hxxps://www[.]filetypeadvisor[.]com/download/file-viewer-pro[.]exe

Analysis

max time kernel
219s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.filetypeadvisor.com/download/file-viewer-pro.exe

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software 15 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\avcodec-57.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\postproc-54.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\postproc-54.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\avcodec-57.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\swscale-4.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\swscale-4.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\swresample-2.dll	acprotect
C:\Program Files (x86)\Free File Viewer Pro\swresample-2.dll	acprotect

Executes dropped EXE 3 IoCs

Processes:

file-viewer-pro.exefile-viewer-pro.tmpFreeFileViewerPro.exe

pid process

4172 file-viewer-pro.exe
4896 file-viewer-pro.tmp
1452 FreeFileViewerPro.exe

pid	process
4172	file-viewer-pro.exe
4896	file-viewer-pro.tmp
1452	FreeFileViewerPro.exe

Loads dropped DLL 17 IoCs

Processes:

FreeFileViewerPro.exe

pid	process
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files (x86)\Free File Viewer Pro\FreeFileViewerPro.exe	upx
C:\Program Files (x86)\Free File Viewer Pro\FreeFileViewerPro.exe	upx
C:\Program Files (x86)\Free File Viewer Pro\FreeFileViewerPro.exe	upx
C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\avcodec-57.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\postproc-54.dll	upx
behavioral1/memory/1452-378-0x0000000000400000-0x0000000002522000-memory.dmp	upx
C:\Program Files (x86)\Free File Viewer Pro\postproc-54.dll	upx
behavioral1/memory/1452-382-0x0000000072CB0000-0x000000007321F000-memory.dmp	upx
behavioral1/memory/1452-387-0x0000000072620000-0x0000000072AA4000-memory.dmp	upx
behavioral1/memory/1452-386-0x0000000073FF0000-0x0000000074082000-memory.dmp	upx
behavioral1/memory/1452-389-0x00000000704B0000-0x000000007261D000-memory.dmp	upx
behavioral1/memory/1452-393-0x0000000073EE0000-0x0000000073F07000-memory.dmp	upx
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\avcodec-57.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\swscale-4.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\swscale-4.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\swresample-2.dll	upx
C:\Program Files (x86)\Free File Viewer Pro\swresample-2.dll	upx
behavioral1/memory/1452-396-0x0000000073220000-0x00000000732AB000-memory.dmp	upx
behavioral1/memory/1452-451-0x0000000000400000-0x0000000002522000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

FreeFileViewerPro.exe

pid process

1452 FreeFileViewerPro.exe

Drops file in Program Files directory 64 IoCs

Processes:

file-viewer-pro.tmpsetup.exe

description	ioc	process
File created	C:\Program Files (x86)\Free File Viewer Pro\unins000.dat	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-UHETK.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-F0CTB.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-0U98Q.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-VRASL.tmp	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\avdevice-57.dll	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\basswma.dll	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\avutil-55.dll	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-NDRCQ.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-H7A5S.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-A8N52.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-92UKU.tmp	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\basswv.dll	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-5JFRE.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-J27G9.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\license\is-3AJCR.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\is-3JCM7.tmp	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\bass_aac.dll	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\FreeFileViewerPro.exe	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-0O45J.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-G9AO6.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\is-KH7AS.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-1G6NP.tmp	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\7z.dll	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\swscale-4.dll	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-IQIP0.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-9TCCM.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-C6CH8.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\license\is-2HFEN.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-F07CN.tmp	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\unins000.dat	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\bass_alac.dll	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-LSL2U.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-LS2PP.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-8GOF8.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\license\is-P34TP.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-V4L62.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-9GNIM.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-3EUEN.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2a160478-b93f-463f-b5c7-ff6ebef2cbf3.tmp	setup.exe
File created	C:\Program Files (x86)\Free File Viewer Pro\unins000.msg	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\bass_mpc.dll	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\postproc-54.dll	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-7FBB2.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-BUK62.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-MBO8M.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\is-VJICI.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-CO485.tmp	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\unrar.dll	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-RL73D.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-UQAU7.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-44JRH.tmp	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\swresample-2.dll	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-KLNVN.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-PJAMB.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-VNEC5.tmp	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\bass_ape.dll	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\is-1EHNL.tmp	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\avcodec-57.dll	file-viewer-pro.tmp
File opened for modification	C:\Program Files (x86)\Free File Viewer Pro\bassflac.dll	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\license\is-00BOK.tmp	file-viewer-pro.tmp
File created	C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\is-1RIRD.tmp	file-viewer-pro.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

FreeFileViewerPro.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\FreeFileViewerPro.exe = "11001"	FreeFileViewerPro.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244954644121282"	chrome.exe

Modifies registry class 64 IoCs

Processes:

FreeFileViewerPro.exefile-viewer-pro.tmp

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	FreeFileViewerPro.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	FreeFileViewerPro.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Free File Viewer Pro\ = "Open with Free File Viewer Pro"	file-viewer-pro.tmp
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000d8632e226c45d9016c297f256c45d9013ba4be266c45d90114000000	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 72003100000000007c56a88510004652454546497e3100005a0009000400efbe7c56a7857c56a8852e00000042310200000007000000000000000000000000000000ed61060046007200650065002000460069006c00650020005600690065007700650072002000500072006f00000018000000	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	FreeFileViewerPro.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	FreeFileViewerPro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{009B4A34-294E-04D7-3770-F059A5DD0BDD}\InProcServer32	FreeFileViewerPro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{009B4A34-294E-04D7-3770-F059A5DD0BDD}\InProcServer32\hbwf = 84657aff	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	FreeFileViewerPro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Free File Viewer Pro	file-viewer-pro.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Free File Viewer Pro\Command	file-viewer-pro.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{009B4A34-294E-04D7-3770-F059A5DD0BDD}	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{009B4A34-294E-04D7-3770-F059A5DD0BDD}\InProcServer32\ppiyfb = c5313de8e20ccb65f1bd62184831e850f254c0b1dc2154e0e8011f6c427d3f0a	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 98003100000000007c56a785110050524f4752417e320000800009000400efbe874fdb497c56a8852e000000c3040000000001000000000000000000560000000000e6246800500072006f006700720061006d002000460069006c0065007300200028007800380036002900000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003700000018000000	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	FreeFileViewerPro.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	FreeFileViewerPro.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	FreeFileViewerPro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	FreeFileViewerPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	FreeFileViewerPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	FreeFileViewerPro.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

chrome.exefile-viewer-pro.tmpchrome.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4248	chrome.exe
4248	chrome.exe
4896	file-viewer-pro.tmp
4896	file-viewer-pro.tmp
1880	chrome.exe
1880	chrome.exe
1376	msedge.exe
1376	msedge.exe
5108	msedge.exe
5108	msedge.exe
2152	identity_helper.exe
2152	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

FreeFileViewerPro.exe

pid process

1452 FreeFileViewerPro.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4248	chrome.exe
4248	chrome.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe
Token: SeShutdownPrivilege	4248	chrome.exe
Token: SeCreatePagefilePrivilege	4248	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

Processes:

chrome.exefile-viewer-pro.tmpmsedge.exe

pid	process
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4896	file-viewer-pro.tmp
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe
4248	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

FreeFileViewerPro.exe

pid	process
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe
1452	FreeFileViewerPro.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4248 wrote to memory of 4556	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 4556	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 428	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 1004	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 1004	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe
PID 4248 wrote to memory of 324	4248	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.filetypeadvisor.com/download/file-viewer-pro.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff3b0e9758,0x7fff3b0e9768,0x7fff3b0e9778
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:2
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:1004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:1
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:1
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5384 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5348 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4760 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:8
2⤵
PID:5092

C:\Users\Admin\Downloads\file-viewer-pro.exe
"C:\Users\Admin\Downloads\file-viewer-pro.exe"
2⤵
- Executes dropped EXE
PID:4172

C:\Users\Admin\AppData\Local\Temp\is-1RD5U.tmp\file-viewer-pro.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1RD5U.tmp\file-viewer-pro.tmp" /SL5="$70194,21539518,233984,C:\Users\Admin\Downloads\file-viewer-pro.exe"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4896

C:\Program Files (x86)\Free File Viewer Pro\FreeFileViewerPro.exe
"C:\Program Files (x86)\Free File Viewer Pro\FreeFileViewerPro.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.filetypeadvisor.com/extension/cab
5⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff4aaf46f8,0x7fff4aaf4708,0x7fff4aaf4718
6⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
6⤵
PID:1448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
6⤵
- Suspicious behavior: EnumeratesProcesses
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
6⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
6⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
6⤵
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
6⤵
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
6⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
6⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
6⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
6⤵
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
6⤵
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
6⤵
- Drops file in Program Files directory
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff69b4b5460,0x7ff69b4b5470,0x7ff69b4b5480
7⤵
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
6⤵
- Suspicious behavior: EnumeratesProcesses
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
6⤵
PID:2052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
6⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
6⤵
PID:5336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17076336096682418395,4857003911427483972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
6⤵
PID:5344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 --field-trial-handle=1812,i,13638797797898551343,7311620190021045225,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1880

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Free File Viewer Pro\English.lng
Filesize
20KB

MD5
7acfede8ec41b6a5f5e0fa0dbcf0ddc4

SHA1
ae58009381ea156deb7dc04a4ff1695082a02a31

SHA256
a0c409abf304f1d345141c33fc0ba01cae3f4cd70e66cdaff194c840dd0c8030

SHA512
01692e2cbc0fb64339e429935adfc25eab5ffc2ca309c3cb10c77032d5b63d81d46391b13485b90780941987a94d80c09b425d5299ebe4228991cb7da747f48b

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\FreeFileViewerPro.exe
Filesize
32.1MB

MD5
c4c760eb211564371d7b87d482c6a753

SHA1
f111e0111c79864c29e473a74ea0da10e7393ee6

SHA256
2516862d0832a65c46da3e549ccc09bf870f61b5493a1ded6a033174dfdc61c1

SHA512
e11838720501f60646771bcc16f257b4b17aa35a91da8acb16aab75d4f9a41c40d1b19e5251c52282d31256ee624e9aaf2b3545f3d32ab7e2c65f761d88d8d0a

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\FreeFileViewerPro.exe
Filesize
32.1MB

MD5
c4c760eb211564371d7b87d482c6a753

SHA1
f111e0111c79864c29e473a74ea0da10e7393ee6

SHA256
2516862d0832a65c46da3e549ccc09bf870f61b5493a1ded6a033174dfdc61c1

SHA512
e11838720501f60646771bcc16f257b4b17aa35a91da8acb16aab75d4f9a41c40d1b19e5251c52282d31256ee624e9aaf2b3545f3d32ab7e2c65f761d88d8d0a

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\FreeFileViewerPro.exe
Filesize
32.1MB

MD5
c4c760eb211564371d7b87d482c6a753

SHA1
f111e0111c79864c29e473a74ea0da10e7393ee6

SHA256
2516862d0832a65c46da3e549ccc09bf870f61b5493a1ded6a033174dfdc61c1

SHA512
e11838720501f60646771bcc16f257b4b17aa35a91da8acb16aab75d4f9a41c40d1b19e5251c52282d31256ee624e9aaf2b3545f3d32ab7e2c65f761d88d8d0a

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\Resources\ClosePage.png
Filesize
273B

MD5
a955cb03237aeab2ec6f9bc77f5198fe

SHA1
d15cca8710e22da177f43833ee1a8b0c5bd92dab

SHA256
a4dc84615efb749056c002d63810f0e4fcbc1f88956fa160d04caae5f57aea69

SHA512
a6d2ce289b31d0f606dea906017c8b041a5b2de39f86679600ec4d7726f2a774f9f5a95dbb7dfc164bab6fd6af5b4de68f5f1df0faa41140b3cab84393e08176

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\Loading.htm
Filesize
925B

MD5
d4930bab87c75bc7fb2207d66999dfd4

SHA1
286671e1b3b2d1cbe9436ba66a24edc620a25121

SHA256
321b0048bf7d48c64f0321153f863d4fbcf35348ce7ceb9929502492badfc617

SHA512
def9e38a7d7c297c8bdc7edafc6841b8b445b1e8b06c7d3e56e16e43c62fe092ca6694748f6b35d22d288887d7a106fdaa1b607831726b1d791d240886c42f92

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\Welcome.htm
Filesize
1KB

MD5
c03e8565e801c42baa701be0de2f6043

SHA1
e78461c3d8c6fdeadd400bcc44daffbceceddad1

SHA256
8328c5c5733e29abd4b70e6ee0010bbb4a22c7a1836c852ef8a5d9e6a5d3781c

SHA512
810ea4a8814331f0fa1ccdf655e5cd302b0a2263194f8f1205e50c36f4a1bd148ce122d2967cf5bb71c439f6137ed5ac193e1683e7cf37b7aa94acfe34c4c5aa

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\button_background.gif
Filesize
8KB

MD5
5219ed9e4f951594510f7cdcc4e690a4

SHA1
455c792e8f9037d4b9388587fa2365e4a2d29c63

SHA256
d136cc0b18d31db2b29999ca38b42b6161dbccfa2a25da30f445242827d92bd1

SHA512
c054b89a3ede595ef7814f6223149ea0abbb20c76aacbae14c3fd45121ba65293df7af4d3b3f3f7bb3d78f38007455fa304b69ee6e8dd14c245ad19a5ece5221

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\loading.png
Filesize
5KB

MD5
cc578eb7a1126a60ae9117150897d6ec

SHA1
8446fbb02b936b5183b63754edcf0e9cb102b238

SHA256
432207854f2987ef5f6d1f874fb0f7b5ea6097d2646fc99a1527dd31d0d4c8d9

SHA512
612bfd1db07b2c21dc1a030e01fb16b9e09b99f1a2adb1d1352a1510ec2443f4a4147e51df061229d9a869cadcbab51a6533060fe6a7b040523a098c0df9a5c8

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\logo.png
Filesize
28KB

MD5
2f911059e8c1e28a0d45613ef1f20279

SHA1
7c35a0141c665e4fdecb006263b84538278a01b1

SHA256
208469bea2b5cb868b78c11b7e375142a370232a954b421ef14179d177883a95

SHA512
2df2c8ce1dcea113f6cc11fea24ac44ea558c3e90590fafad89b69850fa5a7bc7cee0057258e9981513e56f1e725ac8d972c0f1ca2d745a64aa7e95ea6760f60

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\plus-file.gif
Filesize
3KB

MD5
28e8a70d39cce21d2c5c3cea0fd8ee7d

SHA1
473441f390826aff7213393a73bee07eed4d50fe

SHA256
d4177101071edd4e49a89bb6f523aa7d318762da05a107a5908695ab0d102425

SHA512
d105c57f8105c635867e9a94acfbbf09003529307a3a5128a0fa3cdf5659fd84f3fac38e5471fd42eff90e6960f0dafbacb574a049148932119fb1914ebc24e7

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\Resources\HTML\style.css
Filesize
1KB

MD5
99dd7f2be19415b9e6f50234fcd350de

SHA1
03c5f23aedf4e437abe23a34f5300559bca8eec3

SHA256
513a3ab4b1bfcac6aaf261dfcf5e7b47cbe35c519210510ac392758621428623

SHA512
85a1a75495dddda83e4f9ea3dbe2e4cc1a130643d49ead2c3e6e53945f3670654ced981479b94b5357b258e51032dd845d7027b0a201d197ebec2affd805d1d7

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\Resources\Loading.gif
Filesize
97KB

MD5
ba787be41716b4d93472b0004a3bc186

SHA1
8401667aaaacc8067dcc148c9b43bfdb0c20ec98

SHA256
25ca453f2a7586595c63c4add774bb66215f1b98afa3448c23dfb7dd7bdd1702

SHA512
cbe445b38845ef619042773e868e845d3953286d8e5355c48b63724ea017781eea5df321df5ff879019d40d54958bab1aac917bc926d50ed9389963dc97f991c

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avcodec-57.dll
Filesize
8.8MB

MD5
a6e4934914fcf50586f6fe3994d34e89

SHA1
a173a3266717a738e920e7ec9d89b6919e56bf48

SHA256
9dcffbfdea72a0fed3a937af9b6c6cf89749c1a98c8902ee1b3faf2c8b8f76e5

SHA512
8868fadb4a160f6dfeb3baa3867122012f7cd1a4d980d4afa8e6dd5b8e7944faa1a46169539a1ab842f5430242cca9ce8853e3acec39abc7213f9b649ad03274

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avcodec-57.dll
Filesize
8.8MB

MD5
a6e4934914fcf50586f6fe3994d34e89

SHA1
a173a3266717a738e920e7ec9d89b6919e56bf48

SHA256
9dcffbfdea72a0fed3a937af9b6c6cf89749c1a98c8902ee1b3faf2c8b8f76e5

SHA512
8868fadb4a160f6dfeb3baa3867122012f7cd1a4d980d4afa8e6dd5b8e7944faa1a46169539a1ab842f5430242cca9ce8853e3acec39abc7213f9b649ad03274

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avdevice-57.dll
Filesize
1.9MB

MD5
4b42c94d56f587a22e2366937d0f434e

SHA1
cc9bf4790ef9864ef0f4d07a536e7d8ca8d39e2d

SHA256
774b1b72ca292c17ad7e1942770109ea8ace862395e7727d82afd81faf9c6b04

SHA512
b567aff99147f3d7956fc4dffd1364c4f7cf320dfdf1750161a14a2d716cbd3c566a1c4ba98169c5ba8f59e23aee86cf1e8b987b848a9e74dfe9cb4c158d5658

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avdevice-57.dll
Filesize
1.9MB

MD5
4b42c94d56f587a22e2366937d0f434e

SHA1
cc9bf4790ef9864ef0f4d07a536e7d8ca8d39e2d

SHA256
774b1b72ca292c17ad7e1942770109ea8ace862395e7727d82afd81faf9c6b04

SHA512
b567aff99147f3d7956fc4dffd1364c4f7cf320dfdf1750161a14a2d716cbd3c566a1c4ba98169c5ba8f59e23aee86cf1e8b987b848a9e74dfe9cb4c158d5658

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll
Filesize
1.5MB

MD5
70da1d43f8f52fd4f7fac9f3846518a2

SHA1
c174ec17d3359d8f6943546c17e549f217cd702b

SHA256
3a73c776c030f8fb4b8a7840e4e69803f86fe9ea727fc17edd7f09ef27e23fe1

SHA512
8e0024fdd6559bd60c1c299850a4804d5ce3bb37794d1c42b4f9515c23058bb03c7de91b15c7120df64d112046ed5964a6dac4396966bd2368936c62c9a492dd

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll
Filesize
1.5MB

MD5
70da1d43f8f52fd4f7fac9f3846518a2

SHA1
c174ec17d3359d8f6943546c17e549f217cd702b

SHA256
3a73c776c030f8fb4b8a7840e4e69803f86fe9ea727fc17edd7f09ef27e23fe1

SHA512
8e0024fdd6559bd60c1c299850a4804d5ce3bb37794d1c42b4f9515c23058bb03c7de91b15c7120df64d112046ed5964a6dac4396966bd2368936c62c9a492dd

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll
Filesize
1.5MB

MD5
70da1d43f8f52fd4f7fac9f3846518a2

SHA1
c174ec17d3359d8f6943546c17e549f217cd702b

SHA256
3a73c776c030f8fb4b8a7840e4e69803f86fe9ea727fc17edd7f09ef27e23fe1

SHA512
8e0024fdd6559bd60c1c299850a4804d5ce3bb37794d1c42b4f9515c23058bb03c7de91b15c7120df64d112046ed5964a6dac4396966bd2368936c62c9a492dd

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avfilter-6.dll
Filesize
1.5MB

MD5
70da1d43f8f52fd4f7fac9f3846518a2

SHA1
c174ec17d3359d8f6943546c17e549f217cd702b

SHA256
3a73c776c030f8fb4b8a7840e4e69803f86fe9ea727fc17edd7f09ef27e23fe1

SHA512
8e0024fdd6559bd60c1c299850a4804d5ce3bb37794d1c42b4f9515c23058bb03c7de91b15c7120df64d112046ed5964a6dac4396966bd2368936c62c9a492dd

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll
Filesize
1.8MB

MD5
8633cab26b2a9225d326c60553873e6a

SHA1
deca9e95975f1aaed499357af85363f7c6b5ba4c

SHA256
8ef765dfc6aa38efc5632aa860d505ff72b647581b980d0b731e3add9b86ff80

SHA512
83caa900c2d4cb28766b0ead9757a3660facdb433d54d5099ef60ecfc154674a0f0a138f49db45f8d52dbbaedad72ab8567199799732c3cf1b6d8aa7977b2a9a

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll
Filesize
1.8MB

MD5
8633cab26b2a9225d326c60553873e6a

SHA1
deca9e95975f1aaed499357af85363f7c6b5ba4c

SHA256
8ef765dfc6aa38efc5632aa860d505ff72b647581b980d0b731e3add9b86ff80

SHA512
83caa900c2d4cb28766b0ead9757a3660facdb433d54d5099ef60ecfc154674a0f0a138f49db45f8d52dbbaedad72ab8567199799732c3cf1b6d8aa7977b2a9a

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avformat-57.dll
Filesize
1.8MB

MD5
8633cab26b2a9225d326c60553873e6a

SHA1
deca9e95975f1aaed499357af85363f7c6b5ba4c

SHA256
8ef765dfc6aa38efc5632aa860d505ff72b647581b980d0b731e3add9b86ff80

SHA512
83caa900c2d4cb28766b0ead9757a3660facdb433d54d5099ef60ecfc154674a0f0a138f49db45f8d52dbbaedad72ab8567199799732c3cf1b6d8aa7977b2a9a

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avutil-55.dll
Filesize
668KB

MD5
3423784db37e278c4fa5bc8e17f5b8ca

SHA1
ae6c9860db4ea9210087f7930972d78a859e85a6

SHA256
5547a38894aaa069a10b516cc2dcf9d8680832760b54b86ec49c6a9befe7e71e

SHA512
20add275c386c08cc995d0841de11687040ae5bb38c90a5799095ca6f7a5c6cf9de3200bf78c12ee06db06a4462eb615e5a8b34568cd38fb7a8cfae009e4dc3a

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\avutil-55.dll
Filesize
668KB

MD5
3423784db37e278c4fa5bc8e17f5b8ca

SHA1
ae6c9860db4ea9210087f7930972d78a859e85a6

SHA256
5547a38894aaa069a10b516cc2dcf9d8680832760b54b86ec49c6a9befe7e71e

SHA512
20add275c386c08cc995d0841de11687040ae5bb38c90a5799095ca6f7a5c6cf9de3200bf78c12ee06db06a4462eb615e5a8b34568cd38fb7a8cfae009e4dc3a

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\bass.dll
Filesize
107KB

MD5
c0b11a7e60f69241ddcb278722ab962f

SHA1
ff855961eb5ed8779498915bab3d642044fc9bb1

SHA256
a8d979460e970e84eacce36b8a68ae5f6b9cc0fe16e05a6209b4ead52b81b021

SHA512
cb040aca6592310bffb72c898b8eb3ca8a46ff2df50212634c637593c58683c8ab62e0188da7aea362e1b063ae5db55cf4bf474295922af0ab94a526465cc472

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\bass.dll
Filesize
107KB

MD5
c0b11a7e60f69241ddcb278722ab962f

SHA1
ff855961eb5ed8779498915bab3d642044fc9bb1

SHA256
a8d979460e970e84eacce36b8a68ae5f6b9cc0fe16e05a6209b4ead52b81b021

SHA512
cb040aca6592310bffb72c898b8eb3ca8a46ff2df50212634c637593c58683c8ab62e0188da7aea362e1b063ae5db55cf4bf474295922af0ab94a526465cc472

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\bass_ape.dll
Filesize
28KB

MD5
ec5486ffbbd093df9c59b0c7e1cdae66

SHA1
167ed1ca016baf964dd5ca770399366e677dcd72

SHA256
7cf69627f5f80ca33eeb16c62417f94a897c03f070a7e5b5e2e83087e1e0bba9

SHA512
20faefa89171b1dd4fcb6a3b62b5de08c8823a8724a3d62cef62c22c272b5c5f149a214e29fb264c166d9bdf773590dd792fcc6094b6817901efc0e89dc0ed39

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\bass_ape.dll
Filesize
28KB

MD5
ec5486ffbbd093df9c59b0c7e1cdae66

SHA1
167ed1ca016baf964dd5ca770399366e677dcd72

SHA256
7cf69627f5f80ca33eeb16c62417f94a897c03f070a7e5b5e2e83087e1e0bba9

SHA512
20faefa89171b1dd4fcb6a3b62b5de08c8823a8724a3d62cef62c22c272b5c5f149a214e29fb264c166d9bdf773590dd792fcc6094b6817901efc0e89dc0ed39

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\bass_ape.dll
Filesize
28KB

MD5
ec5486ffbbd093df9c59b0c7e1cdae66

SHA1
167ed1ca016baf964dd5ca770399366e677dcd72

SHA256
7cf69627f5f80ca33eeb16c62417f94a897c03f070a7e5b5e2e83087e1e0bba9

SHA512
20faefa89171b1dd4fcb6a3b62b5de08c8823a8724a3d62cef62c22c272b5c5f149a214e29fb264c166d9bdf773590dd792fcc6094b6817901efc0e89dc0ed39

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\bass_mpc.dll
Filesize
20KB

MD5
52420b97e59b525adef27bf51983f036

SHA1
da9f170165f2266a7285be6c0c489582399581b9

SHA256
685e6a44f557a9852ba16da2293a35ef3315720827e8472b870cc7c8644f92a8

SHA512
8a8342f4d79508b5b385c64389a432731428bd321bf0bbbbf6c1626f8a5ae6ad7b199fe2af895e28eca12feb33fc3cd5b100a5f6444008774b8ca1397f3e9d84

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\bass_mpc.dll
Filesize
20KB

MD5
52420b97e59b525adef27bf51983f036

SHA1
da9f170165f2266a7285be6c0c489582399581b9

SHA256
685e6a44f557a9852ba16da2293a35ef3315720827e8472b870cc7c8644f92a8

SHA512
8a8342f4d79508b5b385c64389a432731428bd321bf0bbbbf6c1626f8a5ae6ad7b199fe2af895e28eca12feb33fc3cd5b100a5f6444008774b8ca1397f3e9d84

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\bassflac.dll
Filesize
24KB

MD5
50af8a7d49e83a723ed0f70fb682dcfb

SHA1
3c2fad1b5d1dcc5e50819b1a3e65ef7b1d93d717

SHA256
481b418bfb291276b565edd4a6e06948038c10cd8c592c2d81fd82348ef39e6a

SHA512
99aaca0a84e9220408d16fa1465a7549027618b7cb6d665d0ad97627a890ae7141ed7320568fab1132a3d491a950e31b472f45ba68f6c10f0f2aead40dd9fcb3

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\bassflac.dll
Filesize
24KB

MD5
50af8a7d49e83a723ed0f70fb682dcfb

SHA1
3c2fad1b5d1dcc5e50819b1a3e65ef7b1d93d717

SHA256
481b418bfb291276b565edd4a6e06948038c10cd8c592c2d81fd82348ef39e6a

SHA512
99aaca0a84e9220408d16fa1465a7549027618b7cb6d665d0ad97627a890ae7141ed7320568fab1132a3d491a950e31b472f45ba68f6c10f0f2aead40dd9fcb3

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\basswma.dll
Filesize
17KB

MD5
ebe29552b1449d95cb61867b6633aaef

SHA1
a3a198c6da0591fffc1fde6f47dd1b7fa894935f

SHA256
61ebd26043bfb155950d0d4b829f34e1ad6151b51bf9581e42acf621da1c1d86

SHA512
df1ec6606280d7e644571df9ec2d0d50de2bcded1ea53a1518c83dcfcaf9709972f8e867f89cc86438984fee003c9df3296c14b1ae820d2b2b2a310e40881b57

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\basswma.dll
Filesize
17KB

MD5
ebe29552b1449d95cb61867b6633aaef

SHA1
a3a198c6da0591fffc1fde6f47dd1b7fa894935f

SHA256
61ebd26043bfb155950d0d4b829f34e1ad6151b51bf9581e42acf621da1c1d86

SHA512
df1ec6606280d7e644571df9ec2d0d50de2bcded1ea53a1518c83dcfcaf9709972f8e867f89cc86438984fee003c9df3296c14b1ae820d2b2b2a310e40881b57

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\postproc-54.dll
Filesize
38KB

MD5
d87b92f4c37e0cae0c109cd7dcb65a1d

SHA1
a182ef7f2d2e400b18e7366aecbe50e9e9fa375c

SHA256
ff4a6ce4528ed7e317444f5d6190ea167770749a80c4348b91459498fa0772b9

SHA512
48b5fd9faa34014645801b02ab04e03fa27ae2bb01633a467cb3eab46093de411b854ed61b94b58aca390a0d698346e921b379b09b3d94a37c14892259971cee

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\postproc-54.dll
Filesize
38KB

MD5
d87b92f4c37e0cae0c109cd7dcb65a1d

SHA1
a182ef7f2d2e400b18e7366aecbe50e9e9fa375c

SHA256
ff4a6ce4528ed7e317444f5d6190ea167770749a80c4348b91459498fa0772b9

SHA512
48b5fd9faa34014645801b02ab04e03fa27ae2bb01633a467cb3eab46093de411b854ed61b94b58aca390a0d698346e921b379b09b3d94a37c14892259971cee

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\swresample-2.dll
Filesize
115KB

MD5
391da3cc5110d7f802b8dbdad164ddc7

SHA1
7938eef1cbfddd2c1041a53fa8ee680299b6d17f

SHA256
5df20ef51d78943e94dfc951bb8b6db9ca2a58fcb855280eeba433cf23440d86

SHA512
8e42398975f37affa352eaf4892f85d3d343762da52b61340ddff4567cd7860e6bbc58e8013eec9e0824e2a0459fa107f72dad16b863ad5426d0cd12888b5ccc

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\swresample-2.dll
Filesize
115KB

MD5
391da3cc5110d7f802b8dbdad164ddc7

SHA1
7938eef1cbfddd2c1041a53fa8ee680299b6d17f

SHA256
5df20ef51d78943e94dfc951bb8b6db9ca2a58fcb855280eeba433cf23440d86

SHA512
8e42398975f37affa352eaf4892f85d3d343762da52b61340ddff4567cd7860e6bbc58e8013eec9e0824e2a0459fa107f72dad16b863ad5426d0cd12888b5ccc

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\swscale-4.dll
Filesize
133KB

MD5
bb1c669f46bf5ae44d53a7c81eb59e37

SHA1
d579c8ea1ec11cf3d14d7d2b582b905a145b1ad7

SHA256
8ede9d0d5420c785167ab4e3c1e8375162cae14ede1f21fbbb574deba0fa4a83

SHA512
8dc400476ff479f1fca59716140c685368ddaa1655d93f6c7e46269ed5fe30ca3eccbff28190dd7ad3d153e2e9f4cb492f7a430c7e77d89a627ccf5193ef2b55

Download Submit
C:\Program Files (x86)\Free File Viewer Pro\swscale-4.dll
Filesize
133KB

MD5
bb1c669f46bf5ae44d53a7c81eb59e37

SHA1
d579c8ea1ec11cf3d14d7d2b582b905a145b1ad7

SHA256
8ede9d0d5420c785167ab4e3c1e8375162cae14ede1f21fbbb574deba0fa4a83

SHA512
8dc400476ff479f1fca59716140c685368ddaa1655d93f6c7e46269ed5fe30ca3eccbff28190dd7ad3d153e2e9f4cb492f7a430c7e77d89a627ccf5193ef2b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
882B

MD5
48e66b63751d5054fde06cea8cb61f42

SHA1
a96d70fe51dd4b47a65b63a4f53c9ab1e7bb3c79

SHA256
76d1abeaf9d2a6aa098f97beb67d6e11ff90fe4de34fc8273d60061baea286ae

SHA512
1076d882acbd01747d59fc8d655871982f8b1fa4e3b75f9f353e7a6356d5022caaf3b64eeb6d51f4d38d5bac921dfa08e392dcc147e943b8ef449f13ce03a1f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
68afdfc2c00a5b82f1b5c0b3af844c9d

SHA1
0484c2505fe01160111375f6b41b89e9db715d13

SHA256
c31fae7151ea84aa44c1ba97330576f8762c588831f63d7ea77046f0c23c64ad

SHA512
082102ea2a96348acb68de1b9ab43fbcea1e39b8544cf4625f3f43065698befbd051faef15f6442f7b137d6d10176361def2b3a41b1ef0710e2ce0ff18cce8bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3a0f7a1bd824ffbbaa3c7d67d7a13f2d

SHA1
6966ae5c6680741fe92a60606848db5ad83391e4

SHA256
e96a17f2fdad53439c1cb971529ade052a78a8e30402a66ec9b84493d9f2c505

SHA512
2b41864c956b3498dae65d4ef3fac62a4d65337f0be033bf9828a7382d30a8812216ef4b16bb82249c2aaa5b6555ed7e27fbe5634b1dbdd8705dcc268f34aa35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
8628c8ed3f0a639b7fc0359bd07a5db4

SHA1
68821f14c0e47c59a905596291c87628269ca399

SHA256
863400855bb65fc4019b7a7665e81fb30ee449db9388daab13c4c4f17070194f

SHA512
33ba493f2aaa53bcd4da8ae9e7003b21b2da3477b718a27b18f3998fcd97234120688d208ccbf34ab23361d84490872f32895df193784042a95ce75200c0b106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
db7bcfda9d4f6bd693405899743a33fe

SHA1
711ee666f0f32d6b1237904bdf13fc6f9cc96c3e

SHA256
d85811a70c0ca0a49902c77de88b7db1bc43419d7a374a291ac9e65da086aba0

SHA512
8d7305302bf8dd5de7e568b194c71c01c214a50854782c9e5af30b4865629a92432c04b8a61d0f4db82607c9352ade2caaf3507a77254f9cdd0560adc89eaea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
db7bcfda9d4f6bd693405899743a33fe

SHA1
711ee666f0f32d6b1237904bdf13fc6f9cc96c3e

SHA256
d85811a70c0ca0a49902c77de88b7db1bc43419d7a374a291ac9e65da086aba0

SHA512
8d7305302bf8dd5de7e568b194c71c01c214a50854782c9e5af30b4865629a92432c04b8a61d0f4db82607c9352ade2caaf3507a77254f9cdd0560adc89eaea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
18KB

MD5
08af5215db2a2cdda7f475c117c8e245

SHA1
9de88f42ea4afd0e0e64f64d3dc1cf0dc8fc93c8

SHA256
1eb04bafd73b35010f10552b695d8cf11e42aeab75598f4882e547ea3dcf0677

SHA512
6317c4ed924c81087a62c2f68f74dab1aab440e99d2acb60e31605d1287ea96348485a90defbc49c2fecb21fbaa8ede949390fc1ac73669aea41be1d5f93a35b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
ce811a9bad02c0a036d4ad8e9fdb1413

SHA1
30a6aee370348d9a65ca502dfd5a07e85581d911

SHA256
75663f7ae9764731115d1c7d7d9292d3be3db45cebe9ce2da6bf24c65c1d4719

SHA512
8ed72d965b8f0387bdeb76c2bd666f3eaa7f68b59a67a40c1d503889a52083285af31fdbc2f75d1174bb08b1ca351474b117c9ed75332eb2c165da9ab2e74fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe598f55.TMP
Filesize
48B

MD5
9d8faa565bdfab05c82ef2297318c117

SHA1
a146fa3c82ca21ba87f8d13c03996057080ae56c

SHA256
c99606c3803ccd2541f8706695122a06375634c5210aee3d855b20e912f7003d

SHA512
4ed7a842a300479b06d98d257c1757c5eb3439f33a3821126f60f26528560833bb9ccc9f94bcaa5ed74bf2b50ca75d2c251b98ff4e2415f0444a49e4e57523bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
de3e390c5eb9bc482ae5147f40224aad

SHA1
6e40651e18a5e49f6e2a8a029b95245db0de5390

SHA256
0ae0c2a717cc63248911d57c25f7a0648358de84e98ed9ea454f1295e2aef99d

SHA512
60708c594d5861a9bbbb033af3497fe4fc35524a64cec9d830e56fc72fe2a0ea179e9cc5cdc41160f794ea508c267954a27c0ad832e27af2e90af0a0c8baabe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
4ce39aa9b81c02ce202573862b4f0748

SHA1
7517435121ab884013220f6102043a6201a947d8

SHA256
50cb9b45791b2bb6dd98639e653c712d0df3531a6940246e2e6b56f88eb3c103

SHA512
3519e61bbe7b8fb455542ef5ff6c0f48886b707d8affbc6169ae75b1cf426747096440ab9840cbd5b750042dcd5e1ea8bc7d6b2e6de4787c11f86c4a94a29f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ef12c0503c7e34af3f0f3e661a3b95ec

SHA1
0ffe0e46753a92fd14ed2c7a83f8ef3aa48e6dc4

SHA256
f5c56ab25fca88ff9f4100ce64c69cb3964cd30e7bb1357f8662a44214eae738

SHA512
705065383d6b47a64570d4f4eadd3174d03155822e12936859f4d5fb2827969808c0a825fdb53c52c1d362010ede9fe11dec14c7c071f34f5cbeff2214cf7c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
cdd4205880e5a249a9e3951668cc672a

SHA1
7f67e0eaeb9803227c6da54084699df3a9c1a97b

SHA256
8317a8f3e06fda8c0993ca8cd78ecdbf7dc305ebf259889469d6efad1e985107

SHA512
5b08b5db67d21dd7963b96280e4b8268e504c9759c27559f693cbcae67ef1729a7b40166c3918d4e90e37120ef8e22de29da1686de2df9d4f37cf501abc56288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
94b29d5b3eb13cece631c7ce4ca3f8e1

SHA1
b700b2da35b63aac954f0124dd985ef380d0a8eb

SHA256
289757e0aa2b4bf2bb4000c9f788df5a83c22416423cfad81365f230d6e2652b

SHA512
e8fd9879dfdd5eec5b1c7c229d1409d5e8c2fa2f53a2138790e1599353bb6297a3511149c5ce49516655d2cc511c77be44e33d0ce8faf09bdef405909e02cb2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
14d0274440ef32ecef21757a35dc38e2

SHA1
e8e35fa4652f5716ba69a9eaed40fe5175f42b79

SHA256
ff8ff86f9ed872902a98828d99743f46e8dcef21b06e69b7ca71d27df79260e1

SHA512
750e4a93a3d5e4473c371f2a0d172a783693946f4b9c6deed26a819ef6459bb27a3eef3fa7e4e3a3593c22768cd781bbd8fc791f5ae6f9b187dad6c4019c4524

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1RD5U.tmp\file-viewer-pro.tmp
Filesize
1.2MB

MD5
906f38b3d9a6651fdc57e59d9e7c4dd7

SHA1
0664a73c12268a163ba77d438a87d115b9df7fd9

SHA256
e594e1762ca9ed0109b4350e1679d00584a504f9460007a68bae0ad94c563b94

SHA512
fd77785435bfc203e997d4626813a8addfdc9765dc27f818ffb7b951a45a02c67e3e3d071278692ec4dc210e1176681638563705949cb92c94a9d7ab8d249357

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1RD5U.tmp\file-viewer-pro.tmp
Filesize
1.2MB

MD5
906f38b3d9a6651fdc57e59d9e7c4dd7

SHA1
0664a73c12268a163ba77d438a87d115b9df7fd9

SHA256
e594e1762ca9ed0109b4350e1679d00584a504f9460007a68bae0ad94c563b94

SHA512
fd77785435bfc203e997d4626813a8addfdc9765dc27f818ffb7b951a45a02c67e3e3d071278692ec4dc210e1176681638563705949cb92c94a9d7ab8d249357

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
bb8e1e5b0d7842610c10136636ec0715

SHA1
fb38948b601ddf492f47c3576d23459673b6970f

SHA256
cc98c0e80c8b49da22022edd544940e4841530a6d1f231bc3ab63d6908239f22

SHA512
f8206f9246c6f2f894f498c6fd0daf3350e1dc07f64c809fee86c3c29b2738733f0e91f3e5412aa096278139fa2dd2bb723b964b0a75fe403b4c8aaece0401ab

Download Submit
C:\Users\Admin\Desktop\Free File Viewer Pro.lnk
Filesize
1KB

MD5
ac8ce2ab6fef7e20402d47b29c8ff0e1

SHA1
550608d8e7974dd18c24484d5d3d99baf42381ed

SHA256
e57f6b58b985184c709484d3e839fe0f7252765d43a259fd8c161d81e60fff2a

SHA512
8e7a8f29314432e67f8ccffe05e3a92f9a79ca99a15609e15e05ee67409632425f9ac8216bdf4b560bf38900acc01de6d5cce6c5f02f65cdecbcd17de18d4094

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 691005.crdownload
Filesize
21.0MB

MD5
5b45fe4a04e6f276be3f6793a7a48abb

SHA1
70f64fb846e2d93dde8b379c5cf5de986117c875

SHA256
842f47bd94b3c2a0e3f7158e092b0b5c5441e98c36e7d72d5fbbdd38122b0f4a

SHA512
497cf5475e8ccdeaf243de391b21f2b9e1e192af230d87e7c57ed8a61011022b1daf25636e46c83e0f955b6fe906142c5158c272bcd6102fe378e41ed1e37a59

Download Submit
C:\Users\Admin\Downloads\file-viewer-pro.exe
Filesize
21.0MB

MD5
5b45fe4a04e6f276be3f6793a7a48abb

SHA1
70f64fb846e2d93dde8b379c5cf5de986117c875

SHA256
842f47bd94b3c2a0e3f7158e092b0b5c5441e98c36e7d72d5fbbdd38122b0f4a

SHA512
497cf5475e8ccdeaf243de391b21f2b9e1e192af230d87e7c57ed8a61011022b1daf25636e46c83e0f955b6fe906142c5158c272bcd6102fe378e41ed1e37a59

Download Submit
C:\Users\Admin\Downloads\file-viewer-pro.exe
Filesize
21.0MB

MD5
5b45fe4a04e6f276be3f6793a7a48abb

SHA1
70f64fb846e2d93dde8b379c5cf5de986117c875

SHA256
842f47bd94b3c2a0e3f7158e092b0b5c5441e98c36e7d72d5fbbdd38122b0f4a

SHA512
497cf5475e8ccdeaf243de391b21f2b9e1e192af230d87e7c57ed8a61011022b1daf25636e46c83e0f955b6fe906142c5158c272bcd6102fe378e41ed1e37a59

Download Submit
\??\PIPE\wkssvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5108_CKXBAYGTEVCPKFHV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4248_PHFKGOXMFOUNZQCS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1452-423-0x00000000760E0000-0x00000000760F0000-memory.dmp

Filesize
64KB

Download
memory/1452-382-0x0000000072CB0000-0x000000007321F000-memory.dmp

Filesize
5.4MB

Download
memory/1452-387-0x0000000072620000-0x0000000072AA4000-memory.dmp

Filesize
4.5MB

Download
memory/1452-388-0x0000000002AE0000-0x0000000002F64000-memory.dmp

Filesize
4.5MB

Download
memory/1452-421-0x0000000004670000-0x0000000004671000-memory.dmp

Filesize
4KB

Download
memory/1452-415-0x00000000043F0000-0x00000000044F0000-memory.dmp

Filesize
1024KB

Download
memory/1452-386-0x0000000073FF0000-0x0000000074082000-memory.dmp

Filesize
584KB

Download
memory/1452-414-0x00000000043F0000-0x00000000044F0000-memory.dmp

Filesize
1024KB

Download
memory/1452-412-0x0000000010400000-0x000000001040F000-memory.dmp

Filesize
60KB

Download
memory/1452-411-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1452-451-0x0000000000400000-0x0000000002522000-memory.dmp

Filesize
33.1MB

Download
memory/1452-452-0x0000000002AE0000-0x000000000304F000-memory.dmp

Filesize
5.4MB

Download
memory/1452-453-0x0000000002AE0000-0x0000000002F64000-memory.dmp

Filesize
4.5MB

Download
memory/1452-454-0x0000000002AE0000-0x0000000002F64000-memory.dmp

Filesize
4.5MB

Download
memory/1452-455-0x00000000043F0000-0x00000000043F6000-memory.dmp

Filesize
24KB

Download
memory/1452-456-0x00000000043F0000-0x00000000044F0000-memory.dmp

Filesize
1024KB

Download
memory/1452-457-0x00000000043F0000-0x00000000044F0000-memory.dmp

Filesize
1024KB

Download
memory/1452-458-0x0000000004670000-0x0000000004671000-memory.dmp

Filesize
4KB

Download
memory/1452-399-0x0000000072AB0000-0x0000000072CA4000-memory.dmp

Filesize
2.0MB

Download
memory/1452-396-0x0000000073220000-0x00000000732AB000-memory.dmp

Filesize
556KB

Download
memory/1452-395-0x0000000074090000-0x0000000074153000-memory.dmp

Filesize
780KB

Download
memory/1452-384-0x0000000002AE0000-0x000000000304F000-memory.dmp

Filesize
5.4MB

Download
memory/1452-389-0x00000000704B0000-0x000000007261D000-memory.dmp

Filesize
33.4MB

Download
memory/1452-385-0x0000000002AE0000-0x0000000002AF3000-memory.dmp

Filesize
76KB

Download
memory/1452-391-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1452-393-0x0000000073EE0000-0x0000000073F07000-memory.dmp

Filesize
156KB

Download
memory/1452-394-0x00000000043F0000-0x00000000043F6000-memory.dmp

Filesize
24KB

Download
memory/1452-392-0x0000000010400000-0x000000001040F000-memory.dmp

Filesize
60KB

Download
memory/1452-390-0x0000000002AE0000-0x0000000002F64000-memory.dmp

Filesize
4.5MB

Download
memory/1452-378-0x0000000000400000-0x0000000002522000-memory.dmp

Filesize
33.1MB

Download
memory/1452-379-0x0000000073FA0000-0x0000000073FF0000-memory.dmp

Filesize
320KB

Download
memory/1452-422-0x00000000760D0000-0x00000000760E0000-memory.dmp

Filesize
64KB

Download
memory/1452-383-0x0000000074320000-0x000000007432B000-memory.dmp

Filesize
44KB

Download
memory/4172-377-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4172-219-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4172-198-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4896-376-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/4896-340-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/4896-234-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/4896-223-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/4896-221-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/4896-220-0x0000000000400000-0x0000000000548000-memory.dmp

Filesize
1.3MB

Download
memory/4896-204-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download