea5e

SHA512
c047557ddce8cae833f1cc293a0aea553cead4e30a62f2952ddfeb2c5c12b072e1a817d9493749aef2ea8dcfa504f06fe2efdfd3906b58a0752a1d61e4f2bbfa

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Localization.dll

Filesize
86KB

MD5
a1351945aa9ce65e2a3ed1e9b3963c3f

SHA1
5717a5d37e3be5bfd34dbc54a3a8cd273bf76ccc

SHA256
995b85c5d78a9b49e89c8293e3f56ed524f778e40113667fbdaa18a7178f557f

SHA512
811750775c6786414217e64e0d1a81cec7c80c85f3553ce818a25331991082d1c5b4eb98fc6ea49566bcafd80c3286b857f8b9992b7c33ebb6a84e7d015441a5

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Localization.dll

Filesize
86KB

MD5
a1351945aa9ce65e2a3ed1e9b3963c3f

SHA1
5717a5d37e3be5bfd34dbc54a3a8cd273bf76ccc

SHA256
995b85c5d78a9b49e89c8293e3f56ed524f778e40113667fbdaa18a7178f557f

SHA512
811750775c6786414217e64e0d1a81cec7c80c85f3553ce818a25331991082d1c5b4eb98fc6ea49566bcafd80c3286b857f8b9992b7c33ebb6a84e7d015441a5

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Localization.dll

Filesize
86KB

MD5
a1351945aa9ce65e2a3ed1e9b3963c3f

SHA1
5717a5d37e3be5bfd34dbc54a3a8cd273bf76ccc

SHA256
995b85c5d78a9b49e89c8293e3f56ed524f778e40113667fbdaa18a7178f557f

SHA512
811750775c6786414217e64e0d1a81cec7c80c85f3553ce818a25331991082d1c5b4eb98fc6ea49566bcafd80c3286b857f8b9992b7c33ebb6a84e7d015441a5

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Resources.dll

Filesize
101KB

MD5
08323903653f49087bfdc722668c203b

SHA1
cfd75889809a5861cc98be40524c0e64411ae7f1

SHA256
d9b298df75e88695673ad583966f6629378c8fd3007ed87d122cfb2ea4967dc9

SHA512
21bc8e3799994eb1d5b53905b29fd5c4dcd4a3d1378032ec40f0ff7c083cef61ad879c10d0e76bbf55ff4047fd6e8292a2a26823283230f72220b00c1bb78065

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Resources.dll

Filesize
101KB

MD5
08323903653f49087bfdc722668c203b

SHA1
cfd75889809a5861cc98be40524c0e64411ae7f1

SHA256
d9b298df75e88695673ad583966f6629378c8fd3007ed87d122cfb2ea4967dc9

SHA512
21bc8e3799994eb1d5b53905b29fd5c4dcd4a3d1378032ec40f0ff7c083cef61ad879c10d0e76bbf55ff4047fd6e8292a2a26823283230f72220b00c1bb78065

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Resources.dll

Filesize
101KB

MD5
08323903653f49087bfdc722668c203b

SHA1
cfd75889809a5861cc98be40524c0e64411ae7f1

SHA256
d9b298df75e88695673ad583966f6629378c8fd3007ed87d122cfb2ea4967dc9

SHA512
21bc8e3799994eb1d5b53905b29fd5c4dcd4a3d1378032ec40f0ff7c083cef61ad879c10d0e76bbf55ff4047fd6e8292a2a26823283230f72220b00c1bb78065

Download Submit
C:\Program Files\FileViewPro\Wps\wps2html.exe

Filesize
133KB

MD5
4348b879e87211ca9059ff090a6872c9

SHA1
048c395296eeb2af3fda21c820e33e7a06fae82a

SHA256
ed016605bded2acc91854d33ffdefa6ec92dfbc84313d086a250cf75e891e659

SHA512
89d60cd3cf71e8f9132b81c917038b0702299851f2b3656a4f408d2845e4b52062f64390392a0ee43a3533a6f92d38f805f0b2a45db1be4f3eb660c4851d61a7

Download Submit
C:\Program Files\FileViewPro\unins000.exe

Filesize
1.1MB

MD5
1a81372fd72743199f885cfed00c8e34

SHA1
7bb1a83593d07b3833c58150a0a678fc5898aca2

SHA256
fa6030367c0645fe9856ab1b75910c94e4ef32fdcede0ccd2805c6b2cef5f5ab

SHA512
ec79c5efaf4ff5288cca4c9ab7ddc962f17e6b1d92a8b63463ee0fbad889229eae5f3af3af831f209bc8a322a73cafa783d7aef698663bbe288bdda6cd3e5c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d4d1980d7600775de6b138230eb3a357

SHA1
c69e92b9e3b60c8ace1eb43120ef47828bc7d612

SHA256
1817d54aa7a60b5b5d0a382cbe974c1a1a17bd10d7f9c990ac65517050d81b1f

SHA512
1de64fe6d20010efda90dcf4635c803d1f3ab4c0b71bc90c551a37d627d837924b227e6fe4e2cd4639da562c1cfa2ed351f24329b3619c6007a918a948cd112e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
3764227a957a5821511f517ce7e935c1

SHA1
9247bee11e911e2a0a44aeec8d5e5a661defca39

SHA256
de7b6c41480a113187d053fb1ad67ed0f5c91dc15c2c977bfcc64db441f9508a

SHA512
63c467dbab1f072aa43c421c586bbba5dfbea22cde363435891a1296bc32280297c1ea593744e074f0abf048e26a0a22f03bc4b152e010292bbb7a47fbabd8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
051d136f9fcdb95efcd13a50fe348811

SHA1
de9962aa2d7a10767cd441c4bfbf51b25b0d5a0a

SHA256
d0dbd056bf986a739841122491a59381e2cf9d3f83d42863498c16aa79783fa7

SHA512
06915c2e412e4d6c3542f95aca75b382cf593d2cf2edd6dcedc49d3f13cb83c1a33f99f9827814f5f4171295de37ae7817ad4555d1bb20f9dda66c0bb3ec84a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c1852674608f6edb4b4a32c038f8196

SHA1
36c91c56f5094f7bc7204462a8b5de388a568daf

SHA256
a995ca83d19b15102b32862cab5c87c36b911490aed3f196692414c229ec2eea

SHA512
a4c4afda743637d74c84a16c9ca6926be1a4c1b5cd03277a1f211f62748b67130466b750a4bb1ae6b7793bfd18173aabe05ecebcb31c19674d7ed22d3155241b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4dfbf78a76062d66764330e6f864ea25

SHA1
a7a69bd22744dff5c67deca445c92dac310541b4

SHA256
211378d6fbc03aa1979dbff5e5f452ba4e5045ed22a5ff8eaa83071350c69b0e

SHA512
5c111723d6453ded75d659c1180324adecdd5a52ab8b07a797420dc4db265e9af6f8114012faf9a0bfefee61a53fd28b1ae8532ea9909a467c0bb4e822f19f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
8104df60f6700df0078e673e3c6b7b2b

SHA1
c6d1855baef0934aa69695810daeb6332e6651fa

SHA256
da5d35842c3b9feeeded54ca615d6dd35708833b735f16a6f5ea29cd9ec98de1

SHA512
2556d3d455f4c35164870724dbaf290930b3faff53f1d876f01dcb58d3727585194308ac3b68dd93816564123f199222c70ffe29f144c61106dcb794ad79245c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0874da747ade7408c705dfe570f2f25f

SHA1
e1799d396de8db4273d511ffb59b4dd3c92e4706

SHA256
a8fafcbdb21ab9ee4913b6c3b310dd28d06d549e232a08b735280cd9c720b3c8

SHA512
7bc98a068cc287c39e76cc284337258d0b4f24d60180e9879be4749e775b8c73b8cb311990852c656e71a7c8e432849879c90a5efd2b04cb56bc5cee639ad331

Download Submit
C:\Users\Admin\AppData\Local\Solvusoft_Corporation\FileViewPro.exe_Url_dnaugtvmzfhczvych303evrzkmck3wnr\1.9.8.19\fbg33pj5.newcfg

Filesize
897B

MD5
76c406f3463f8927abfdead2e20c6743

SHA1
44c4a253f270d4f9a071edc8763f804117f5bd80

SHA256
56874e4c85e368b11d105180b0806e434f3d0d7e5a816ee866853df1017ccfa4

SHA512
1defde300abbbb71372f2fa0c384780f293bcabcc745c2cbd4e028fc93b41c921788a0e5a3f425111dc24ea2197515768b711e3a58ec825e93b1755d868568f1

Download Submit
C:\Users\Admin\AppData\Local\Solvusoft_Corporation\FileViewPro.exe_Url_dnaugtvmzfhczvych303evrzkmck3wnr\1.9.8.19\user.config

Filesize
697B

MD5
0a7398e4f31c76d0011b55271476e0ff

SHA1
bc5ba183844eac072cf3840da916fadbd4373283

SHA256
eef3293b6321934bd16a1118a5d7cccde00128367348f9c6768a4eed353f3441

SHA512
19695367ad4a2c6d88bc376a48af60a1ae84a2f1b2fe5ff305d0e8722ae64abf6b4781c00c7d53d0a27f71036d3fbc1aed3d388945d5b284d0dc5cdfa05994a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9U19A.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R3ODS.tmp\FileViewPro-S-1.9.8.19.tmp

Filesize
1.1MB

MD5
1a81372fd72743199f885cfed00c8e34

SHA1
7bb1a83593d07b3833c58150a0a678fc5898aca2

SHA256
fa6030367c0645fe9856ab1b75910c94e4ef32fdcede0ccd2805c6b2cef5f5ab

SHA512
ec79c5efaf4ff5288cca4c9ab7ddc962f17e6b1d92a8b63463ee0fbad889229eae5f3af3af831f209bc8a322a73cafa783d7aef698663bbe288bdda6cd3e5c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R3ODS.tmp\FileViewPro-S-1.9.8.19.tmp

Filesize
1.1MB

MD5
1a81372fd72743199f885cfed00c8e34

SHA1
7bb1a83593d07b3833c58150a0a678fc5898aca2

SHA256
fa6030367c0645fe9856ab1b75910c94e4ef32fdcede0ccd2805c6b2cef5f5ab

SHA512
ec79c5efaf4ff5288cca4c9ab7ddc962f17e6b1d92a8b63463ee0fbad889229eae5f3af3af831f209bc8a322a73cafa783d7aef698663bbe288bdda6cd3e5c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{554834E9-92F6-492A-B712-F32FE7DF224D}\resources.1.0.0.34s

Filesize
1.6MB

MD5
65a9517b73bcfc01b3d46f715bf92c36

SHA1
444bbd5cdd8f9e4fe1be79a7c5dbcd2164765226

SHA256
835a6309713ce9102456ed8ce3b211cc1055fc17c981205e263859b21d6031f2

SHA512
7dcf27a044323485d93cef39e920acfb4cce24f2a09b55bcbfac174aa98f580d8c8078beb74b99886061b18be14ae38e452dd0187431820beebbf760db8a7496

Download Submit
C:\Users\Admin\AppData\Local\Temp\{57812B4A-9CE6-4F6F-B42C-3C6BB8D412FC}\FileViewPro-S-1.9.8.19.exe

Filesize
58.1MB

MD5
35bc3d926698c1f580603e7a5c4b0cc6

SHA1
7aaacafbf325c08b4ef577994505fbf0cce87fc6

SHA256
b3a64b2c2d3292de9a9e9f590bf3ce04aecc8483af8f181f57aee1dad375e1be

SHA512
1e77629bba2eda9c4b7d0701785561c2326953b924984d08db177d02ef3f4e752ed1f37005e63aaa1b327db9294c076aa0447ed71c974da4410f4bee10872652

Download Submit
C:\Users\Admin\AppData\Local\Temp\{57812B4A-9CE6-4F6F-B42C-3C6BB8D412FC}\FileViewPro-S-1.9.8.19.exe

Filesize
58.1MB

MD5
35bc3d926698c1f580603e7a5c4b0cc6

SHA1
7aaacafbf325c08b4ef577994505fbf0cce87fc6

SHA256
b3a64b2c2d3292de9a9e9f590bf3ce04aecc8483af8f181f57aee1dad375e1be

SHA512
1e77629bba2eda9c4b7d0701785561c2326953b924984d08db177d02ef3f4e752ed1f37005e63aaa1b327db9294c076aa0447ed71c974da4410f4bee10872652

Download Submit
C:\Users\Admin\AppData\Local\Temp\{57812B4A-9CE6-4F6F-B42C-3C6BB8D412FC}\FileViewPro-S-1.9.8.19.exe

Filesize
58.1MB

MD5
35bc3d926698c1f580603e7a5c4b0cc6

SHA1
7aaacafbf325c08b4ef577994505fbf0cce87fc6

SHA256
b3a64b2c2d3292de9a9e9f590bf3ce04aecc8483af8f181f57aee1dad375e1be

SHA512
1e77629bba2eda9c4b7d0701785561c2326953b924984d08db177d02ef3f4e752ed1f37005e63aaa1b327db9294c076aa0447ed71c974da4410f4bee10872652

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
27f4b24f83a6653739c88b0c170978e3

SHA1
f4fd1c419cace20aac898f9e801726018d96cd6c

SHA256
6380c17930684015bd890cf73022a6e4369c8bd485d2fe0eed2799ffeac98f7d

SHA512
9222bc083eaf92f494ae2d7d870d772c705ef018bf102da71af48ef328061928c318e7ae8a2a8d34db6278b96186ce483517be7088e8709e50b9a8a8859d7d79

Download Submit
\??\pipe\LOCAL\crashpad_2232_UWNWBVXWTDDHBPSV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/752-515-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/752-165-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/3108-548-0x00007FFE9BFA0000-0x00007FFE9BFA1000-memory.dmp

Filesize
4KB

Download
memory/3628-517-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3628-153-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3628-180-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4228-511-0x0000000000020000-0x00000000000DE000-memory.dmp

Filesize
760KB

Download
memory/4228-696-0x0000000006F10000-0x0000000006F3E000-memory.dmp

Filesize
184KB

Download
memory/4228-697-0x0000000009030000-0x0000000009068000-memory.dmp

Filesize
224KB

Download
memory/4228-679-0x0000000007A00000-0x0000000007A1C000-memory.dmp

Filesize
112KB

Download
memory/4228-545-0x00000000052A0000-0x00000000052C0000-memory.dmp

Filesize
128KB

Download
memory/4228-661-0x0000000007550000-0x000000000761E000-memory.dmp

Filesize
824KB

Download
memory/4228-793-0x0000000004960000-0x0000000004970000-memory.dmp

Filesize
64KB

Download
memory/4228-512-0x0000000009090000-0x000000000912C000-memory.dmp

Filesize
624KB

Download
memory/4228-658-0x00000000073F0000-0x000000000747A000-memory.dmp

Filesize
552KB

Download
memory/4228-516-0x00000000096E0000-0x0000000009C84000-memory.dmp

Filesize
5.6MB

Download
memory/4228-523-0x0000000004B10000-0x0000000004BA2000-memory.dmp

Filesize
584KB

Download
memory/4228-629-0x0000000005990000-0x00000000059E0000-memory.dmp

Filesize
320KB

Download
memory/4228-524-0x0000000004960000-0x0000000004970000-memory.dmp

Filesize
64KB

Download
memory/4228-525-0x0000000004AB0000-0x0000000004ABA000-memory.dmp

Filesize
40KB

Download
memory/4228-1034-0x000000000B490000-0x000000000BA94000-memory.dmp

Filesize
6.0MB

Download
memory/4228-526-0x0000000004D50000-0x0000000004DA6000-memory.dmp

Filesize
344KB

Download
memory/4228-536-0x0000000005BA0000-0x0000000006812000-memory.dmp

Filesize
12.4MB

Download
memory/4228-541-0x0000000007DF0000-0x0000000008452000-memory.dmp

Filesize
6.4MB

Download