888da7bca87ef012a0f6718cd7118956aeeec7c0c60863085e064d1b7f232e29

Analysis

max time kernel
264s
max time network
264s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-03-2023 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SwifdooInstaller_stable_en_home.exe
Size

37.3MB
MD5

d654b89c9407e4fdaf531d21a8bd6d0e
SHA1

84c1db908efdd5cfa0e7cfb063051296d0bed411
SHA256

888da7bca87ef012a0f6718cd7118956aeeec7c0c60863085e064d1b7f232e29
SHA512

d268924582c252afa368b7f5987882a737292b9d819cfee08e1a342c9b1080d01b5f39e48bfb6bb5f32baf497eeb232157f98fa29b37505676f4d9c6a57fc8c1
SSDEEP

786432:fay5ljaBW3l/oSL6fQfKJBRe+2NOop6QUwZcrddcNoMB3krYm1NO:ii08i7vk+2NOopXUwZCcV8

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 6 IoCs

Processes:

SwifdooInstaller_stable_en_home.tmpPDFEngine.exeSwifDooHelper.exeSwifDoo.exeSwifdooBrowser.exeSwifdooBrowser.exe

pid process

1036 SwifdooInstaller_stable_en_home.tmp
436 PDFEngine.exe
1460 SwifDooHelper.exe
456 SwifDoo.exe
1984 SwifdooBrowser.exe
472 SwifdooBrowser.exe

Loads dropped DLL 20 IoCs

Processes:

SwifdooInstaller_stable_en_home.exeSwifdooInstaller_stable_en_home.tmpregsvr32.exeregsvr32.exePDFEngine.exeSwifDoo.exeSwifdooBrowser.exeSwifdooBrowser.exe

pid	process
1216	SwifdooInstaller_stable_en_home.exe
1036	SwifdooInstaller_stable_en_home.tmp
1036	SwifdooInstaller_stable_en_home.tmp
1036	SwifdooInstaller_stable_en_home.tmp
1036	SwifdooInstaller_stable_en_home.tmp
1036	SwifdooInstaller_stable_en_home.tmp
1036	SwifdooInstaller_stable_en_home.tmp
932	regsvr32.exe
2028	regsvr32.exe
1036	SwifdooInstaller_stable_en_home.tmp
1036	SwifdooInstaller_stable_en_home.tmp
1036	SwifdooInstaller_stable_en_home.tmp
436	PDFEngine.exe
436	PDFEngine.exe
436	PDFEngine.exe
436	PDFEngine.exe
456	SwifDoo.exe
456	SwifDoo.exe
1984	SwifdooBrowser.exe
472	SwifdooBrowser.exe

Registers COM server for autorun 1 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4E15CD0-F916-4C8E-830A-15E3E9D01A1B}\InprocServer32\ = "C:\\Program Files (x86)\\SwifDooPDF\\PDFShell64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4E15CD0-F916-4C8E-830A-15E3E9D01A1B}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\InprocServer32\ = "C:\\Program Files (x86)\\SwifDooPDF\\PDFShell64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4E15CD0-F916-4C8E-830A-15E3E9D01A1B}\InprocServer32	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

SwifdooInstaller_stable_en_home.tmp

description ioc process

File opened for modification \??\PhysicalDrive0 SwifdooInstaller_stable_en_home.tmp

description	ioc	process
File opened for modification	\??\PhysicalDrive0	SwifdooInstaller_stable_en_home.tmp

Drops file in Program Files directory 63 IoCs

Processes:

SwifdooInstaller_stable_en_home.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\SwifDooPDF\webview\cef\libcef.dll	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\is-AEKBD.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\PdfWatermark\is-SMV7Q.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-J6EN1.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-G6U61.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-DABBT.tmp	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\webview\cef\d3dcompiler_47.dll	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\PDFEngine.exe	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\PdfWatermark\is-RRB9G.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\is-UTJR6.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\language\is-529NM.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\language\is-L85MA.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-F52I2.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-6RC9C.tmp	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\uninstall\InstallModule.dll	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\PdfWatermark\is-G16DG.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-04RTH.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\PdfWatermark\is-BO9NM.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\PdfWatermark\is-H75CI.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-6TQ7A.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\is-5IR66.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\PdfWatermark\is-27B8G.tmp	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\webview\cef\SwifdooBrowser.exe	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\PdfWatermark\is-I7P6N.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\Skin\is-K4RDR.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-FSHMG.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\language\is-NAMN0.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\Skin\is-DNG81.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\is-H1FIL.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\uninstall\unins000.msg	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\is-V2OA3.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-479JM.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-SJUU5.tmp	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\PDFShell64.dll	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\webview\cef\libEGL.dll	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-USLSB.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\uninstall\unins000.dat	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\PdfWatermark\is-KUA1N.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-D4I39.tmp	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\uninstall\unins000.dat	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-3SCA4.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-V9BD9.tmp	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\webview\cef\libGLESv2.dll	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\PdfWatermark\is-JDULK.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-7DCGU.tmp	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\webview\cef\widevinecdmadapter.dll	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\uninstall\is-7JQA8.tmp	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\webview\cef\wow_helper.exe	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\uninstall\is-C7515.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\is-97THT.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-KE15D.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-1AA11.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-LR38S.tmp	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\webview\WebView.dll	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\Screener.exe	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\PDFShell.dll	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\is-3MHRD.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\is-L0EK4.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\webview\cef\is-18FJD.tmp	SwifdooInstaller_stable_en_home.tmp
File created	C:\Program Files (x86)\SwifDooPDF\Uninstalll.lnk	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\SwifDoo.exe	SwifdooInstaller_stable_en_home.tmp
File opened for modification	C:\Program Files (x86)\SwifDooPDF\webview\cef\d3dcompiler_43.dll	SwifdooInstaller_stable_en_home.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

1568 taskkill.exe

pid	process
1568	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{031E1381-C965-11ED-9221-C6A949C40DC2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Modifies registry class 64 IoCs

Processes:

SwifdooInstaller_stable_en_home.tmpregsvr32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\DefaultIcon	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\shell\printto	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.pdf	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\SwifDoo	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\TypeLib\ = "{74488ED6-7DF3-4D9C-A9A5-60EAAC6437A8}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4E15CD0-F916-4C8E-830A-15E3E9D01A1B}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74488ED6-7DF3-4D9C-A9A5-60EAAC6437A8}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\SwifDooPDF"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{358AD938-2769-4A12-8551-5948D02ABC7C}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\previous.pdf = "AcroExch.Document"	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\shell\open\command	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\shell\print\command	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\shell\printto\command\ = "\"C:\\Program Files (x86)\\SwifDooPDF\\SwifDoo.exe\" -print-to \"%2\" \"%1\""	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\ = "SwifDoo"	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{358AD938-2769-4A12-8551-5948D02ABC7C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{358AD938-2769-4A12-8551-5948D02ABC7C}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\shell\open\command\ = "\"C:\\Program Files (x86)\\SwifDooPDF\\SwifDoo.exe\" \"%1\" %*"	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\shell\open\command\ = "\"C:\\Program Files (x86)\\SwifDooPDF\\SwifDoo.exe\" \"%1\" %*"	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74488ED6-7DF3-4D9C-A9A5-60EAAC6437A8}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4E15CD0-F916-4C8E-830A-15E3E9D01A1B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74488ED6-7DF3-4D9C-A9A5-60EAAC6437A8}\1.0\0\win64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{358AD938-2769-4A12-8551-5948D02ABC7C}\ = "IShellContextMenu"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\DefaultIcon\ = "C:\\Program Files (x86)\\SwifDooPDF\\SwifDoo.exe,1"	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\shell\print	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\shell\printto\command	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4E15CD0-F916-4C8E-830A-15E3E9D01A1B}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\shell\print\command\ = "\"C:\\Program Files (x86)\\SwifDooPDF\\SwifDoo.exe\" -print-to-default \"%1\""	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\shell\printto\command\ = "\"C:\\Program Files (x86)\\SwifDooPDF\\SwifDoo.exe\" -print-to \"%2\" \"%1\""	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{358AD938-2769-4A12-8551-5948D02ABC7C}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\shell\ = "open"	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\shell\open\command	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\.pdf\OpenWithProgids\SwifDoo	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\shell\ = "open"	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SwifDoo\shell\open\command	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SwifDoo\shell\print\command	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\ = "PDF Document"	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\shell\open	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\.pdf\ = "SwifDoo"	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\shell\printto	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\shell\printto\command	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\.pdf	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\ = "PDF Document"	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SwifDoo\shell	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SwifDoo\shell	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{358AD938-2769-4A12-8551-5948D02ABC7C}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74488ED6-7DF3-4D9C-A9A5-60EAAC6437A8}\1.0\0\win64\ = "C:\\Program Files (x86)\\SwifDooPDF\\PDFShell64.dll"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_CLASSES\SwifDoo\shell\print	SwifdooInstaller_stable_en_home.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4E15CD0-F916-4C8E-830A-15E3E9D01A1B}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{358AD938-2769-4A12-8551-5948D02ABC7C}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74488ED6-7DF3-4D9C-A9A5-60EAAC6437A8}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\1XdShellExt	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4E15CD0-F916-4C8E-830A-15E3E9D01A1B}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74488ED6-7DF3-4D9C-A9A5-60EAAC6437A8}\1.0\ = "XDShellExtHelperLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74488ED6-7DF3-4D9C-A9A5-60EAAC6437A8}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{358AD938-2769-4A12-8551-5948D02ABC7C}\TypeLib\ = "{74488ED6-7DF3-4D9C-A9A5-60EAAC6437A8}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SwifDoo	SwifdooInstaller_stable_en_home.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67FB8D5D-AD60-48E4-9E02-BAADD20D1DB1}\InprocServer32\ = "C:\\Program Files (x86)\\SwifDooPDF\\PDFShell64.dll"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

SwifdooInstaller_stable_en_home.tmpSwifDoo.exeSwifdooBrowser.exeSwifdooBrowser.exe

pid	process
1036	SwifdooInstaller_stable_en_home.tmp
1036	SwifdooInstaller_stable_en_home.tmp
1036	SwifdooInstaller_stable_en_home.tmp
456	SwifDoo.exe
456	SwifDoo.exe
1984	SwifdooBrowser.exe
1984	SwifdooBrowser.exe
472	SwifdooBrowser.exe
472	SwifdooBrowser.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

SwifDoo.exe

pid process

456 SwifDoo.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

taskkill.exe

description pid process

Token: SeDebugPrivilege 1568 taskkill.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

SwifdooInstaller_stable_en_home.tmpiexplore.exe

pid process

1036 SwifdooInstaller_stable_en_home.tmp
1508 iexplore.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1508 iexplore.exe
1508 iexplore.exe
1292 IEXPLORE.EXE
1292 IEXPLORE.EXE

pid	process
456	SwifDoo.exe

description	pid	process
Token: SeDebugPrivilege	1568	taskkill.exe

pid	process
1508	iexplore.exe
1508	iexplore.exe
1292	IEXPLORE.EXE
1292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 60 IoCs

Processes:

SwifdooInstaller_stable_en_home.exeSwifdooInstaller_stable_en_home.tmpregsvr32.exePDFEngine.exeiexplore.exeSwifDoo.exeSwifdooBrowser.exe

description	pid	process	target process
PID 1216 wrote to memory of 1036	1216	SwifdooInstaller_stable_en_home.exe	SwifdooInstaller_stable_en_home.tmp
PID 1216 wrote to memory of 1036	1216	SwifdooInstaller_stable_en_home.exe	SwifdooInstaller_stable_en_home.tmp
PID 1216 wrote to memory of 1036	1216	SwifdooInstaller_stable_en_home.exe	SwifdooInstaller_stable_en_home.tmp
PID 1216 wrote to memory of 1036	1216	SwifdooInstaller_stable_en_home.exe	SwifdooInstaller_stable_en_home.tmp
PID 1216 wrote to memory of 1036	1216	SwifdooInstaller_stable_en_home.exe	SwifdooInstaller_stable_en_home.tmp
PID 1216 wrote to memory of 1036	1216	SwifdooInstaller_stable_en_home.exe	SwifdooInstaller_stable_en_home.tmp
PID 1216 wrote to memory of 1036	1216	SwifdooInstaller_stable_en_home.exe	SwifdooInstaller_stable_en_home.tmp
PID 1036 wrote to memory of 1028	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 1028	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 1028	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 1028	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 1028	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 1028	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 1028	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 932	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 932	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 932	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 932	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 932	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 932	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 1036 wrote to memory of 932	1036	SwifdooInstaller_stable_en_home.tmp	regsvr32.exe
PID 932 wrote to memory of 2028	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 2028	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 2028	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 2028	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 2028	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 2028	932	regsvr32.exe	regsvr32.exe
PID 932 wrote to memory of 2028	932	regsvr32.exe	regsvr32.exe
PID 1036 wrote to memory of 436	1036	SwifdooInstaller_stable_en_home.tmp	PDFEngine.exe
PID 1036 wrote to memory of 436	1036	SwifdooInstaller_stable_en_home.tmp	PDFEngine.exe
PID 1036 wrote to memory of 436	1036	SwifdooInstaller_stable_en_home.tmp	PDFEngine.exe
PID 1036 wrote to memory of 436	1036	SwifdooInstaller_stable_en_home.tmp	PDFEngine.exe
PID 436 wrote to memory of 1460	436	PDFEngine.exe	SwifDooHelper.exe
PID 436 wrote to memory of 1460	436	PDFEngine.exe	SwifDooHelper.exe
PID 436 wrote to memory of 1460	436	PDFEngine.exe	SwifDooHelper.exe
PID 436 wrote to memory of 1460	436	PDFEngine.exe	SwifDooHelper.exe
PID 1036 wrote to memory of 1508	1036	SwifdooInstaller_stable_en_home.tmp	iexplore.exe
PID 1036 wrote to memory of 1508	1036	SwifdooInstaller_stable_en_home.tmp	iexplore.exe
PID 1036 wrote to memory of 1508	1036	SwifdooInstaller_stable_en_home.tmp	iexplore.exe
PID 1036 wrote to memory of 1508	1036	SwifdooInstaller_stable_en_home.tmp	iexplore.exe
PID 1036 wrote to memory of 456	1036	SwifdooInstaller_stable_en_home.tmp	SwifDoo.exe
PID 1036 wrote to memory of 456	1036	SwifdooInstaller_stable_en_home.tmp	SwifDoo.exe
PID 1036 wrote to memory of 456	1036	SwifdooInstaller_stable_en_home.tmp	SwifDoo.exe
PID 1036 wrote to memory of 456	1036	SwifdooInstaller_stable_en_home.tmp	SwifDoo.exe
PID 1508 wrote to memory of 1292	1508	iexplore.exe	IEXPLORE.EXE
PID 1508 wrote to memory of 1292	1508	iexplore.exe	IEXPLORE.EXE
PID 1508 wrote to memory of 1292	1508	iexplore.exe	IEXPLORE.EXE
PID 1508 wrote to memory of 1292	1508	iexplore.exe	IEXPLORE.EXE
PID 456 wrote to memory of 1984	456	SwifDoo.exe	SwifdooBrowser.exe
PID 456 wrote to memory of 1984	456	SwifDoo.exe	SwifdooBrowser.exe
PID 456 wrote to memory of 1984	456	SwifDoo.exe	SwifdooBrowser.exe
PID 456 wrote to memory of 1984	456	SwifDoo.exe	SwifdooBrowser.exe
PID 1984 wrote to memory of 472	1984	SwifdooBrowser.exe	SwifdooBrowser.exe
PID 1984 wrote to memory of 472	1984	SwifdooBrowser.exe	SwifdooBrowser.exe
PID 1984 wrote to memory of 472	1984	SwifdooBrowser.exe	SwifdooBrowser.exe
PID 1984 wrote to memory of 472	1984	SwifdooBrowser.exe	SwifdooBrowser.exe
PID 1984 wrote to memory of 1568	1984	SwifdooBrowser.exe	taskkill.exe
PID 1984 wrote to memory of 1568	1984	SwifdooBrowser.exe	taskkill.exe
PID 1984 wrote to memory of 1568	1984	SwifdooBrowser.exe	taskkill.exe
PID 1984 wrote to memory of 1568	1984	SwifdooBrowser.exe	taskkill.exe

C:\Users\Admin\AppData\Local\Temp\SwifdooInstaller_stable_en_home.exe
"C:\Users\Admin\AppData\Local\Temp\SwifdooInstaller_stable_en_home.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1216

C:\Users\Admin\AppData\Local\Temp\is-IKGJH.tmp\SwifdooInstaller_stable_en_home.tmp
"C:\Users\Admin\AppData\Local\Temp\is-IKGJH.tmp\SwifdooInstaller_stable_en_home.tmp" /SL5="$90124,38670906,165376,C:\Users\Admin\AppData\Local\Temp\SwifdooInstaller_stable_en_home.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1036

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s /u "C:\Program Files (x86)\SwifDooPDF\PDFShell64.dll"
3⤵
PID:1028

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Program Files (x86)\SwifDooPDF\PDFShell64.dll"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:932

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\SwifDooPDF\PDFShell64.dll"
4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2028

C:\Program Files (x86)\SwifDooPDF\PDFEngine.exe
"C:\Program Files (x86)\SwifDooPDF\PDFEngine.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:436

C:\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe
"C:\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe" /check_update
4⤵
- Executes dropped EXE
PID:1460

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.swifdoo.com/feedback/install-complete?os=20482&device_id=80b7cf97b4fd0c1ca5dbe9afe48ef833&version=2.0.2.3&qd=home&day=strInstTime&t=7319520&product=swifdoo&country_code=US
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1508

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Program Files (x86)\SwifDooPDF\SwifDoo.exe
"C:\Program Files (x86)\SwifDooPDF\SwifDoo.exe" /from install
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:456

C:\Program Files (x86)\SwifDooPDF\webview\cef\SwifdooBrowser.exe
"C:\Program Files (x86)\SwifDooPDF\webview\cef\SwifdooBrowser.exe" --parent_wnd=80122 --tab_rect="1,31,798,568" --tab_ids="C60C00A7-A51B-4da2-ABA0-576B1382853E" --cmd="" --disable-gpu --disable-gpu-compositing --url="https://www.swifdoo.com/client/en/trial?os=20482&device_id=80b7cf97b4fd0c1ca5dbe9afe48ef833&version=2.0.2.3&qd=home&day=strInstTime&t=7325073&product=swifdoo&country_code=US&trial=1&ttg=15&os=20482&device_id=80b7cf97b4fd0c1ca5dbe9afe48ef833&version=2.0.2.3&qd=home" --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 SwifDooPDF/49.0.2623.110" --no-proxy-server
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1984

C:\Program Files (x86)\SwifDooPDF\webview\cef\SwifdooBrowser.exe
"C:\Program Files (x86)\SwifDooPDF\webview\cef\SwifdooBrowser.exe" --type=renderer --disable-gpu-compositing --no-sandbox --lang=en-US --lang=zh-CN --log-file="C:\Users\Admin\AppData\Roaming\SwifDooPDFData\CEF\cef.log" --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 SwifDooPDF/49.0.2623.110" --disable-extensions --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=24.0.0.221 --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="1984.0.848892176\1865139531" /prefetch:1
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:472

C:\Windows\SysWOW64\taskkill.exe
taskkill.exe /f /im CefWeb.exe
5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1568

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\SwifDooPDF\PDFEngine.exe
Filesize
281KB

MD5
cb466cae48e9f8321acbc0f04f4bfff3

SHA1
2e0737290f256633e82c6d1ece5462f826776e9c

SHA256
319c9c615c3ffea0bda605dbd83b65ac090aef2e082a85285f7df8753d3b6662

SHA512
2975e3d83015ab296c408e53e6b8eccac1fab55d5192dbb7d8dbbb47a6ed24e377ba287c7d03266fbc6aff1ae25ef9dc54d8ace269b1f7ed7b0b6e807c2f0f34

Download Submit
C:\Program Files (x86)\SwifDooPDF\PDFEngine.exe
Filesize
281KB

MD5
cb466cae48e9f8321acbc0f04f4bfff3

SHA1
2e0737290f256633e82c6d1ece5462f826776e9c

SHA256
319c9c615c3ffea0bda605dbd83b65ac090aef2e082a85285f7df8753d3b6662

SHA512
2975e3d83015ab296c408e53e6b8eccac1fab55d5192dbb7d8dbbb47a6ed24e377ba287c7d03266fbc6aff1ae25ef9dc54d8ace269b1f7ed7b0b6e807c2f0f34

Download Submit
C:\Program Files (x86)\SwifDooPDF\PDFShell64.dll
Filesize
184KB

MD5
a661b439cb0d424134c92cdf7ee2e85a

SHA1
0143de44c61cfa0fd2376ff459b7650023875529

SHA256
a603a312689776a75265c819a99cfbcc7d5227259f255e692f3a12801e0cf2ba

SHA512
2ff7642da112ad2e00ab5c181807a58ee5573642720e779dacb6b36bbb0ffee3819c1a0343d11f3d39f842dc6e3b86268ae79ce0db8af9e0057d30f81f75533a

Download Submit
C:\Program Files (x86)\SwifDooPDF\SwifDoo PDF User Guide.pdf
Filesize
1.5MB

MD5
49f556f15c148c433f874a58d4d072a3

SHA1
3cef11b05f0bf990db65179e24dd74c9128c882a

SHA256
05abbd148422f81b128cf9c0aa472facc5d0c485e23108034f1921bef68a84fc

SHA512
dadecdad71e9d9d0694d101654fc2121869dc61e727303bd857aafdac8591e6b5d7f3309223cbfc3607526dfeac19263b5c63c2e44d2da76ad637db068a25cfd

Download Submit
C:\Program Files (x86)\SwifDooPDF\SwifDoo.exe
Filesize
15.4MB

MD5
32fb77e3108dbbb0660bec9a38888938

SHA1
79e84baacfa5ab31b956074a71e46f6adb3de577

SHA256
0f81c12612e54f476f40282986c96bcb104e1f7957c8d2de1c11d23245e158ba

SHA512
93285ddfdc1cf36e2ebb09397cee2adc3ee47bd03b6d10da11aaadb1a2639937dfd131eee823c208f1c86f6aabca1f54f6ddf39d2bee3d5e83ab9afc3b4bf13a

Download Submit
C:\Program Files (x86)\SwifDooPDF\SwifDoo.exe
Filesize
15.4MB

MD5
32fb77e3108dbbb0660bec9a38888938

SHA1
79e84baacfa5ab31b956074a71e46f6adb3de577

SHA256
0f81c12612e54f476f40282986c96bcb104e1f7957c8d2de1c11d23245e158ba

SHA512
93285ddfdc1cf36e2ebb09397cee2adc3ee47bd03b6d10da11aaadb1a2639937dfd131eee823c208f1c86f6aabca1f54f6ddf39d2bee3d5e83ab9afc3b4bf13a

Download Submit
C:\Program Files (x86)\SwifDooPDF\SwifDoo.exe
Filesize
15.4MB

MD5
32fb77e3108dbbb0660bec9a38888938

SHA1
79e84baacfa5ab31b956074a71e46f6adb3de577

SHA256
0f81c12612e54f476f40282986c96bcb104e1f7957c8d2de1c11d23245e158ba

SHA512
93285ddfdc1cf36e2ebb09397cee2adc3ee47bd03b6d10da11aaadb1a2639937dfd131eee823c208f1c86f6aabca1f54f6ddf39d2bee3d5e83ab9afc3b4bf13a

Download Submit
C:\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe
Filesize
2.5MB

MD5
504abc80c438c75915f530e8dbf11067

SHA1
52fddede1e58bbd30ac9997d4c8bad30f08c74e0

SHA256
18a08fee7e5fb95c4972c4032eeb96a998f379486fcae78024e5056b30e61879

SHA512
aa1886fdd4a1ff84b65a3c68050e8f54539830408dac0ceac1211c797bad8f6db2fa373abc2cd47645818769592d63fdec7e37d0d8fae87ed1e303ae2b2cd20d

Download Submit
C:\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe
Filesize
2.5MB

MD5
504abc80c438c75915f530e8dbf11067

SHA1
52fddede1e58bbd30ac9997d4c8bad30f08c74e0

SHA256
18a08fee7e5fb95c4972c4032eeb96a998f379486fcae78024e5056b30e61879

SHA512
aa1886fdd4a1ff84b65a3c68050e8f54539830408dac0ceac1211c797bad8f6db2fa373abc2cd47645818769592d63fdec7e37d0d8fae87ed1e303ae2b2cd20d

Download Submit
C:\Program Files (x86)\SwifDooPDF\language\de.conf
Filesize
167KB

MD5
4b6b2118acacff34867a7c6f00daeaee

SHA1
766dc04a96cb5a960137f53de99f82e58604321e

SHA256
b837d7795e1de47d7f33f4f88b8d358af0d1053d3a132c43f37755e9182383d5

SHA512
23bc72b808b0363fb513f6eed0df7db29b5f63a993249a27c73928e769a2b1383cb2b3d153b54ffd58c106a1cf9b3ec31caa62bf5844bc83b16fb4e0dfe291fe

Download Submit
C:\Program Files (x86)\SwifDooPDF\language\en.conf
Filesize
144KB

MD5
0f74bc4fa3af9b19d5463098e728d1ed

SHA1
0d6199892cd2c072470481a4130c8a7699bc86cc

SHA256
093d7779d4c8edb685d17a7c5d752b19f936f051513ae0b33dcf5f6dfe44acce

SHA512
237f9ba59adf222bbf0e577905aa730d4cea887bae33eff7ec54c5a858eb4dc965d715fe3de9560d2fd0f4b2608a71bdc0a9640badea1048f0adee68fc4e90c4

Download Submit
C:\Program Files (x86)\SwifDooPDF\language\fr.conf
Filesize
167KB

MD5
de3b7a870ba90e68f6e64464638ae660

SHA1
6b36a84be7d379dd2772db6f53a08d74f52d3d62

SHA256
0dbd52e2b772c8233c155652b8b30e69b674f4b65965479e7a07ecb272e1c37c

SHA512
4bf8171006bdf7b6daea0de2a7fb8c4b4a85306b9bcd18f24f219bf7fd1a5dfa5ca6f00a22a564756822ebd49c5f37643ff5c923e87b55d007a95d8e4d8d8672

Download Submit
C:\Program Files (x86)\SwifDooPDF\skin\masterpdf.skn
Filesize
4.6MB

MD5
a87c2679995d37063dffd5d534611bfc

SHA1
a9981d2aa538168a9d50f4b044c096a793323198

SHA256
7bb04e888fa3a7c2c473d81ddc8da965c8b498255ffd62c4b6a3d8f75f5e846d

SHA512
ff6f2363955268d3fe291edb2b8443a48e049e7e9d5fd06d2710299bb4857df58273af40ed72444a6d35f30c5eec56f5fb05fc48a29b775f9573116822d64c42

Download Submit
C:\Program Files (x86)\SwifDooPDF\uninstall\InstallModule.dll
Filesize
2.9MB

MD5
b0309a372f4816e2576af45721470918

SHA1
ea165b68f241c4b84bdfca864e57d8b0edc21217

SHA256
626790ed322af160e03611aaf0524de527289a600c197dce4eef4dd2e58bbe55

SHA512
9b5d8cddfa8b9c98345fbdb9e5c318986cdc61341a646073a44c49bcf8574ff24f9db8223d225cd1c99e09132b3779220f998176bb2ac9e7b30bdcf923ed3657

Download Submit
C:\Program Files (x86)\SwifDooPDF\uninstall\unins000.exe
Filesize
1.2MB

MD5
5e50738523da77a4fccf7a3d11bef356

SHA1
59e6844dd543837faef79e93ec526c5b6b78022b

SHA256
df1c21536c04ceab81dae169dd4a8eed4d7c68c8e2b24fcc9604b42cb33eb0e4

SHA512
55a90385ac66852a2b21a141b898cfc618cc294b0c3517cebf7bd38600660aac5ad2adf819ab31131acc91b89bc4b1998f84c9b86e3d6167ababe1ebeec4a9c5

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\WebView.dll
Filesize
1.0MB

MD5
aa02267da9cc261bbedf44fced1c7002

SHA1
213d4f05f9cddff1ace4475ba43c2923dafc774b

SHA256
2e7d99543e3cff898de6b9a23277619c156abe266d7a9e4d95d00ba630c88ba4

SHA512
ba2e2a64a74ed42768a11352b5de918e3af8b558452e725860950ccb7e8f68c5802c0e98dd8df34255013c7c456cc17dea1ae632c7852fdcae682c749b974870

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\cef\SwifdooBrowser.exe
Filesize
577KB

MD5
dba78b5e18335d120c1533cef7414fc6

SHA1
a66038323c29e39115ab801b129d57c908e239f6

SHA256
ecce81c5530c4a32aa6a78457922bd57d0091f2c17c1af8723335df773240fca

SHA512
6b98daf62e9404b2552d0c223fbc477deae8b4b6eec36fe0f6217b5c13e250ec6eaa5cb3bd2ebac1d3628e709d9b7e81f96daa67be0197b339816571b352abb1

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\cef\SwifdooBrowser.exe
Filesize
577KB

MD5
dba78b5e18335d120c1533cef7414fc6

SHA1
a66038323c29e39115ab801b129d57c908e239f6

SHA256
ecce81c5530c4a32aa6a78457922bd57d0091f2c17c1af8723335df773240fca

SHA512
6b98daf62e9404b2552d0c223fbc477deae8b4b6eec36fe0f6217b5c13e250ec6eaa5cb3bd2ebac1d3628e709d9b7e81f96daa67be0197b339816571b352abb1

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\cef\SwifdooBrowser.exe
Filesize
577KB

MD5
dba78b5e18335d120c1533cef7414fc6

SHA1
a66038323c29e39115ab801b129d57c908e239f6

SHA256
ecce81c5530c4a32aa6a78457922bd57d0091f2c17c1af8723335df773240fca

SHA512
6b98daf62e9404b2552d0c223fbc477deae8b4b6eec36fe0f6217b5c13e250ec6eaa5cb3bd2ebac1d3628e709d9b7e81f96daa67be0197b339816571b352abb1

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\cef\cef.pak
Filesize
2.2MB

MD5
4d991b6db94e823aac8cef6eb1959662

SHA1
84856f2eba08c5ad2df6a946e0eb7519bc9fb6cc

SHA256
2e07dc909efb9d9316e15452f168581966bdc7ad8fb607d3d3a339aaa8dc0266

SHA512
9842bf88339eaed96f81e82b1f1b15f6fe259449097e44f5d7738cd0aa79786da5e0b777d84b9a6a1c08bf3d0edfcf71c9cb396bd6c78145c5dfd171b8384f1f

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\cef\cef_100_percent.pak
Filesize
141KB

MD5
ad2ddfc39c78eedc734af6506a579a8c

SHA1
64e66d48ab3a98503948202dec3ff2f35470cd5b

SHA256
58f7ce00d589aaaebfaf3d0badac45924545e49f2d1531156f282eac7abb11b5

SHA512
7482b0c4c51bf4d3c3389a6ccf9c59307911ba793116bac04077594d9b3d6f54a07e6187764201fba8bb31ede88b9ff65ab6867a2526e0f8e7b16136f7978367

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\cef\icudtl.dat
Filesize
9.7MB

MD5
d03ad9a1189d190119209072d048e428

SHA1
aa954098e3ae4c00f67bace45b39a7b4a8242c6a

SHA256
2857fbe46d007307b1e204c6eb1b7e4988973b958ec8edb07445988f332c1ab5

SHA512
4f73a2c0ceef525e5947dc6eeb7608db40e535eeadb37d83842bdd638eb4d9114f3654d8094c0b72c66ae4bb0214b0947cd4fe2b56426f778c07f3cac5faea21

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\cef\libcef.dll
Filesize
47.5MB

MD5
1e71acd4d7ee98873f6db78ef8adbbfd

SHA1
76478213224c5a133953bfdd21d5499c88e52c39

SHA256
26de05ae9c26c6ab48ecfb3b6996281d4c979f719363788f825c4402b6e862b4

SHA512
a2d1039034f3414d115db8dc59bcf228aeefbf7778c2c5e8ecf264ed105dcfe7e115e907001f90e32169b7062ff99198273815ba39daf86d1c1b12018aa3be73

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\cef\natives_blob.bin
Filesize
402KB

MD5
8f4d6515f4d321313a39a659c3c5ff01

SHA1
f4c95f1abd24c715a3dd4b3e4c9cff5decda7250

SHA256
7d9c0c4d88618bdd16bb0681fdec1dd736e2ed1141ae527a27b22fb93f27848f

SHA512
3c00eb9a8ca8d076140df0071cfa702e1c032edbc20481bb7f7b7a88c1a82c959b8ac901182c2f9d235f55b4528c8e12b1e765119f1e784645c61f66c1c2b007

Download Submit
C:\Program Files (x86)\SwifDooPDF\webview\cef\snapshot_blob.bin
Filesize
474KB

MD5
594f4b02c26e84837108e2b9cc894d39

SHA1
bee0e10f6547d76bf91520f689429d87bc5b6431

SHA256
8dbd2f8c3708611755d103c3776b31c8a9f62e2408d0cb9f670bd79cf2f5a7d4

SHA512
bb9f472501658e2d6e61720627e79d543d4c982b512f4806070587d78060b97e79d199995fbc8df39bce5de553a0f08023d40127876aa9cdbb6069df0179d194

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
d34cd5dfc285c4e53c303f1f9472ac2d

SHA1
895053c124dead25c4d10ef566966949aa2fff79

SHA256
65414eb04c4f2a5406379134c518247eb6d9359e437a49b958e41df8711256eb

SHA512
8893523ecdd330d0f88aa757aced0eff47c4db0089567e4f7934b2b1ce618d816f23109e0b9033dee58cc077b10edca4fb79ec91e15eab3806f7b47c186b51dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
1KB

MD5
9e6d8dc41604f29e642cd0388dedbc39

SHA1
356865a43d9fe59ffa43408c8656722239df3746

SHA256
81ba5efa129a1fe50f089166e3bef04a5472f35d87fe32e48ec078557b809537

SHA512
2e8ee9015b023d1da8c7c00eff12d780c1e640171306f8ebfcf6ac344a3f4553d2b181c5983e4c792b3e226e96eb8236bb9cf43c3c51ed504e27d047ff9d5dc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_B927703728F018DD39598B9865791655
Filesize
472B

MD5
23c054d3aee551b6fdc42a5a472a7040

SHA1
b1a46c12ac7d65c979fd1998bdb243f3dba8f956

SHA256
9e8b91ab91da9ea20dfb5f90c1c06239d2872b0eb80785534d0c59c3b51de404

SHA512
a3637152706100b8ccaeba521a05f5cb96570ad3bb630d919eeb0e06a3f1f27dea2fb8df128824e57de0e9fa982921bed58373a2360c95caa9f005b527483112

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
f7f161623811053d4a57ca092cad29fb

SHA1
2c48a928442d4ac881bd47155d17b8a328ca8b67

SHA256
631c6eddbacaabbd0bcffd7526ec47bb0647b4a992f186b963c6859be85162f4

SHA512
d20ec65b3d93966491d2abed07359780cee19d1009634ddc77beb7a27b6aab99bef9ac436d8770b1d7601ebf66543a652dea984ef07c71acebfdbcb3ca23e161

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
30a7e6584170e81e4a3dccd8dd64ae79

SHA1
78437e7b0ae4dd9a1dc6245f47e6f045366c3111

SHA256
98b4007f44b0600c4f96cfd244f23b5fcc7fae08349b5fba488b7e4f86ff0467

SHA512
935789da3557639283187e5b3cc444d544e7e758d91f3abe306d336ac4896b2fe71033e0424a7d079f1b390530f63eb12c3e577cc96ba83c0ce3c23991bd1664

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
438B

MD5
f110f5e81d901dbb53468fa7a2659759

SHA1
d7ef4b55635edc053b30f5fab32ced6b6f1621b6

SHA256
0be820374d193486e1f1f73259572c8306ea3ec0ac25afff6ea91fb4f1cb6d46

SHA512
319e75d3cbac7e944a26ec8278dad2e5cc5ddab50ff3921fdab283e93effad436e20384a6825e2e6a955c6ae9458d41c7a3c5efbac0117a3a934a4b33639f4c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4298b4d3002d3b6c548f134a1bb89430

SHA1
08d38cf3f5319c6cea1fa0a4be12a3cef3fc7b90

SHA256
99eb2f83bd6b4856865f10e13684573be3b4b5d003118614dadde856eb9c124a

SHA512
10860e8b91d872719c9a192184dcb061d97d62f1e4b3bf0c3e9cc1cdb39a8fef48d855c6370ab7b1af9ee56a471030e59b0f3928bea8c487efd7a75b937ce337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
79ad60d5d42ca27461baaa2889aa9a4b

SHA1
12f014c25469da19260b92c3efe623a862f29aff

SHA256
feb97837a86051ff2d25edd4c0860e75f664915e2c851b48798b675f96b24d34

SHA512
571e5e77b7b729d71b1c1455660724682e9b5373a2e2842260b024f60f9306fe7c35a7b8d8952fde3918863cd9a8e79bcde895bed2e73dead814dfb103f982f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
59a448a05ab40d79a21d9673ea53c0de

SHA1
b64b878eb3c4646800b4c1744f419526049a8495

SHA256
8a72a96c57510f9eb4296652117124dd6dd3eaa809cd07f5310ef9ec19974614

SHA512
22476a9f11bbf323692f990e2a1485d6dc872103c663004ee9c84de4df3bcdd462ebee8d688e8436aaa69e5955dce65f8ef1161262cc9c1247265b454a40264c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ddaa089d380d2d354ab7d00b22a5959e

SHA1
21260581b1a2c2b2a846c3196bde3ed457e82d1c

SHA256
1753af6eb188b9ae068389660c8533cbfb30fc3b9a1fcce8804752388937608a

SHA512
9ac112984de918c8207efe5be91b0fd9bce7f2c2d5b7d77aa5f05551c84a48d12e8e621ee9430fb986695c6e766159bbe692f7d0db8926232b30883f3c5911fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
12a8df502aadabde55ab546ea78450b7

SHA1
3060786f68c13e2baee9dad98dc4eb91d6029de3

SHA256
6d5e98dbe0570e75c0ad21e2e7f650a262f5c2451695d1fce6d24387d406a7be

SHA512
fab57784a732e38f2318ccd08fa62371f2266d3ac9adbb1c17a412f43b530ac64afe5bfc887cda3a62cd87b731587d21f0fc1d14a69570e8691afa8085a45dfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
a54fc2208f872354e893578aed3b84e9

SHA1
c1a2c2a8d931f4ee0a3b6488bc5ecb0f16ad6b69

SHA256
7a4a33100a1f4e189b5399512911c4dbbc3e1bc6c9f685157ef6497249b8a617

SHA512
73802d5cdb34c57ef59cfa78a724d8b4dc9177c95acffabfe083c4f6f751b1330af977ba064e52e4182805ace40323e4444317aa6aae1214dd56277693718d2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_B927703728F018DD39598B9865791655
Filesize
402B

MD5
0fa5e9dc2a81c3e0edd625d2f18e8f5a

SHA1
36888446664c1d3595d227eb862370446680707a

SHA256
ef80d43b7cc6c1f31a0b6a375aee94206304a6a04d16cd824c617457142f4e2c

SHA512
562cfb5061c73b853495f40acd6d90a69dd25a9420340703f25b93d647efa30b2e5db879c73477fbdd41fa87c10ad6dd096b23fff4080510b3484e2c16cd9f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat
Filesize
8KB

MD5
b2bb37b347e2cacb16439768eba94ca9

SHA1
f67e16e871837820b24d3efd3ee6a9a616dd3bd1

SHA256
ee40c8b02f6430b723f039aa6927094772e9d0959cffa3f7b0a889f9267e39c8

SHA512
6ea2911aea9db984f24e929e5087e2011e43ffeda6b94feedb32e84f8d3362fc77e9f6eceed69f4b3d00c43b12f416521c8af871496480e94daf480c2f1e9388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\favicon[2].ico
Filesize
4KB

MD5
6c553879c5622b3b7cf28da7e0666af0

SHA1
98ffad34694e771b937ceae2e4f83b55144b9ccd

SHA256
ab6e4b2cbe44d1bb5f256343b3229b023288aa67664cbb1a5da406f0f09bd650

SHA512
1ae9b1d6445f58fd6cb98d0a65ff000b78880cf8c0db5fc1875dec609f6f541958dc47e8f640be116323df67d86f60a4d04f8bc3d4b5f0329bd362d1a1eaf6c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC7WQYE\js[1].js
Filesize
130KB

MD5
bcbbdff00362ddf345d6ae723ea205ca

SHA1
0ae53e5ffdd424c54c93e93354e82554984906b0

SHA256
c6131ee3b3f0738ce7d57a0b97815c96b64109ae7775257539c8c40eb24e06c8

SHA512
eea5c3eef55b00d3ed084577e7f8dedc7f4cf3e897f0819ec8fefbedd248885315cda843e23fd93e2f3607f35568f34bdf65d9338ec195d64f2c40cad8cb0710

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6E1F.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB37B.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF688.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IKGJH.tmp\SwifdooInstaller_stable_en_home.tmp
Filesize
1.2MB

MD5
5e50738523da77a4fccf7a3d11bef356

SHA1
59e6844dd543837faef79e93ec526c5b6b78022b

SHA256
df1c21536c04ceab81dae169dd4a8eed4d7c68c8e2b24fcc9604b42cb33eb0e4

SHA512
55a90385ac66852a2b21a141b898cfc618cc294b0c3517cebf7bd38600660aac5ad2adf819ab31131acc91b89bc4b1998f84c9b86e3d6167ababe1ebeec4a9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IKGJH.tmp\SwifdooInstaller_stable_en_home.tmp
Filesize
1.2MB

MD5
5e50738523da77a4fccf7a3d11bef356

SHA1
59e6844dd543837faef79e93ec526c5b6b78022b

SHA256
df1c21536c04ceab81dae169dd4a8eed4d7c68c8e2b24fcc9604b42cb33eb0e4

SHA512
55a90385ac66852a2b21a141b898cfc618cc294b0c3517cebf7bd38600660aac5ad2adf819ab31131acc91b89bc4b1998f84c9b86e3d6167ababe1ebeec4a9c5

Download Submit
C:\Users\Admin\AppData\Roaming\SwifDooPDFData\CEF\cef.log
Filesize
3KB

MD5
be3fbeb24215fca6ce8801511525c531

SHA1
a2a3259e150291bafde45d0119de8662b2358e83

SHA256
ff785fbaa97f20c283bade58697fb774e667ab4dace354e987e3eacd2e3c6f61

SHA512
a27cbaa9468da692aef25d1a6706f2b5814a9dd04780a88a9e55b70de3fcb65295bd9935d13fddc093cce833dd9f23173c51d6d873d42bb009ed06a374a146d9

Download Submit
C:\Users\Admin\AppData\Roaming\SwifDooPDFData\SwifDooPDFSettings.txt
Filesize
3KB

MD5
41392347a56833e58ede42e9621e3a8e

SHA1
f7bd4ac68b512814a6811de338f700926999856c

SHA256
a3979a6aab5b509ae000256b44c5269281b1bea4aca9e693322d1c2ea53dfaf2

SHA512
5b973c17785aa40ac5bdf139a4ef4d97e7af28584d15868f0c615ab26ca4f742478f7f9ef2015c5b4e0db48cc60a7dcd9d0579f8822846b27ef7c5359651f3ed

Download Submit
C:\Users\Admin\AppData\Roaming\SwifDooPDFData\UserData\mpConfig.ini
Filesize
33B

MD5
9fc7f21cd398ee8bdf5a99c72ad8e2a4

SHA1
fc41e882e818ef86256766a41e90e50f4b67f309

SHA256
acbe0e60945a9cd2f639f43f6f43b8655acfcee3c9e17546a3d1857a6617fc07

SHA512
f6d941608febb87f829d5d51710d5c5dfce71a2baa65bb0ab6de8ef2e72a94516f115b1ac639e031b740bd265b1096bc62beec9c953f47c2ae4bc191fb9a61d5

Download Submit
C:\Users\Admin\AppData\Roaming\SwifDooPDFData\UserData\mpConfig.ini
Filesize
51B

MD5
00df73e2ce1fc7c772525208a58aca49

SHA1
50ca11d5948aec19fe4ca73188015f39f65ee113

SHA256
bb59aed97306752deeb0ca0ab314bc34f560ed192d08e9483499c5cd481f4a74

SHA512
1753c8c089b4bb08cd75d2691d0bbdd929bb5811b9e72e38bd27212054e001cbb6efd55ade662078389bc2be7e217b1823cc44c4f83bfb26b222667d0df21aa8

Download Submit
C:\Users\Admin\AppData\Roaming\SwifDooPDFData\UserData\mpConfig.ini
Filesize
51B

MD5
00df73e2ce1fc7c772525208a58aca49

SHA1
50ca11d5948aec19fe4ca73188015f39f65ee113

SHA256
bb59aed97306752deeb0ca0ab314bc34f560ed192d08e9483499c5cd481f4a74

SHA512
1753c8c089b4bb08cd75d2691d0bbdd929bb5811b9e72e38bd27212054e001cbb6efd55ade662078389bc2be7e217b1823cc44c4f83bfb26b222667d0df21aa8

Download Submit
\Program Files (x86)\SwifDooPDF\PDFEngine.exe
Filesize
281KB

MD5
cb466cae48e9f8321acbc0f04f4bfff3

SHA1
2e0737290f256633e82c6d1ece5462f826776e9c

SHA256
319c9c615c3ffea0bda605dbd83b65ac090aef2e082a85285f7df8753d3b6662

SHA512
2975e3d83015ab296c408e53e6b8eccac1fab55d5192dbb7d8dbbb47a6ed24e377ba287c7d03266fbc6aff1ae25ef9dc54d8ace269b1f7ed7b0b6e807c2f0f34

Download Submit
\Program Files (x86)\SwifDooPDF\PDFEngine.exe
Filesize
281KB

MD5
cb466cae48e9f8321acbc0f04f4bfff3

SHA1
2e0737290f256633e82c6d1ece5462f826776e9c

SHA256
319c9c615c3ffea0bda605dbd83b65ac090aef2e082a85285f7df8753d3b6662

SHA512
2975e3d83015ab296c408e53e6b8eccac1fab55d5192dbb7d8dbbb47a6ed24e377ba287c7d03266fbc6aff1ae25ef9dc54d8ace269b1f7ed7b0b6e807c2f0f34

Download Submit
\Program Files (x86)\SwifDooPDF\PDFEngine.exe
Filesize
281KB

MD5
cb466cae48e9f8321acbc0f04f4bfff3

SHA1
2e0737290f256633e82c6d1ece5462f826776e9c

SHA256
319c9c615c3ffea0bda605dbd83b65ac090aef2e082a85285f7df8753d3b6662

SHA512
2975e3d83015ab296c408e53e6b8eccac1fab55d5192dbb7d8dbbb47a6ed24e377ba287c7d03266fbc6aff1ae25ef9dc54d8ace269b1f7ed7b0b6e807c2f0f34

Download Submit
\Program Files (x86)\SwifDooPDF\PDFShell64.dll
Filesize
184KB

MD5
a661b439cb0d424134c92cdf7ee2e85a

SHA1
0143de44c61cfa0fd2376ff459b7650023875529

SHA256
a603a312689776a75265c819a99cfbcc7d5227259f255e692f3a12801e0cf2ba

SHA512
2ff7642da112ad2e00ab5c181807a58ee5573642720e779dacb6b36bbb0ffee3819c1a0343d11f3d39f842dc6e3b86268ae79ce0db8af9e0057d30f81f75533a

Download Submit
\Program Files (x86)\SwifDooPDF\PDFShell64.dll
Filesize
184KB

MD5
a661b439cb0d424134c92cdf7ee2e85a

SHA1
0143de44c61cfa0fd2376ff459b7650023875529

SHA256
a603a312689776a75265c819a99cfbcc7d5227259f255e692f3a12801e0cf2ba

SHA512
2ff7642da112ad2e00ab5c181807a58ee5573642720e779dacb6b36bbb0ffee3819c1a0343d11f3d39f842dc6e3b86268ae79ce0db8af9e0057d30f81f75533a

Download Submit
\Program Files (x86)\SwifDooPDF\SwifDoo.exe
Filesize
15.4MB

MD5
32fb77e3108dbbb0660bec9a38888938

SHA1
79e84baacfa5ab31b956074a71e46f6adb3de577

SHA256
0f81c12612e54f476f40282986c96bcb104e1f7957c8d2de1c11d23245e158ba

SHA512
93285ddfdc1cf36e2ebb09397cee2adc3ee47bd03b6d10da11aaadb1a2639937dfd131eee823c208f1c86f6aabca1f54f6ddf39d2bee3d5e83ab9afc3b4bf13a

Download Submit
\Program Files (x86)\SwifDooPDF\SwifDoo.exe
Filesize
15.4MB

MD5
32fb77e3108dbbb0660bec9a38888938

SHA1
79e84baacfa5ab31b956074a71e46f6adb3de577

SHA256
0f81c12612e54f476f40282986c96bcb104e1f7957c8d2de1c11d23245e158ba

SHA512
93285ddfdc1cf36e2ebb09397cee2adc3ee47bd03b6d10da11aaadb1a2639937dfd131eee823c208f1c86f6aabca1f54f6ddf39d2bee3d5e83ab9afc3b4bf13a

Download Submit
\Program Files (x86)\SwifDooPDF\SwifDoo.exe
Filesize
15.4MB

MD5
32fb77e3108dbbb0660bec9a38888938

SHA1
79e84baacfa5ab31b956074a71e46f6adb3de577

SHA256
0f81c12612e54f476f40282986c96bcb104e1f7957c8d2de1c11d23245e158ba

SHA512
93285ddfdc1cf36e2ebb09397cee2adc3ee47bd03b6d10da11aaadb1a2639937dfd131eee823c208f1c86f6aabca1f54f6ddf39d2bee3d5e83ab9afc3b4bf13a

Download Submit
\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe
Filesize
2.5MB

MD5
504abc80c438c75915f530e8dbf11067

SHA1
52fddede1e58bbd30ac9997d4c8bad30f08c74e0

SHA256
18a08fee7e5fb95c4972c4032eeb96a998f379486fcae78024e5056b30e61879

SHA512
aa1886fdd4a1ff84b65a3c68050e8f54539830408dac0ceac1211c797bad8f6db2fa373abc2cd47645818769592d63fdec7e37d0d8fae87ed1e303ae2b2cd20d

Download Submit
\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe
Filesize
2.5MB

MD5
504abc80c438c75915f530e8dbf11067

SHA1
52fddede1e58bbd30ac9997d4c8bad30f08c74e0

SHA256
18a08fee7e5fb95c4972c4032eeb96a998f379486fcae78024e5056b30e61879

SHA512
aa1886fdd4a1ff84b65a3c68050e8f54539830408dac0ceac1211c797bad8f6db2fa373abc2cd47645818769592d63fdec7e37d0d8fae87ed1e303ae2b2cd20d

Download Submit
\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe
Filesize
2.5MB

MD5
504abc80c438c75915f530e8dbf11067

SHA1
52fddede1e58bbd30ac9997d4c8bad30f08c74e0

SHA256
18a08fee7e5fb95c4972c4032eeb96a998f379486fcae78024e5056b30e61879

SHA512
aa1886fdd4a1ff84b65a3c68050e8f54539830408dac0ceac1211c797bad8f6db2fa373abc2cd47645818769592d63fdec7e37d0d8fae87ed1e303ae2b2cd20d

Download Submit
\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe
Filesize
2.5MB

MD5
504abc80c438c75915f530e8dbf11067

SHA1
52fddede1e58bbd30ac9997d4c8bad30f08c74e0

SHA256
18a08fee7e5fb95c4972c4032eeb96a998f379486fcae78024e5056b30e61879

SHA512
aa1886fdd4a1ff84b65a3c68050e8f54539830408dac0ceac1211c797bad8f6db2fa373abc2cd47645818769592d63fdec7e37d0d8fae87ed1e303ae2b2cd20d

Download Submit
\Program Files (x86)\SwifDooPDF\uninstall\unins000.exe
Filesize
1.2MB

MD5
5e50738523da77a4fccf7a3d11bef356

SHA1
59e6844dd543837faef79e93ec526c5b6b78022b

SHA256
df1c21536c04ceab81dae169dd4a8eed4d7c68c8e2b24fcc9604b42cb33eb0e4

SHA512
55a90385ac66852a2b21a141b898cfc618cc294b0c3517cebf7bd38600660aac5ad2adf819ab31131acc91b89bc4b1998f84c9b86e3d6167ababe1ebeec4a9c5

Download Submit
\Program Files (x86)\SwifDooPDF\uninstall\unins000.exe
Filesize
1.2MB

MD5
5e50738523da77a4fccf7a3d11bef356

SHA1
59e6844dd543837faef79e93ec526c5b6b78022b

SHA256
df1c21536c04ceab81dae169dd4a8eed4d7c68c8e2b24fcc9604b42cb33eb0e4

SHA512
55a90385ac66852a2b21a141b898cfc618cc294b0c3517cebf7bd38600660aac5ad2adf819ab31131acc91b89bc4b1998f84c9b86e3d6167ababe1ebeec4a9c5

Download Submit
\Program Files (x86)\SwifDooPDF\webview\WebView.dll
Filesize
1.0MB

MD5
aa02267da9cc261bbedf44fced1c7002

SHA1
213d4f05f9cddff1ace4475ba43c2923dafc774b

SHA256
2e7d99543e3cff898de6b9a23277619c156abe266d7a9e4d95d00ba630c88ba4

SHA512
ba2e2a64a74ed42768a11352b5de918e3af8b558452e725860950ccb7e8f68c5802c0e98dd8df34255013c7c456cc17dea1ae632c7852fdcae682c749b974870

Download Submit
\Program Files (x86)\SwifDooPDF\webview\cef\SwifdooBrowser.exe
Filesize
577KB

MD5
dba78b5e18335d120c1533cef7414fc6

SHA1
a66038323c29e39115ab801b129d57c908e239f6

SHA256
ecce81c5530c4a32aa6a78457922bd57d0091f2c17c1af8723335df773240fca

SHA512
6b98daf62e9404b2552d0c223fbc477deae8b4b6eec36fe0f6217b5c13e250ec6eaa5cb3bd2ebac1d3628e709d9b7e81f96daa67be0197b339816571b352abb1

Download Submit
\Program Files (x86)\SwifDooPDF\webview\cef\libcef.dll
Filesize
47.5MB

MD5
1e71acd4d7ee98873f6db78ef8adbbfd

SHA1
76478213224c5a133953bfdd21d5499c88e52c39

SHA256
26de05ae9c26c6ab48ecfb3b6996281d4c979f719363788f825c4402b6e862b4

SHA512
a2d1039034f3414d115db8dc59bcf228aeefbf7778c2c5e8ecf264ed105dcfe7e115e907001f90e32169b7062ff99198273815ba39daf86d1c1b12018aa3be73

Download Submit
\Program Files (x86)\SwifDooPDF\webview\cef\libcef.dll
Filesize
47.5MB

MD5
1e71acd4d7ee98873f6db78ef8adbbfd

SHA1
76478213224c5a133953bfdd21d5499c88e52c39

SHA256
26de05ae9c26c6ab48ecfb3b6996281d4c979f719363788f825c4402b6e862b4

SHA512
a2d1039034f3414d115db8dc59bcf228aeefbf7778c2c5e8ecf264ed105dcfe7e115e907001f90e32169b7062ff99198273815ba39daf86d1c1b12018aa3be73

Download Submit
\Users\Admin\AppData\Local\Temp\is-7BAD6.tmp\InstallModule.dll
Filesize
2.9MB

MD5
b0309a372f4816e2576af45721470918

SHA1
ea165b68f241c4b84bdfca864e57d8b0edc21217

SHA256
626790ed322af160e03611aaf0524de527289a600c197dce4eef4dd2e58bbe55

SHA512
9b5d8cddfa8b9c98345fbdb9e5c318986cdc61341a646073a44c49bcf8574ff24f9db8223d225cd1c99e09132b3779220f998176bb2ac9e7b30bdcf923ed3657

Download Submit
\Users\Admin\AppData\Local\Temp\is-IKGJH.tmp\SwifdooInstaller_stable_en_home.tmp
Filesize
1.2MB

MD5
5e50738523da77a4fccf7a3d11bef356

SHA1
59e6844dd543837faef79e93ec526c5b6b78022b

SHA256
df1c21536c04ceab81dae169dd4a8eed4d7c68c8e2b24fcc9604b42cb33eb0e4

SHA512
55a90385ac66852a2b21a141b898cfc618cc294b0c3517cebf7bd38600660aac5ad2adf819ab31131acc91b89bc4b1998f84c9b86e3d6167ababe1ebeec4a9c5

Download Submit
memory/436-213-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/456-301-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/456-503-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/472-350-0x0000000015200000-0x0000000015201000-memory.dmp

Filesize
4KB

Download
memory/1036-192-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/1036-66-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1036-67-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1036-324-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/1036-81-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/1036-216-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/1216-54-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1216-80-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1216-325-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1460-239-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/1984-353-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/1984-352-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download