46cdc38806d00295bb3d6c87a2d06a3aefe648c8a1bb7e7aa54abe37019a96aa

Analysis

max time kernel
133s
max time network
142s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04-04-2024 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_FileViewPro_2024.exe
Size

1.3MB
MD5

9462e2b4992e3ea63f3f04c499dc5a05
SHA1

9e57c55d9d51d6eabda71ffdfaf48709209943e2
SHA256

46cdc38806d00295bb3d6c87a2d06a3aefe648c8a1bb7e7aa54abe37019a96aa
SHA512

3f5d68ceeb34a24a91a2718e645564dbc2c6a75d018a517f9884f1a228140ee00f5108e00d43f3feeaf5f40cf391a44d81ec90fd63d445ecb1e3f2675dd3f13d
SSDEEP

24576:ih6SVFzDl6eZmL4v9IoYOlrQ14T1+G05hKwzlXX8l8whkwBY2/+WLHkO4H:K6UXtvDz85hK8XM8rcY/OI

Score

7^/10

discovery spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files\FileViewPro\Wps\wps2html.exe	upx

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WTNotifications.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	WTNotifications.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

FileViewPro-S-1.9.8.19.tmpSetup_WinThruster_2024.tmpWinThruster.exe

description	ioc	process
File created	C:\Program Files\FileViewPro\is-RGD6F.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\Vlc.DotNet.Core.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\FileViewPro.exe	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Common.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-V1N6E.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files (x86)\WinThruster\sqlite3.dll	Setup_WinThruster_2024.tmp
File created	C:\Program Files (x86)\WinThruster\is-LH4IS.tmp	Setup_WinThruster_2024.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.XtraPrinting.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\QlmLicenseLib.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-DQ48F.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-90LL5.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\unins000.msg	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\editor\is-6AJ4Q.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-TBUST.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-6258H.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-0HFVE.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files (x86)\WinThruster\is-SQF96.tmp	Setup_WinThruster_2024.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Views.Message.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-29G4F.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-B9NQ4.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\IsLicense50.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-STLII.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-HPLFS.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.Docs.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-4BR7S.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-CNAA8.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files (x86)\WinThruster\net.db-journal	WinThruster.exe
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Views.Document.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files (x86)\WinThruster\is-H6RBI.tmp	Setup_WinThruster_2024.tmp
File created	C:\Program Files\FileViewPro\is-KFJB3.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-8KF7B.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-GQ98M.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-F2KOC.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\PaintDotNet.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\Vlc.DotNet.Forms.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\7z\7z.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-TUHPP.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-RM0FE.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-A9BFG.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-CQEEJ.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files (x86)\WinThruster\is-A87AF.tmp	Setup_WinThruster_2024.tmp
File opened for modification	C:\Program Files\FileViewPro\ImageView.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\Vlc.DotNet.Core.Interops.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\PaintDotNet.Core.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-DVIOQ.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-8PSQ8.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\DevExpress.Spreadsheet.v18.1.Core.dll	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Licensing.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-MHOR7.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-QFOIV.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files (x86)\WinThruster\is-F6JC9.tmp	Setup_WinThruster_2024.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\is-7LMGC.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-75UDA.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Cursors\is-S33VF.tmp	FileViewPro-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Views.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\is-6QGMO.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-C25B6.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Langs\is-BMV63.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files (x86)\WinThruster\is-3A04I.tmp	Setup_WinThruster_2024.tmp
File opened for modification	C:\Program Files\FileViewPro\SolvuSoft.Localization.dll	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-N629O.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\Resources\Editor\monaco\min\vs\basic-languages\src\is-7L8P6.tmp	FileViewPro-S-1.9.8.19.tmp
File created	C:\Program Files\FileViewPro\is-ADN3I.tmp	FileViewPro-S-1.9.8.19.tmp

Executes dropped EXE 8 IoCs

Processes:

Setup_WinThruster_2024.exeSetup_WinThruster_2024.tmpWinThruster.exeWTNotifications.exeFileViewPro-S-1.9.8.19.exeFileViewPro-S-1.9.8.19.tmpFileViewPro.exeFileViewPro.exe

pid	process
2020	Setup_WinThruster_2024.exe
1712	Setup_WinThruster_2024.tmp
2412	WinThruster.exe
448	WTNotifications.exe
3064	FileViewPro-S-1.9.8.19.exe
2136	FileViewPro-S-1.9.8.19.tmp
1944	FileViewPro.exe
3032	FileViewPro.exe

Loads dropped DLL 64 IoCs

Processes:

Setup_FileViewPro_2024.exeSetup_WinThruster_2024.exeSetup_WinThruster_2024.tmpWinThruster.exeWTNotifications.exeFileViewPro-S-1.9.8.19.exeFileViewPro-S-1.9.8.19.tmpFileViewPro.exeFileViewPro.exe

pid	process
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2020	Setup_WinThruster_2024.exe
1712	Setup_WinThruster_2024.tmp
1712	Setup_WinThruster_2024.tmp
1712	Setup_WinThruster_2024.tmp
1712	Setup_WinThruster_2024.tmp
2412	WinThruster.exe
448	WTNotifications.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
3064	FileViewPro-S-1.9.8.19.exe
2136	FileViewPro-S-1.9.8.19.tmp
2412	WinThruster.exe
2136	FileViewPro-S-1.9.8.19.tmp
2136	FileViewPro-S-1.9.8.19.tmp
2136	FileViewPro-S-1.9.8.19.tmp
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
1944	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe
3032	FileViewPro.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WinThruster.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WinThruster.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WinThruster.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

1920 schtasks.exe

pid	process
1920	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXESetup_FileViewPro_2024.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61E0E121-F2C9-11EE-85B9-4A8427BA3DB8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com\Total = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.solvusoft.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.solvusoft.com\ = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000000000000010000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	Setup_FileViewPro_2024.exe

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

FileViewPro.exeSetup_FileViewPro_2024.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FileViewPro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Setup_FileViewPro_2024.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Setup_FileViewPro_2024.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d461d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67080b00000001000000140000005500530045005200540072007500730074000000140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d8090000000100000016000000301406082b0601050507030306082b060105050703080f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FileViewPro.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	FileViewPro.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d80b000000010000001400000055005300450052005400720075007300740000001d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d80b000000010000001400000055005300450052005400720075007300740000001d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	FileViewPro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Setup_FileViewPro_2024.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Setup_WinThruster_2024.tmpFileViewPro-S-1.9.8.19.tmp

pid process

1712 Setup_WinThruster_2024.tmp
1712 Setup_WinThruster_2024.tmp
2136 FileViewPro-S-1.9.8.19.tmp
2136 FileViewPro-S-1.9.8.19.tmp
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Setup_FileViewPro_2024.exe

pid process

2360 Setup_FileViewPro_2024.exe

pid	process
1712	Setup_WinThruster_2024.tmp
1712	Setup_WinThruster_2024.tmp
2136	FileViewPro-S-1.9.8.19.tmp
2136	FileViewPro-S-1.9.8.19.tmp

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

WTNotifications.exeFileViewPro.exe

description	pid	process
Token: SeBackupPrivilege	448	WTNotifications.exe
Token: SeBackupPrivilege	448	WTNotifications.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe
Token: SeBackupPrivilege	448	WTNotifications.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe
Token: SeBackupPrivilege	448	WTNotifications.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe
Token: SeDebugPrivilege	3032	FileViewPro.exe
Token: SeSecurityPrivilege	448	WTNotifications.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Setup_WinThruster_2024.tmpWTNotifications.exeFileViewPro-S-1.9.8.19.tmpiexplore.exe

pid process

1712 Setup_WinThruster_2024.tmp
448 WTNotifications.exe
448 WTNotifications.exe
2136 FileViewPro-S-1.9.8.19.tmp
2000 iexplore.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

WTNotifications.exe

pid process

448 WTNotifications.exe
448 WTNotifications.exe

pid	process
1712	Setup_WinThruster_2024.tmp
448	WTNotifications.exe
448	WTNotifications.exe
2136	FileViewPro-S-1.9.8.19.tmp
2000	iexplore.exe

pid	process
448	WTNotifications.exe
448	WTNotifications.exe

Suspicious use of SetWindowsHookEx 15 IoCs

Processes:

Setup_FileViewPro_2024.exeiexplore.exeIEXPLORE.EXEFileViewPro.exe

pid	process
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2360	Setup_FileViewPro_2024.exe
2000	iexplore.exe
2000	iexplore.exe
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
3032	FileViewPro.exe
3032	FileViewPro.exe

Suspicious use of WriteProcessMemory 60 IoCs

Processes:

Setup_FileViewPro_2024.exeSetup_WinThruster_2024.exeSetup_WinThruster_2024.tmpFileViewPro-S-1.9.8.19.exeWinThruster.exeFileViewPro-S-1.9.8.19.tmpiexplore.exeFileViewPro.exeexplorer.exe

description	pid	process	target process
PID 2360 wrote to memory of 2020	2360	Setup_FileViewPro_2024.exe	Setup_WinThruster_2024.exe
PID 2360 wrote to memory of 2020	2360	Setup_FileViewPro_2024.exe	Setup_WinThruster_2024.exe
PID 2360 wrote to memory of 2020	2360	Setup_FileViewPro_2024.exe	Setup_WinThruster_2024.exe
PID 2360 wrote to memory of 2020	2360	Setup_FileViewPro_2024.exe	Setup_WinThruster_2024.exe
PID 2360 wrote to memory of 2020	2360	Setup_FileViewPro_2024.exe	Setup_WinThruster_2024.exe
PID 2360 wrote to memory of 2020	2360	Setup_FileViewPro_2024.exe	Setup_WinThruster_2024.exe
PID 2360 wrote to memory of 2020	2360	Setup_FileViewPro_2024.exe	Setup_WinThruster_2024.exe
PID 2020 wrote to memory of 1712	2020	Setup_WinThruster_2024.exe	Setup_WinThruster_2024.tmp
PID 2020 wrote to memory of 1712	2020	Setup_WinThruster_2024.exe	Setup_WinThruster_2024.tmp
PID 2020 wrote to memory of 1712	2020	Setup_WinThruster_2024.exe	Setup_WinThruster_2024.tmp
PID 2020 wrote to memory of 1712	2020	Setup_WinThruster_2024.exe	Setup_WinThruster_2024.tmp
PID 2020 wrote to memory of 1712	2020	Setup_WinThruster_2024.exe	Setup_WinThruster_2024.tmp
PID 2020 wrote to memory of 1712	2020	Setup_WinThruster_2024.exe	Setup_WinThruster_2024.tmp
PID 2020 wrote to memory of 1712	2020	Setup_WinThruster_2024.exe	Setup_WinThruster_2024.tmp
PID 1712 wrote to memory of 448	1712	Setup_WinThruster_2024.tmp	WTNotifications.exe
PID 1712 wrote to memory of 448	1712	Setup_WinThruster_2024.tmp	WTNotifications.exe
PID 1712 wrote to memory of 448	1712	Setup_WinThruster_2024.tmp	WTNotifications.exe
PID 1712 wrote to memory of 448	1712	Setup_WinThruster_2024.tmp	WTNotifications.exe
PID 1712 wrote to memory of 2412	1712	Setup_WinThruster_2024.tmp	WinThruster.exe
PID 1712 wrote to memory of 2412	1712	Setup_WinThruster_2024.tmp	WinThruster.exe
PID 1712 wrote to memory of 2412	1712	Setup_WinThruster_2024.tmp	WinThruster.exe
PID 1712 wrote to memory of 2412	1712	Setup_WinThruster_2024.tmp	WinThruster.exe
PID 2360 wrote to memory of 3064	2360	Setup_FileViewPro_2024.exe	FileViewPro-S-1.9.8.19.exe
PID 2360 wrote to memory of 3064	2360	Setup_FileViewPro_2024.exe	FileViewPro-S-1.9.8.19.exe
PID 2360 wrote to memory of 3064	2360	Setup_FileViewPro_2024.exe	FileViewPro-S-1.9.8.19.exe
PID 2360 wrote to memory of 3064	2360	Setup_FileViewPro_2024.exe	FileViewPro-S-1.9.8.19.exe
PID 2360 wrote to memory of 3064	2360	Setup_FileViewPro_2024.exe	FileViewPro-S-1.9.8.19.exe
PID 2360 wrote to memory of 3064	2360	Setup_FileViewPro_2024.exe	FileViewPro-S-1.9.8.19.exe
PID 2360 wrote to memory of 3064	2360	Setup_FileViewPro_2024.exe	FileViewPro-S-1.9.8.19.exe
PID 3064 wrote to memory of 2136	3064	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 3064 wrote to memory of 2136	3064	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 3064 wrote to memory of 2136	3064	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 3064 wrote to memory of 2136	3064	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 3064 wrote to memory of 2136	3064	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 3064 wrote to memory of 2136	3064	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 3064 wrote to memory of 2136	3064	FileViewPro-S-1.9.8.19.exe	FileViewPro-S-1.9.8.19.tmp
PID 2412 wrote to memory of 1920	2412	WinThruster.exe	schtasks.exe
PID 2412 wrote to memory of 1920	2412	WinThruster.exe	schtasks.exe
PID 2412 wrote to memory of 1920	2412	WinThruster.exe	schtasks.exe
PID 2412 wrote to memory of 1920	2412	WinThruster.exe	schtasks.exe
PID 2136 wrote to memory of 2000	2136	FileViewPro-S-1.9.8.19.tmp	iexplore.exe
PID 2136 wrote to memory of 2000	2136	FileViewPro-S-1.9.8.19.tmp	iexplore.exe
PID 2136 wrote to memory of 2000	2136	FileViewPro-S-1.9.8.19.tmp	iexplore.exe
PID 2136 wrote to memory of 2000	2136	FileViewPro-S-1.9.8.19.tmp	iexplore.exe
PID 2136 wrote to memory of 1944	2136	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 2136 wrote to memory of 1944	2136	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 2136 wrote to memory of 1944	2136	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 2136 wrote to memory of 1944	2136	FileViewPro-S-1.9.8.19.tmp	FileViewPro.exe
PID 2000 wrote to memory of 2832	2000	iexplore.exe	IEXPLORE.EXE
PID 2000 wrote to memory of 2832	2000	iexplore.exe	IEXPLORE.EXE
PID 2000 wrote to memory of 2832	2000	iexplore.exe	IEXPLORE.EXE
PID 2000 wrote to memory of 2832	2000	iexplore.exe	IEXPLORE.EXE
PID 1944 wrote to memory of 2276	1944	FileViewPro.exe	explorer.exe
PID 1944 wrote to memory of 2276	1944	FileViewPro.exe	explorer.exe
PID 1944 wrote to memory of 2276	1944	FileViewPro.exe	explorer.exe
PID 1944 wrote to memory of 2276	1944	FileViewPro.exe	explorer.exe
PID 1488 wrote to memory of 3032	1488	explorer.exe	FileViewPro.exe
PID 1488 wrote to memory of 3032	1488	explorer.exe	FileViewPro.exe
PID 1488 wrote to memory of 3032	1488	explorer.exe	FileViewPro.exe
PID 1488 wrote to memory of 3032	1488	explorer.exe	FileViewPro.exe

C:\Users\Admin\AppData\Local\Temp\Setup_FileViewPro_2024.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_FileViewPro_2024.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360

C:\Users\Admin\AppData\Local\Temp\{14F50994-BD52-4390-8A8D-0BD4D5617B3F}\Setup_WinThruster_2024.exe
"C:\Users\Admin\AppData\Local\Temp\{14F50994-BD52-4390-8A8D-0BD4D5617B3F}\Setup_WinThruster_2024.exe" /verysilent /LANG en-us /scan
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2020

C:\Users\Admin\AppData\Local\Temp\is-D81C9.tmp\Setup_WinThruster_2024.tmp
"C:\Users\Admin\AppData\Local\Temp\is-D81C9.tmp\Setup_WinThruster_2024.tmp" /SL5="$60186,6737092,878080,C:\Users\Admin\AppData\Local\Temp\{14F50994-BD52-4390-8A8D-0BD4D5617B3F}\Setup_WinThruster_2024.exe" /verysilent /LANG en-us /scan
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1712

C:\Program Files (x86)\WinThruster\WTNotifications.exe
"C:\Program Files (x86)\WinThruster\WTNotifications.exe"
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:448

C:\Program Files (x86)\WinThruster\WinThruster.exe
"C:\Program Files (x86)\WinThruster\WinThruster.exe" /START
4⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2412

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "WinThruster automatic scan and notifications" /TR "\"C:\Program Files (x86)\WinThruster\WTNotifications.exe\"" /SC ONLOGON /RL HIGHEST /F
5⤵
- Creates scheduled task(s)
PID:1920

C:\Users\Admin\AppData\Local\Temp\{9EAE4399-57E7-4C12-8DA5-8AE0A8524CA1}\FileViewPro-S-1.9.8.19.exe
"C:\Users\Admin\AppData\Local\Temp\{9EAE4399-57E7-4C12-8DA5-8AE0A8524CA1}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG en-us
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3064

C:\Users\Admin\AppData\Local\Temp\is-S0QH2.tmp\FileViewPro-S-1.9.8.19.tmp
"C:\Users\Admin\AppData\Local\Temp\is-S0QH2.tmp\FileViewPro-S-1.9.8.19.tmp" /SL5="$401C6,60311066,131584,C:\Users\Admin\AppData\Local\Temp\{9EAE4399-57E7-4C12-8DA5-8AE0A8524CA1}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG en-us
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2136

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.solvusoft.com/en-us/fileviewpro/install/?utm_source=fileviewpro&utm_campaign=version_1.9.8.19_06042019&utm_medium=bundle-winthruster
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Program Files\FileViewPro\FileViewPro.exe
"C:\Program Files\FileViewPro\FileViewPro.exe" /restartWithNoAdminRights lang=en-us
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1944

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" C:\Program Files\FileViewPro\FileViewPro.exe
5⤵
PID:2276

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1488

C:\Program Files\FileViewPro\FileViewPro.exe
"C:\Program Files\FileViewPro\FileViewPro.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3032

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\WinThruster\Cookies.txt
Filesize
177B

MD5
2bde23fc871c1b6a552f83d4e18157f2

SHA1
bd00a74b0c45898195295464a1e6105774a034da

SHA256
60ece1ea1e17fd213400438616aacc395665e5e56fbc04c2c98067b445fe68e9

SHA512
72402035285dfc8da6a3d1200bca65982fc5495b50fc0e61ce5d4082e256571508f460e81477a331f120a70d3fd536ef73a5e4ead59ab76ff5348a3a710bd052

Download Submit
C:\Program Files (x86)\WinThruster\English.ini
Filesize
81KB

MD5
05d92a969983b83314a0ea2fcef74203

SHA1
9ee3aa567438a28285e1141e4014bb6c473195fc

SHA256
7d07617e39f7dfeccaf894c89b6f85d35d41082b8bed893513bb1b7cad4ac823

SHA512
00fde33bc30148f2e81f2054fe585c9a7605390af013c3aa84b23d59f35413c5f2d494974878d9891db14c9bb43ab2e77a1c707326e7052f2440655272914033

Download Submit
C:\Program Files (x86)\WinThruster\IDs.txt
Filesize
1KB

MD5
3773c8efba54912d59c27b03d4790479

SHA1
48c71bf4680d180295be0c975dbcfbf8d89840dd

SHA256
a4e44a28ccac2dfbcd03104ec32f8589bd55988af981cd167a486c2181112514

SHA512
64f0de1c862391bf86bc15bd8e4f430420cb0c8f6d4eaef67770e6c9f99cff874fa44ef73d8ae73f6416df35f7763d56da451f5237e3c3b1868371f4bf534957

Download Submit
C:\Program Files (x86)\WinThruster\SList.txt
Filesize
77KB

MD5
e246b232635098d4f0fb5fa2d33b15fd

SHA1
92a900a20d5f00923cc69902409310990df6cd68

SHA256
75143874b8165e82187d430a55bb732e7eb765cc0b378c1b9da8638b091875b1

SHA512
19da2beee854d9c2d66f2556a5744ff311666f9d7d8a27e7ac5c50c9d3b3754ef37f13690df42cb0468f18d0619c35c789080415aecf3d22373fc1f3e55be2ca

Download Submit
C:\Program Files (x86)\WinThruster\SiteNtf.txt
Filesize
4KB

MD5
023938522a2335379044391c1b83656a

SHA1
1761b2dcadb48689c7c052393490043e050e5fea

SHA256
66aae467ef3636628b6eb4c4dc2e210990bb6440653cc3aafb7800b89a8da1ec

SHA512
0f88726ee74a9d51dfd888120d0e0dc1c66949374388ef4a394b4a2cd59056dbada68fe75929f4374b4441cfd8b8100e5edfaaa2982dba9f02d0322f1d1dd389

Download Submit
C:\Program Files (x86)\WinThruster\net.db
Filesize
1.9MB

MD5
f708b32b2f89df38a412c2e741079ef5

SHA1
1a6d404e17de80a4939897008936871cf9850a03

SHA256
ac5e33c9f9a12a7231516cf5d8e05586eddfe4c6dac7d898bd1149c8b2674823

SHA512
7374a782de50c9a03354e06fe2ec6bbe243fd56deba98ef69c7571474d62f3b91995b8426bd1725f8284b31f20f7a2a57a33c78a128aba33e1f932397c949a37

Download Submit
C:\Program Files\FileViewPro\DevExpress.Data.v18.1.dll
Filesize
6.4MB

MD5
75e4c5f9581ef853d787961cf4f8830f

SHA1
04615d07cd402692f5c1a35474fc9ae01a1cb3cb

SHA256
a12b4168dcd3692fb8a68382c3d9413351c9d2c543b2d2061064de7994787209

SHA512
02efcef0a7250db93322c2c241a0f120985a730479517793fa8cbce8f0bfed3103bb2a22bde751b8fd333a89e6f85ffd3ebad821d1155d9d82c5f681f213a12b

Download Submit
C:\Program Files\FileViewPro\DevExpress.Utils.v18.1.dll
Filesize
12.4MB

MD5
c5420b084a69cc5783d15bd9ee77d707

SHA1
ed47a4da79ce18af598a416633f4b9d9a032464e

SHA256
1a610b808c07247c0662b829fa703c5068f361194c301594b9594f414e0ebe84

SHA512
53994e509c56ac9435bcd06dc1341b589dc168ed5df2ebe13d2ca43cd50278e898768b1b5b65596542831b68d922612d3896c74d4dae8da829f5f0512905cb4e

Download Submit
C:\Program Files\FileViewPro\FileViewPro.exe.config
Filesize
3KB

MD5
4e73c4ff8ea09cdc528e5eea378b9c89

SHA1
e3974580154b5897441a68b3a14bae74fbfab14d

SHA256
7c90b0bbb693a95518b394ff9fe96f975b1290cf51c017a4a8b5ef669d91e916

SHA512
155962cd814ded2d3d4d4120e8f5774fc381fdb8bf2aecc04e2c0ac84ea2079428f34f60890ad78c627164d33c7f82517750a116e70b00e1aea6e79ae8c32ce3

Download Submit
C:\Program Files\FileViewPro\QlmLicenseLib.dll
Filesize
530KB

MD5
630a267b01b169a4c1a26c0db188d205

SHA1
8cc73e203bafec1d054408feb3b66154194750cd

SHA256
65d9ca2ff2d46c4a46d97cc84dd313771a743eb83baeb7acc1172ff96e5d6fe5

SHA512
0aefbad11dfef128bd8975ed48afe57e81d1239368afb0a824d5d3c3e230665dc073fa31363522c6f35b97313f87acb251867998e504dcf3f6e7921f57562d43

Download Submit
C:\Program Files\FileViewPro\SolvuSoft.Resources.dll
Filesize
101KB

MD5
08323903653f49087bfdc722668c203b

SHA1
cfd75889809a5861cc98be40524c0e64411ae7f1

SHA256
d9b298df75e88695673ad583966f6629378c8fd3007ed87d122cfb2ea4967dc9

SHA512
21bc8e3799994eb1d5b53905b29fd5c4dcd4a3d1378032ec40f0ff7c083cef61ad879c10d0e76bbf55ff4047fd6e8292a2a26823283230f72220b00c1bb78065

Download Submit
C:\Program Files\FileViewPro\Wps\wps2html.exe
Filesize
133KB

MD5
4348b879e87211ca9059ff090a6872c9

SHA1
048c395296eeb2af3fda21c820e33e7a06fae82a

SHA256
ed016605bded2acc91854d33ffdefa6ec92dfbc84313d086a250cf75e891e659

SHA512
89d60cd3cf71e8f9132b81c917038b0702299851f2b3656a4f408d2845e4b52062f64390392a0ee43a3533a6f92d38f805f0b2a45db1be4f3eb660c4851d61a7

Download Submit
C:\ProgramData\IsolatedStorage\pf00fvrg.10n\lnflihhd.skx\Publisher.hobc41kkywtcc0rbz1btlitztrczryui\identity.dat
Filesize
1KB

MD5
05c9f19b4efe1e17616a590bf7ba78b4

SHA1
0b6af11405461794316cca1ba03f04e48368856a

SHA256
2065f492126f161ac0583f22dd1b72240bbee3d763d6a9e0d1eb365b8d9c9ff1

SHA512
e96f2b0c106dcc948225e34c867a23b8f2ec503cd9711a2a6cb4e90cedde8630530147fa4326044d19d9fe95ff45215edc29f2e72b5a6ac93dbc7da839819fb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
Filesize
471B

MD5
c11348ea8b4fa018d5d651dc6cf69f47

SHA1
a2732086167391d6b30c7350220bbcbad4dee94a

SHA256
085e68e53a7dfc663fab882b90bdf8cdb78392ca54a77423625c5780882e1fb4

SHA512
a5991cda4891b33dcfa1aa9ff5816c13c138ee72d1c9b0cf83d41b617ea0bb960c7c07561aadcd42f71dccc27f8d580a07c1d1b73b038ed3e9f0c9c43100557c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
e9ee7342368e378ba805bde6c60f4c2b

SHA1
6bae3e69864d40e2e2caebff8f427dcf5b1e93b0

SHA256
30771586bda267c4e1ec5fb9e059d67bf1f5adde3dd01fd265c66228f8d3fa2f

SHA512
6a93a084cd16ab09b0789bd84ecf15212ceff26c9b70120cc392950b9efd16754cbfab4f743e5a6cad382a4fc053e402c320a514276d29922e89bb8d1f79a95c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
6b3d83d78ed99402dd77536eaa6eeb17

SHA1
0a8bc9e225393534ac308d10fb0e87708a39631f

SHA256
0af0d502dcbd42f4ad65f9fd61938c06416d3e3061f94fc5a1fc7696d37715b3

SHA512
3fa0b12e06fa6b3b284b40251413d40138c2a13defb4bfb34d9acdb96a1edb4e3bf061ca0b2308766ad8b26d3bb87172f04bdc4c288fa927a4f72eefc9b3adc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7f846e86ebeec8e581cf033b04c611c2

SHA1
586a7996dd187827bdb88836ce5a9a8b44104e6a

SHA256
71afa5dff72f1a93b0d176243498ae50573bb8882cbe0e6e76108c835dd72c61

SHA512
eb34f7a3d754c745a5e078a2f3650f074aba46271af8ed54d2793d5404d217728695159ffefba27eef50290aca8762f260648f62507fa01626f142622d64facc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
917be8323bf9c8c925aa04b43ab8d68c

SHA1
f2c0fc67c646bb3ebedbf9092431c349667c46d1

SHA256
8e4dce1419efb7042674b362b920b8d5902bfb9557732e74fc3982884a319cd5

SHA512
dd8df8101ba4cb96516078d374b77365c7a985723bce06a9ad4a0e15cc1ee14c2d6ccd3fb42644ac85d30ed96f79c7e1097bea9f14fa02be669aab21b23dbe14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2c8a5ccf722f7dd8f57be1222552bcb5

SHA1
5993e22c1b7ad83993871defad238f6b8e066ca2

SHA256
5e5564652f623016efbef247b8acda22914d2c1e5a2f134f062fec1c7be16cdc

SHA512
a22b3d84e58e8596db10eb0c4355f59c8facc67adcccab5cad12a315a1684b576fea897660ee55db97aaac9f7a0a6cb74dead74139a92d00278faaaf21db1899

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0a4d93e3a50d1f764c27ee2608eef599

SHA1
a499154aefdf46b2ac73a668c585bd386504b01d

SHA256
84eada629ff12b22a7743fb00222ccd4be30e25618d84c2c9a2021fa5e625088

SHA512
4cb366e6699eccce8bc0be7e42a9a624e7e30551f48ac37439cc1c63163f80210d062357d3835f00e3af2f5a16f4a18d8dd59e80b56dea97c55a8cb39fc88605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4e403603853445da05d8a1c4bce557f3

SHA1
9d5e530bfcaa80cd61f73a98667af49bf144b3f9

SHA256
fc08ff82b8a75d88c3326aa4e2d334468a9a8716a197d339cfab9c27414e30ca

SHA512
ba8098a9c48203ca201f4d52b350704813f95d75664eae03648c9cb9506d1cb879f494d43446ffb187abc8b4c26fd475d537e025842bc1dc5caf478588f8c4fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2055cf6c8cde3dfad3e032c5f40599c2

SHA1
ae15a7dcc35c7dcfac19f5990b06d7053fba7e6b

SHA256
1af40ed7edab74df897cc75b1ca17b958dde89fcbd4b67f361ec7ed356533316

SHA512
03c2caf12c70f5f5df38b629df3b66493cb678748ad8e3e46564447bdf385931d11e16bf8161a5641d4a6db5433c2b22d326dd612dd71241f875bcb9d067a954

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
04b95f3e7222d253934aac50f7f0d0de

SHA1
5d5ba0d7c0f2f1fbeb8a552d89bab6550b58fda9

SHA256
6479a242bbbbf1967e28a63a0115053773131f2ab57b557f8788735a6c261f13

SHA512
34ae98fed55e67e96f63fe2867c93c17db0971b85459f92340db18934d59f0cb67f9c08e74fb12546c13ce011ec73244f2b6a7684bf70313b3a5d91fa9d4ae09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cd6f8056491969b599f20aaaa6e3b11d

SHA1
c88867bf6927ab6ab76527c19ebc67ec15674bfb

SHA256
0d719b584caa063f9a46c4d89070cef72ae66ffa4ea923a942480be1ef422493

SHA512
4067be6bcd0d4ca5dc084a2a90f3541ba54031fc23695e96fd009e5b1ece5c64ebf95ac9c5d55ddbebeaa2311eb6f677a116611eb90afe13333205d4b8ebb199

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d4c7b8492f4b0734e737f57a0799276f

SHA1
23124392faf8ac099a2ce2c9a451cad214203990

SHA256
b1e9fbacd6962a91ad2c71eb73682cc5e47ba72bc484f94df31d4d44943e60c6

SHA512
dcae80cce28fb2aa137d871ec207c5ab05d89faf16fd4bc9f0f50095cbfe9d99e22aaed0a52445b2566f3cb79170ed1448104b6a8f428233a74318db55d48cb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
61c197a2c73c253c6fe8257c4eb52106

SHA1
15e729c5dd8b631699eae7e16acbf52269230d60

SHA256
03c800446490cbfbbeec1b7f2b041e0a8f7a0fdf6c7d0d27c9678dc804f157ef

SHA512
be73027223261df75237469777051ddb810b54da1d5a4d88e714f2171cf08408ebd1a2c83d3dca945c4819b1823d2d08f2fe62a5ab3cc7a2c6a30f8d081aa4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fa61e479f49a2bd07dfdb5a64e87380a

SHA1
82c54377c59b015135e638d08f8340f5e76fe73e

SHA256
0aac7b3cccbb479380cdb70442856b4f1ee89f0f524626683ccff35a29e29ed1

SHA512
4c87329299093c34d932bd5e08a03545283bfcb778a620f6e33abf82d437a1a194d10600b8d48c7d478f9a678cbd60f5675b132060db02e38c5dbaeba1111dbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f61bbb223e9a938d724bab6141d14a36

SHA1
294198fa3fcc55fc2edf3078ee3c1592df320271

SHA256
1d8bf2cfa9b83b34b5ef58d613653a9751e64249e9aacc5a8fadc681fb930998

SHA512
63e1ec00d092855c8b4fe9fb144040cbb9b098ec21465bd3c432b95df0265b604b29112fd21d22980615884206fa018fca89bc155bf512fb1f1b3139cfc9204e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5524758a745097c651da1e97b5d8a82a

SHA1
863e166d3bd6e2f10cc25bebac59945c3b9d1351

SHA256
30508d0c56abc3c6ad839c871eee92ed720630d2ab0574d57b7a49ece0082ab3

SHA512
4cca392b637b7afa338878c84a272ae31c63d5d84be78899ef79c502cad15968ef1110dc5babba3d0753a8af15a2ed8a7145171ab6a0cba11fd267e03efd6315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f1154973dd18d487decd471cfda01261

SHA1
633cd2120d02c6eac60c12a90de872fc0212d4d5

SHA256
0b73be48e06d216a4322d972ffc727197fa712e8e8238ce8effaa792cc49ca29

SHA512
8091d561e97975a13e48981627b6f5a2ec25203540dc4ba0f6c938ccb9b08c4b6411dcaf11f7230d96e5fb492b88ab8394afbdcdcf9c4f3179fd48fd6394e4ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f587b53d418d6a271367dba1b4e8bec6

SHA1
3372691f7aa4465dc998f87594d456e13455a092

SHA256
dbfc4a9f8fc6faaa915dafb4824f4b0799b0f86efce4291cc9c22ef48b99f669

SHA512
f52c38af45a44c8a4d36fdd303ee3f5d898dc0b3d3a2e49cb4471e7c77cce4f9cd2636062ec84eb3ffea4395b1ab969e5ae4c4292d87e7156426f0725de435a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
923f2c390d5f10abb7fac3eb303f0951

SHA1
e0e3cdbf531d53201c74f16b82c94cac1662ad9d

SHA256
68cc5cd3ec9caa52170d3219f92d9276c3a8d65a0909339902cddc65e1859bf1

SHA512
bfa5d315ae437f5d4fcce782f1f6e08c6c770071b2148f5bc6417009cac5e63470f7645c57627d3e729e4c5090fa305d09812c006e589594f2302831bd8ebfce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f737e3882b34ff9967a35ffbad764bdc

SHA1
a5a177b17c5d727b41c1a6a4e952540735ea976d

SHA256
562ae41a045077e0313a908ece1a758191db27dcaf793790e867a630b2265252

SHA512
eed0a1052002385f510f6fe559c250354e32a4c203ea9aec787fedb67ddff42e8915b7de0760c582b82d0ca6ec3cfea83d090a7eb299717259eb2378df70b2db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
711cafac1583f8868b80e5dd3abbbe9f

SHA1
409f66e526265166832ac8707729d49b495b9d85

SHA256
50e9bee4e78cf2d26a39e36df461b00f249df9efb62e3a176b079aeeef272437

SHA512
bebe72c06cea01d13d3687322ff5d7deaac7d19fdbaae5d88634e61a44e515dac13636c4e07466b200a1cf5d75c2f7083b29b43dd46a3a1b0568d122f69fe545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c313ae8d180bfae67e441c373bbdf490

SHA1
958eca3e7508b2d6ddc402e65bab309ada81e41d

SHA256
57c6996e36c6cad54f46861acff1ead6313a10ec1eac79db6ddfb813155a251c

SHA512
191b36b15fe55ce0cdb9ecf88ca3432ecd34611bd24bf0f3a7e5d0ea0e4b086d4944186f582c5cec8491d8ed2b558881c3c9f8d7ad5528fca829ab5fd81261e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
670e9ab24f29882a5589060642a971e3

SHA1
63c2512e20a1fd01049bd95bb6ff6926d63cdbb3

SHA256
e576f795eaa074542192ce1f893271c0017606b9acf5c60e33019636383a20d0

SHA512
40e50b0a245310a576884f7fd52e19ed4b98c2fa6b20d57456b6533c03b71a179568663e4a09f36fcc8a05d53a5868808b1c145c0dc8d47b9e44727c61f89098

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c248931a5be660b00e76719c88e7f825

SHA1
a03710248fe5c90ac80601deec88fbcab6c2af21

SHA256
eab88958db54051a0aea35d260384395bf61728c65903e0a15a5d700f877e528

SHA512
bb65ddf007b10fc9af2cb54296dbc3278bf59aafb20d7a1bd6240b5a5abf563215a61f5a78f2cd0da38ea7291af90f727f6f9ee94b04ebff57cdabf99cf0e34e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a281d0403b111125f7108d3b7acdc92a

SHA1
f2e35d146f60fc6639d3fbbda90fad8c465e669a

SHA256
204f031942741c0027c37f857fa37e8cfc55ddcddeb52385897fc86b9e3af348

SHA512
7e3372d35ce0ecd4b4eebcbb84018611f975667fa9ef15ee77fd938be32f9a1c7361fcbd5d3a9680c2cd9eb32a5a5bf029821197816b1d8b1d2adbc7cbb004a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f3e538ad3f4e251fa9a3c92ec4dae889

SHA1
39f097735fbf59a16855d89b6e7a132331fd3a05

SHA256
ad7aa45c23b96663074d95b6e80758fea093dcce7553777ab5e5c381f1777977

SHA512
ac67baf4894bf06c545e4134360c429d4f257b49b0c462b4da30efb49ebbb28b2d74e43c36e195009e1b446e5b19a68c31bc292d5a0b1eee0f04794dd1c156b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1e9ae0593631e2cfbae3066dcb6b5972

SHA1
172e4d0564611a369641a18b24cc2f5d82eb493c

SHA256
de01aab64f7be5b655a28a16de24e889678ca59557578756881cbccc3bd1e4a5

SHA512
dfcabefd863b039f44d51463ac2bc148b91ba35988b092eee5c0c1a9da4bc00a8617fab10bc1b6280d400d50376b0209fcda2d2f74d55d7fec9422a9032cbf59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7ee7fef0e545f5eef9c9916e45db7632

SHA1
cb231196c7100dc41a183e8c072e9592df1c2055

SHA256
56ad4ecb87ff943e327a564b0b22cd6e48bf89694c0cb928f4c64a6ae538be05

SHA512
cb5bb474beb67ab0572fa41acc5ceab05d0d82d046aa991dae05ef7076599c3b7309a67b87e09b9827ecaf89a9c427bfd6a5b6da1bb85ccf6a626165f2466c79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d15384f1fd62d8b2d6a0dce238b77eed

SHA1
d4f988eb6688aef3f25cc6c05023d8e793357730

SHA256
030736db88424d9aba83993a48462bd786e2b36d4fb93317bed5526efa15bb74

SHA512
b122db85e093625a8b43f9001b7049acb7a8bc5646bf3f86c5e747dd2ce075515136b799ed8d66e2c534651019ad0ad0822d0cc717cec375784cc4cc21615601

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c32475cc479b96e6122d23a78f2adb49

SHA1
2c004af1b74427e82829798dd25934e2e3c645b6

SHA256
4b647747cef87b5145bc4a53fbf94833bd580108a018e451d618d0e506ed4df8

SHA512
8cf70fa8f369c88ec8ed5c88a9c522ffa51c20cc43dafb9f3d5d84bd4dd8bb413f7cf8e6734dc8f57731bcf1aa1de205f231042fbd3af7bbb45a2e1370f7948e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f6b9c4e17fc513a42f8f4f269e86571c

SHA1
75ef37185d02100e24d651f3a7fc89d5a7bc13bb

SHA256
e76bb1d087d1dbb90b1c4f701f02fca2cad94f560e3e8ba04588f6881a469e47

SHA512
f3d68ba2ca51f2957c5b93c5290dae66885b8ce3fa0cf31f9bfc4e3baf251a56fc7a4bf312502893666df253437f8b190f8cbd51bae7a06f1f5d95e95b1d8a28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4478365f261d5e94e0a26ce232e4db27

SHA1
ce1a5fc0f085323487ae01be66280a49dc172e22

SHA256
66b17b696c2d9d5176e4be3ec458317c716addf0a6f5e5d7bc9058a37183d047

SHA512
7765a5666eb9fc34e1c95899b2331f218d09196829dfe8de0021d8d031f6f09b890b737bd9f14c76f5363d1724c22a9d6ac2eaa987148d34f1fa25c2b6a698fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
77d241f71ef3c63f59aceb9d22b66581

SHA1
24114cb7b70b800ddecd178873e00a9fce7fa54a

SHA256
f7a92b89611a70b3d15f1bfc5d3024b43c0cf4a11d982bf2268ea608a28d5acd

SHA512
8527bfbb9ed41420a419e07f64b71ebcd91074f230afbe9ae13601b4bcb3149aa0d4b719957e80f241e6cb0bce68873cdb66655ff8ce66ae75391bf1243e8975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
13c6d40d6f50e835c57954a3a78eb18d

SHA1
66883e5c9ddb0e932d3b0f20d0f266e93f35aadf

SHA256
6967ef374fd033132a7a29a0cd3468a11ce2478ca6748adcc08ff5b752586f5b

SHA512
e4edbdfb48c61275b195e0ab28c22d326b8f595aa7277254c589f339a881b09409f4a2e507f6d9f9dbbeb5eb583425863f4bcbae7e982f92926ecefe98ca3230

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
Filesize
400B

MD5
a4d6241d0126ffad0e6ca576854f42e5

SHA1
f35b4157d48d4f2c1369b3ae991d1879704bb57d

SHA256
aae9a110db2a21a5a61aafaf5353865c041352a01177b752d88fc875e61088d8

SHA512
7d52f35f5cb32fab92a766d4d77688a906ab2e6c65ba4204bea7bb9fa80b6a518343e96ff49c6ea1e92067285562bd0c104589290605ec02e92a28968111c218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\js[1].js
Filesize
274KB

MD5
414e06a499d27683281579b2220d5c6e

SHA1
4d0576894740c520887d653744095156573b9911

SHA256
84f4084540e57817e5a2d93d091192d88a970031b4bf73e42adae352906690c8

SHA512
3afda9e8220f36f7a4cf47d99a4bdefdc631d54bee8e4071510c0d3e00a9ed403c74b1a7951bffe36132a7566133437bb19b4c8fc9e15f65142a77aecebb8816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\gtm[1].js
Filesize
225KB

MD5
5d743c4a89695d73094968aa1d9774de

SHA1
73ab2e83e70cae342e4c3cda74d6d27c08bb6d94

SHA256
0588f2055f527e6f34b17bfa1516be224c2ada61d9afb206a7b27f68e078623f

SHA512
47c122d239219d6819829b0eb50e37300da829cddad684bddb101cf5925be8fde82d176ea7726a2814d983970aa8d4f7293e1bcd5058f1b0ebf9ed8c3375d3cd

Download Submit
C:\Users\Admin\AppData\Local\Solvusoft_Corporation\FileViewPro.exe_Url_dnaugtvmzfhczvych303evrzkmck3wnr\1.9.8.19\user.config
Filesize
697B

MD5
0a7398e4f31c76d0011b55271476e0ff

SHA1
bc5ba183844eac072cf3840da916fadbd4373283

SHA256
eef3293b6321934bd16a1118a5d7cccde00128367348f9c6768a4eed353f3441

SHA512
19695367ad4a2c6d88bc376a48af60a1ae84a2f1b2fe5ff305d0e8722ae64abf6b4781c00c7d53d0a27f71036d3fbc1aed3d388945d5b284d0dc5cdfa05994a7

Download Submit
C:\Users\Admin\AppData\Local\Solvusoft_Corporation\FileViewPro.exe_Url_dnaugtvmzfhczvych303evrzkmck3wnr\1.9.8.19\user.config
Filesize
897B

MD5
76c406f3463f8927abfdead2e20c6743

SHA1
44c4a253f270d4f9a071edc8763f804117f5bd80

SHA256
56874e4c85e368b11d105180b0806e434f3d0d7e5a816ee866853df1017ccfa4

SHA512
1defde300abbbb71372f2fa0c384780f293bcabcc745c2cbd4e028fc93b41c921788a0e5a3f425111dc24ea2197515768b711e3a58ec825e93b1755d868568f1

Download Submit
C:\Users\Admin\AppData\Local\Solvusoft_Corporation\FileViewPro.exe_Url_dnaugtvmzfhczvych303evrzkmck3wnr\1.9.8.19\user.config
Filesize
1KB

MD5
07f0cf7e59e9a356ce1b2a0e9ffebcd6

SHA1
13f236ef0c2e1cf7e59fff0eb77a17631d429dd7

SHA256
24bfdf20d5640dcb83eb6cc73828b04a1c0c2b82c938e1673fb2816583f362bf

SHA512
8173f57fcbccff2a79af574152c304901eda164970b6ebc133ed659e851fe3ba74a779adbcebb038f1133614006b4a06d44dfcf469cdbb3d9d7902dc068bca82

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA25E.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{14F50994-BD52-4390-8A8D-0BD4D5617B3F}\Setup_WinThruster_2024.exe
Filesize
7.3MB

MD5
62f9258f3ae4774f9dc169a2a0b1d68e

SHA1
56164f50722724275c0db381235d3b793f85acd5

SHA256
82f5a693742c6c35f1280dbc5a4148598c129208dfc0544a5cd457b7ac8e824a

SHA512
ef04a48d957d646e0b4fbdb68bfe59bedfb6f5701dd9497b2bc5abeea57b5d7be5f8694ca59d535c8d14514ecacfb6773476abcd3d2f65a1da7c0c75241d7fd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9EAE4399-57E7-4C12-8DA5-8AE0A8524CA1}\FileViewPro-S-1.9.8.19.exe
Filesize
58.1MB

MD5
35bc3d926698c1f580603e7a5c4b0cc6

SHA1
7aaacafbf325c08b4ef577994505fbf0cce87fc6

SHA256
b3a64b2c2d3292de9a9e9f590bf3ce04aecc8483af8f181f57aee1dad375e1be

SHA512
1e77629bba2eda9c4b7d0701785561c2326953b924984d08db177d02ef3f4e752ed1f37005e63aaa1b327db9294c076aa0447ed71c974da4410f4bee10872652

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D0209FE4-FA8F-46B5-AD6F-9D88F1EFA352}\resources.1.0.0.34s
Filesize
1.6MB

MD5
1938c8aba656a7661565ceb7ea8b5b94

SHA1
ab5e8279d90b240b58d35d13d27fb7e92bb77741

SHA256
fba5162e6a34f8d0d53254ba0b348714956100035c1935c0294e190c75b0de2c

SHA512
f17b83aaa10ec88ba851be7fa3670c2ab921770669e32934c791da5b0b70518c0c577fdea37247170e880bd171f011113e526121efbc46a559266e7eafe66ec8

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
Filesize
3KB

MD5
ee0cf954b0ea06e60ec8535b747dc990

SHA1
52f0365f37ad7c2fabb0440e575b8aedce2c7865

SHA256
419c545ed97b6febde7d4b2c7799c3e8c0ccba680295c2e5360605e04c70069f

SHA512
dbca6a6fc6288b6a03033086434d4a3d8c5f4f3c741d2ef681a3db2f5c37f500b9f6b463246d5f0d2f1a82b04d04c5be529999eca31eff369e1cb46025447270

Download Submit
C:\Users\Admin\AppData\Roaming\WinThruster\Log\Tasks.log
Filesize
416B

MD5
1638ed4219d19461e3e1b1b14399d95a

SHA1
7e322bd82d229ece9279ea7db74769751687557d

SHA256
2cf1721eabab3390422ed631a1e9b54e773495d8802847a977389479ed125806

SHA512
5a1c3c066f5ccfcdfdda1a62db828a3b33dc8908913d5006cc7f1dfa6dea1123fe6578b51f5237f26fb955fcc08bf426c4fdd730890babc661d7f20aed4e5ee4

Download Submit
\Program Files (x86)\WinThruster\WTNotifications.exe
Filesize
5.0MB

MD5
345e6d136cfac7ac714b656edc79fbac

SHA1
fbe6652820b56b6bd60b3d9c4576d675bba9bb80

SHA256
7b651e5314f37d4549b32d8d31f2a5e1a8f7009a0586d6a18e2d6e89af409c17

SHA512
14eda77de0540d6733d65bbdcd9f784c0af839029db3e0cd4df82b47c4c5e65b6fac7f0d6f7e600b6672fe43cfcca4b8a770e96341c1db6d4e0bca68caf4c176

Download Submit
\Program Files (x86)\WinThruster\WinThruster.exe
Filesize
10.3MB

MD5
89b970cb172b86730c76c3df31551767

SHA1
0ae55b3a41e4fc1c3074dbb738065ac4cd2309e5

SHA256
7e97fe6c675e5842f38514056b2c3c7a928185f4dd2cdd97cd0d0ee4d5d319fd

SHA512
18b0416e3120e1554845153f988a5757e3d03605e729450f93393611566cbc6f904b9acae6ffabafdef673c2d1b4b77fb688f27ab7437eec5428fb48aad246ba

Download Submit
\Program Files (x86)\WinThruster\sqlite3.dll
Filesize
1.1MB

MD5
fdf0245a035f89de1af8a2091258c9ac

SHA1
78536c09808a207f45e901f14de5b038aabaede3

SHA256
6120e410ff9e5cad41b47cd5fcb23cc3f8bd8f505a86e158c578e15869489367

SHA512
4bd214bc4dbd749a429e1753c59c395344607884e20cfa3e1c0dde655e2c6c1e49ab5388e70112e83c7c71b005a985019e39bb00c1e5c1b8e90b5a3d6219e1c3

Download Submit
\Program Files (x86)\WinThruster\unins000.exe
Filesize
3.1MB

MD5
1f3833566ee1265f923d782d38f41173

SHA1
c83e28b2a3c48bf20d827b5e1157d9b15553a66a

SHA256
f91212fd4a71ab9842fccd7fefd1277a19fdcccd286b6bc71c46829aac65b2de

SHA512
b9888681336e377e9af868b27384842bbdb5cd9bbf6152c25d93f215395c932b869b874462098676b13c8a55c14a229f83a5cd0249458f11f4fb5dfe0e0df008

Download Submit
\Program Files\FileViewPro\FileViewPro.exe
Filesize
739KB

MD5
daa97924499885155278a306d3cd32d8

SHA1
5a315a56db58342c3d18dc73128492a67499c528

SHA256
a78a50b913083c2f3941035e19e48d0c895a1304365d202e491bc780bc9888f6

SHA512
b67f86e2fa693c31e974cefbc0c7c4610ffb6445fed0da3ee62549d6fca1655d23ed24e6fca9aac7dd15702e09f2ab0995df2f2297bfb18928cd8c117b9cc242

Download Submit
\Program Files\FileViewPro\SolvuSoft.Licensing.dll
Filesize
285KB

MD5
108e1bbee5db920dd019789324d04525

SHA1
5b8cc4e37e0a20e5263c98dbb132cad91301ee2e

SHA256
699a68bb79b9ea11a5a1857991fd1ea610335f91ee47c7a6adcad3880690ea5e

SHA512
c047557ddce8cae833f1cc293a0aea553cead4e30a62f2952ddfeb2c5c12b072e1a817d9493749aef2ea8dcfa504f06fe2efdfd3906b58a0752a1d61e4f2bbfa

Download Submit
\Users\Admin\AppData\Local\Temp\is-9MJAB.tmp\isxdl.dll
Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
\Users\Admin\AppData\Local\Temp\is-D81C9.tmp\Setup_WinThruster_2024.tmp
Filesize
3.1MB

MD5
16a420e714bb48a8d432e3fd4f30db9f

SHA1
989fcf9a41445934e108b0e6b5c65936e9aa242a

SHA256
a0b1ac070ed5fc2b0c7e0dcbcfa3d5a127d3fe2c33ac62baf1976ed244bef7a7

SHA512
79b866dffad2f0ef572700449a1bd56fd8fee86fb2b454fea2938e14cba3a1ebb979f3d233b81ea19b74480334947f157f7218bb8214c4b86142528d5dd01193

Download Submit
\Users\Admin\AppData\Local\Temp\is-S0QH2.tmp\FileViewPro-S-1.9.8.19.tmp
Filesize
1.1MB

MD5
1a81372fd72743199f885cfed00c8e34

SHA1
7bb1a83593d07b3833c58150a0a678fc5898aca2

SHA256
fa6030367c0645fe9856ab1b75910c94e4ef32fdcede0ccd2805c6b2cef5f5ab

SHA512
ec79c5efaf4ff5288cca4c9ab7ddc962f17e6b1d92a8b63463ee0fbad889229eae5f3af3af831f209bc8a322a73cafa783d7aef698663bbe288bdda6cd3e5c0b

Download Submit
memory/448-1287-0x0000000000A90000-0x0000000000F91000-memory.dmp

Filesize
5.0MB

Download
memory/448-709-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/448-581-0x0000000061E00000-0x0000000061EF4000-memory.dmp

Filesize
976KB

Download
memory/448-566-0x0000000000A90000-0x0000000000F91000-memory.dmp

Filesize
5.0MB

Download
memory/448-184-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/1712-86-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1712-181-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/1944-617-0x000000006F9E0000-0x00000000700CE000-memory.dmp

Filesize
6.9MB

Download
memory/1944-804-0x00000000091C0000-0x00000000093FF000-memory.dmp

Filesize
2.2MB

Download
memory/1944-801-0x0000000002050000-0x000000000205A000-memory.dmp

Filesize
40KB

Download
memory/1944-866-0x000000006F9E0000-0x00000000700CE000-memory.dmp

Filesize
6.9MB

Download
memory/1944-635-0x0000000001FC0000-0x0000000001FE0000-memory.dmp

Filesize
128KB

Download
memory/1944-629-0x00000000062F0000-0x0000000006952000-memory.dmp

Filesize
6.4MB

Download
memory/1944-623-0x00000000052F0000-0x0000000005F62000-memory.dmp

Filesize
12.4MB

Download
memory/1944-803-0x0000000007650000-0x00000000076DA000-memory.dmp

Filesize
552KB

Download
memory/1944-619-0x00000000005B0000-0x00000000005F0000-memory.dmp

Filesize
256KB

Download
memory/1944-837-0x0000000004BF0000-0x0000000004C0C000-memory.dmp

Filesize
112KB

Download
memory/1944-839-0x0000000004C70000-0x0000000004C76000-memory.dmp

Filesize
24KB

Download
memory/1944-618-0x0000000000530000-0x0000000000588000-memory.dmp

Filesize
352KB

Download
memory/1944-800-0x0000000004B30000-0x0000000004B80000-memory.dmp

Filesize
320KB

Download
memory/1944-838-0x0000000004BC0000-0x0000000004BC6000-memory.dmp

Filesize
24KB

Download
memory/1944-616-0x0000000000110000-0x00000000001CE000-memory.dmp

Filesize
760KB

Download
memory/2020-197-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/2020-78-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/2136-256-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2136-638-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2412-1304-0x0000000000070000-0x0000000000ACE000-memory.dmp

Filesize
10.4MB

Download
memory/2412-582-0x0000000000070000-0x0000000000ACE000-memory.dmp

Filesize
10.4MB

Download
memory/2412-583-0x0000000061E00000-0x0000000061EF4000-memory.dmp

Filesize
976KB

Download
memory/2412-2499-0x0000000000070000-0x0000000000ACE000-memory.dmp

Filesize
10.4MB

Download
memory/2412-865-0x0000000000B60000-0x0000000000B61000-memory.dmp

Filesize
4KB

Download
memory/2412-2479-0x0000000000070000-0x0000000000ACE000-memory.dmp

Filesize
10.4MB

Download
memory/2412-185-0x0000000000B60000-0x0000000000B61000-memory.dmp

Filesize
4KB

Download
memory/3032-867-0x0000000000B90000-0x0000000000C4E000-memory.dmp

Filesize
760KB

Download
memory/3032-870-0x0000000004F70000-0x0000000005BE2000-memory.dmp

Filesize
12.4MB

Download
memory/3032-1062-0x000000000F700000-0x000000000FD24000-memory.dmp

Filesize
6.1MB

Download
memory/3032-1061-0x0000000007650000-0x00000000076AE000-memory.dmp

Filesize
376KB

Download
memory/3032-1054-0x0000000006700000-0x000000000671C000-memory.dmp

Filesize
112KB

Download
memory/3032-925-0x0000000006C30000-0x0000000006CBA000-memory.dmp

Filesize
552KB

Download
memory/3032-900-0x0000000005ED0000-0x0000000005F20000-memory.dmp

Filesize
320KB

Download
memory/3032-871-0x0000000006020000-0x0000000006682000-memory.dmp

Filesize
6.4MB

Download
memory/3032-872-0x0000000002100000-0x0000000002120000-memory.dmp

Filesize
128KB

Download
memory/3032-1089-0x0000000012240000-0x0000000012844000-memory.dmp

Filesize
6.0MB

Download
memory/3032-869-0x0000000004B20000-0x0000000004B60000-memory.dmp

Filesize
256KB

Download
memory/3032-868-0x000000006FCA0000-0x000000007038E000-memory.dmp

Filesize
6.9MB

Download
memory/3032-2501-0x0000000004B20000-0x0000000004B60000-memory.dmp

Filesize
256KB

Download
memory/3032-1320-0x0000000004B20000-0x0000000004B60000-memory.dmp

Filesize
256KB

Download
memory/3032-2481-0x000000006FCA0000-0x000000007038E000-memory.dmp

Filesize
6.9MB

Download
memory/3032-1384-0x0000000007BD0000-0x0000000007BDC000-memory.dmp

Filesize
48KB

Download
memory/3064-248-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3064-639-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download