Malware analysis /file-downloads/builds/static_delivery/installers/fileviewpro/avq/082323_build/Setup_FileViewPro_2024.exe Malicious activity

Add for printing

download:	/file-downloads/builds/static_delivery/installers/fileviewpro/avq/082323_build/Setup_FileViewPro_2024.exe
Full analysis:	https://app.any.run/tasks/e4da2749-0111-4431-a077-1390b9a5eb98
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	January 09, 2025, 11:42:44
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	loader
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:	9462E2B4992E3EA63F3F04C499DC5A05
SHA1:	9E57C55D9D51D6EABDA71FFDFAF48709209943E2
SHA256:	46CDC38806D00295BB3D6C87A2D06A3AEFE648C8A1BB7E7AA54ABE37019A96AA
SSDEEP:	49152:RYMZ/HXK5din7PmwCCbKp++/h3ti20nBWNW+avevOosA2spL8M+:RYMR3KnnCqpti2KM8+a2RO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 120 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 60 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Checks Windows Trust Settings
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro.exe (PID: 3832)
  - FileViewPro.exe (PID: 4120)
- Reads Microsoft Outlook installation path
  - Setup_FileViewPro_2024.exe (PID: 6848)
- Process requests binary or script from the Internet
  - Setup_FileViewPro_2024.exe (PID: 6848)
- Reads Internet Explorer settings
  - Setup_FileViewPro_2024.exe (PID: 6848)
- Reads security settings of Internet Explorer
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro-S-1.9.8.19.tmp (PID: 5240)
  - FileViewPro.exe (PID: 3832)
  - FileViewPro.exe (PID: 4120)
- Drops 7-zip archiver for unpacking
  - FileViewPro-S-1.9.8.19.tmp (PID: 5240)
- Executable content was dropped or overwritten
  - FileViewPro-S-1.9.8.19.exe (PID: 1296)
  - FileViewPro-S-1.9.8.19.tmp (PID: 5240)
- Adds/modifies Windows certificates
  - FileViewPro.exe (PID: 3832)
INFO
- Checks supported languages
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro-S-1.9.8.19.exe (PID: 1296)
  - FileViewPro.exe (PID: 4120)
  - FileViewPro.exe (PID: 3832)
- Checks proxy server information
  - Setup_FileViewPro_2024.exe (PID: 6848)
- Reads the machine GUID from the registry
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro.exe (PID: 3832)
  - FileViewPro.exe (PID: 4120)
- The sample compiled with english language support
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro-S-1.9.8.19.tmp (PID: 5240)
- Reads the software policy settings
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro.exe (PID: 3832)
  - FileViewPro.exe (PID: 4120)
- Create files in a temporary directory
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro-S-1.9.8.19.exe (PID: 1296)
- Reads the computer name
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro.exe (PID: 4120)
  - identity_helper.exe (PID: 3996)
- Sends debugging messages
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro.exe (PID: 3832)
  - FileViewPro.exe (PID: 4120)
- Creates files or folders in the user directory
  - Setup_FileViewPro_2024.exe (PID: 6848)
  - FileViewPro.exe (PID: 3832)
- Process checks computer location settings
  - Setup_FileViewPro_2024.exe (PID: 6848)
- The process uses the downloaded file
  - Setup_FileViewPro_2024.exe (PID: 6848)
- Creates files in the program directory
  - FileViewPro-S-1.9.8.19.tmp (PID: 5240)
  - FileViewPro.exe (PID: 3832)
- Manual execution by a user
  - msedge.exe (PID: 6456)
- Application launched itself
  - msedge.exe (PID: 5604)
  - msedge.exe (PID: 6456)
- Reads Environment values
  - identity_helper.exe (PID: 3996)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (64.6)
.dll	\|	Win32 Dynamic Link Library (generic) (15.4)
.exe	\|	Win32 Executable (generic) (10.5)
.exe	\|	Generic Win/DOS Executable (4.6)
.exe	\|	DOS Executable Generic (4.6)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2020:07:22 16:03:37+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.16
CodeSize:	1048576
InitializedDataSize:	286208
UninitializedDataSize:	-
EntryPoint:	0xc2448
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	1.0.0.34
ProductVersionNumber:	1.0.0.34
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Solvusoft Corporation
FileDescription:	Solvusoft online setup installer
FileVersion:	1.0.0.34
InternalName:	Setup.exe
LegalCopyright:	Copyright © 2011-2020 Solvusoft Corporation
OriginalFileName:	Setup.exe
ProductName:	Solvusoft online setup installer
ProductVersion:	1.0.0.34

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

182

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1292

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3844 --field-trial-handle=2380,i,11580300096685233744,5169146148430560122,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1296

"C:\Users\admin\AppData\Local\Temp\{03759733-E719-48C4-98AD-58EC6CF87B0B}\FileViewPro-S-1.9.8.19.exe" /verysilent /norestart /LANG en-us

C:\Users\admin\AppData\Local\Temp\{03759733-E719-48C4-98AD-58EC6CF87B0B}\FileViewPro-S-1.9.8.19.exe

Setup_FileViewPro_2024.exe

User:

admin

Company:

Solvusoft Corporation

Integrity Level:

HIGH

Description:

FileViewPro Setup

Exit code:

Version:

1.9.8.19

Modules

Images
c:\users\admin\appdata\local\temp\{03759733-e719-48c4-98ad-58ec6cf87b0b}\fileviewpro-s-1.9.8.19.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll

1688

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4232 --field-trial-handle=2380,i,11580300096685233744,5169146148430560122,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2132

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6140 --field-trial-handle=2380,i,11580300096685233744,5169146148430560122,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2216

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3852 --field-trial-handle=2380,i,11580300096685233744,5169146148430560122,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2392

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6840 --field-trial-handle=2380,i,11580300096685233744,5169146148430560122,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Version:

122.0.2365.59

3436

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5764 --field-trial-handle=2380,i,11580300096685233744,5169146148430560122,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

3732

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2480 --field-trial-handle=2380,i,11580300096685233744,5169146148430560122,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

3832

"C:\Program Files\FileViewPro\FileViewPro.exe" /restartWithNoAdminRights lang=en-us

C:\Program Files\FileViewPro\FileViewPro.exe

FileViewPro-S-1.9.8.19.tmp

User:

admin

Company:

Solvusoft Corporation

Integrity Level:

HIGH

Description:

FileViewPro

Exit code:

Version:

1.9.8.19

Modules

Images
c:\program files\fileviewpro\fileviewpro.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll

3832

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6700 --field-trial-handle=2380,i,11580300096685233744,5169146148430560122,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

17 954

Read events

17 874

Write events

Delete events

Modification events


(PID) Process:	(6848) Setup_FileViewPro_2024.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(6848) Setup_FileViewPro_2024.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(6848) Setup_FileViewPro_2024.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(6848) Setup_FileViewPro_2024.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:	delete value	Name:	AddToFavoritesInitialSelection
Value:
(PID) Process:	(6848) Setup_FileViewPro_2024.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:	delete value	Name:	AddToFeedsInitialSelection
Value:
(PID) Process:	(5240) FileViewPro-S-1.9.8.19.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:	write	Name:	SlowContextMenuEntries
Value: 6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:	(5240) FileViewPro-S-1.9.8.19.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
Operation:	write	Name:	Inno Setup: Setup Version
Value: 5.6.1 (u)
(PID) Process:	(5240) FileViewPro-S-1.9.8.19.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
Operation:	write	Name:	Inno Setup: App Path
Value: C:\Program Files\FileViewPro
(PID) Process:	(5240) FileViewPro-S-1.9.8.19.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
Operation:	write	Name:	InstallLocation
Value: C:\Program Files\FileViewPro\
(PID) Process:	(5240) FileViewPro-S-1.9.8.19.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
Operation:	write	Name:	Inno Setup: Icon Group
Value: FileViewPro

Add for printing

Executable files

161

Suspicious files

393

Text files

219

Unknown types

Dropped files

PID	Process	Filename		Type
6848	Setup_FileViewPro_2024.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\FileViewPro-S-1.9.8.19[1].exe		—
		MD5:—	SHA256:—
6848	Setup_FileViewPro_2024.exe	C:\Users\admin\AppData\Local\Temp\{03759733-E719-48C4-98AD-58EC6CF87B0B}\FileViewPro-S-1.9.8.19.exe		—
		MD5:—	SHA256:—
6848	Setup_FileViewPro_2024.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\resources.1.0.0[1].htm		html
		MD5:4F8E702CC244EC5D4DE32740C0ECBD97	SHA256:9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
6848	Setup_FileViewPro_2024.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\resources.1.0.0[1].zip		compressed
		MD5:1938C8ABA656A7661565CEB7EA8B5B94	SHA256:FBA5162E6A34F8D0D53254BA0B348714956100035C1935C0294E190C75B0DE2C
5240	FileViewPro-S-1.9.8.19.tmp	C:\Program Files\FileViewPro\unins000.exe		executable
		MD5:1A81372FD72743199F885CFED00C8E34	SHA256:FA6030367C0645FE9856AB1B75910C94E4EF32FDCEDE0CCD2805C6B2CEF5F5AB
6848	Setup_FileViewPro_2024.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751		binary
		MD5:CB2884023A7C1BCC529D22867C18F815	SHA256:73D6253A7326432DE21644949DA46B5D841938A095862A8F107483C6516FE89D
5240	FileViewPro-S-1.9.8.19.tmp	C:\Users\admin\AppData\Local\Temp\is-VI7PF.tmp\isxdl.dll		executable
		MD5:48AD1A1C893CE7BF456277A0A085ED01	SHA256:B0CC4697B2FD1B4163FDDCA2050FC62A9E7D221864F1BD11E739144C90B685B3
6848	Setup_FileViewPro_2024.exe	C:\Users\admin\AppData\Local\Temp\{2A3F60C2-3427-47E2-8D7E-08E9898A03CB}\resources.1.0.0.34s		compressed
		MD5:1938C8ABA656A7661565CEB7EA8B5B94	SHA256:FBA5162E6A34F8D0D53254BA0B348714956100035C1935C0294E190C75B0DE2C
6848	Setup_FileViewPro_2024.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751		der
		MD5:E192462F281446B5D1500D474FBACC4B	SHA256:F1BA9F1B63C447682EBF9DE956D0DA2A027B1B779ABEF9522D347D3479139A60
6848	Setup_FileViewPro_2024.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\FileViewPro-S-1.9.8.19[1].htm		html
		MD5:4F8E702CC244EC5D4DE32740C0ECBD97	SHA256:9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

113

DNS requests

118

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
6848	Setup_FileViewPro_2024.exe	GET	301	136.244.95.10:80	http://www.solvusoft.com/file-downloads/builds/fileviewpro/res/resources.1.0.0.34s	unknown	—	—	whitelisted
—	—	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
1176	svchost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
6848	Setup_FileViewPro_2024.exe	GET	200	23.209.209.135:80	http://x1.c.lencr.org/	unknown	—	—	whitelisted
1688	SIHClient.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
1688	SIHClient.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
6240	backgroundTaskHost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D	unknown	—	—	whitelisted
6848	Setup_FileViewPro_2024.exe	GET	301	136.244.95.10:80	http://www.solvusoft.com/file-downloads/builds/fileviewpro/installers/2019_6_4-7-23-S/FileViewPro-S-1.9.8.19.exe	unknown	—	—	whitelisted
3832	FileViewPro.exe	GET	200	104.18.38.233:80	http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEB2iSDBvmyYY0ILgln0z02o%3D	unknown	—	—	whitelisted
3832	FileViewPro.exe	GET	200	104.18.38.233:80	http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ5suEceKjAJbxseAmHFkQ9FrhTWQQUDuE6qFM6MdWKvsG7rWcaA4WtNA4CEFnIP5nJZ2H6OeXAf9oqx1U%3D	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
—	—	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
—	—	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1176	svchost.exe	40.126.32.72:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
1176	svchost.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
—	—	23.56.254.14:443	go.microsoft.com	Mobile Telecommunications Company	KW	whitelisted
6848	Setup_FileViewPro_2024.exe	142.250.185.68:80	www.google.com	GOOGLE	US	whitelisted
6848	Setup_FileViewPro_2024.exe	136.244.95.10:80	www.solvusoft.com	AS-CHOOPA	DE	whitelisted
6848	Setup_FileViewPro_2024.exe	136.244.95.10:443	www.solvusoft.com	AS-CHOOPA	DE	whitelisted

DNS requests

Domain	IP	Reputation
ocsp.digicert.com	192.229.221.95	whitelisted
google.com	142.250.186.110	whitelisted
login.live.com	40.126.32.72 40.126.32.76 40.126.32.136 40.126.32.140 20.190.160.17 40.126.32.138 40.126.32.134 20.190.160.22	whitelisted
go.microsoft.com	23.56.254.14	whitelisted
www.google.com	142.250.185.68	whitelisted
www.solvusoft.com	136.244.95.10	whitelisted
x1.c.lencr.org	23.209.209.135	whitelisted
settings-win.data.microsoft.com	51.124.78.146	whitelisted
slscr.update.microsoft.com	4.245.163.56	whitelisted
www.microsoft.com	95.101.149.131	whitelisted

Threats

PID	Process	Class	Message
3732	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
3732	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
3732	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
3732	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)

Add for printing

Process	Message
Setup_FileViewPro_2024.exe	C:\Users\admin\AppData\Local\Temp\{BF098C84-4C20-4670-BB83-F6594A8BD3D0}\resources.db

General Info

/file-downloads/builds/static_delivery/installers/fileviewpro/avq/082323_build/Setup_FileViewPro_2024.exe

9462E2B4992E3EA63F3F04C499DC5A05

9E57C55D9D51D6EABDA71FFDFAF48709209943E2

46CDC38806D00295BB3D6C87A2D06A3AEFE648C8A1BB7E7AA54ABE37019A96AA

49152:RYMZ/HXK5din7PmwCCbKp++/h3ti20nBWNW+avevOosA2spL8M+:RYMR3KnnCqpti2KM8+a2RO

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Checks Windows Trust Settings

Reads Microsoft Outlook installation path

Process requests binary or script from the Internet

Reads Internet Explorer settings

Reads security settings of Internet Explorer

Drops 7-zip archiver for unpacking

Executable content was dropped or overwritten

Adds/modifies Windows certificates

INFO

Checks supported languages

Checks proxy server information

Reads the machine GUID from the registry

The sample compiled with english language support

Reads the software policy settings

Create files in a temporary directory

Reads the computer name

Sends debugging messages

Creates files or folders in the user directory

Process checks computer location settings

The process uses the downloaded file

Creates files in the program directory

Manual execution by a user

Application launched itself

Reads Environment values

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings