a6ccf359f2965a13d8c3e07ada2a62a9d32be58b8e72d99ada2e80b3ec052df7

Analysis

max time kernel
269s
max time network
296s
platform
windows10_x64
resource
win10v20210410
submitted
26-08-2021 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

installer.exe
Size

3.3MB
MD5

41544830599f851295a3218fc7f7d2bd
SHA1

d5fed6d46853a0583cd43646554bacb1448a69da
SHA256

a6ccf359f2965a13d8c3e07ada2a62a9d32be58b8e72d99ada2e80b3ec052df7
SHA512

18fcc9c1bbb19b4e3c8089c2d530ec975582aacc8ca24257af1672d2a1e36ec760d63f5903380ca7e1ed9d45a28f471a5dbc2056d16b03f97e65a904947954f0

Score

10^/10

discovery persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs
persistence

Registry Run Keys / Startup Folder
T1060
Downloads MZ/PE file

Executes dropped EXE 9 IoCs

Processes:

__Package_pdfconverter.exeMovePdfConvertMenu.exeHdWebRegProcess.exexunjiepdfLaunch.exexunjiepdfConverter.exexunjiepdfConverter.exexunjiepdfConverter.exexunjiepdfConverter.exePDFConsole.exe

pid	process
1312	__Package_pdfconverter.exe
8	MovePdfConvertMenu.exe
1448	HdWebRegProcess.exe
3876	xunjiepdfLaunch.exe
2040	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
1072	xunjiepdfConverter.exe
1232	xunjiepdfConverter.exe
4088	PDFConsole.exe

Loads dropped DLL 64 IoCs

Processes:

__Package_pdfconverter.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeHdWebRegProcess.exexunjiepdfLaunch.exexunjiepdfConverter.exexunjiepdfConverter.exexunjiepdfConverter.exe

pid	process
1312	__Package_pdfconverter.exe
1312	__Package_pdfconverter.exe
1312	__Package_pdfconverter.exe
1312	__Package_pdfconverter.exe
1312	__Package_pdfconverter.exe
1312	__Package_pdfconverter.exe
1496	regsvr32.exe
3372	regsvr32.exe
3668	regsvr32.exe
2764	regsvr32.exe
1312	__Package_pdfconverter.exe
2888
1312	__Package_pdfconverter.exe
1448	HdWebRegProcess.exe
1448	HdWebRegProcess.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
3876	xunjiepdfLaunch.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
1072	xunjiepdfConverter.exe
1072	xunjiepdfConverter.exe
1072	xunjiepdfConverter.exe
1072	xunjiepdfConverter.exe
1072	xunjiepdfConverter.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

692 taskkill.exe
2760 taskkill.exe

pid	process
692	taskkill.exe
2760	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

HdWebRegProcess.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation	HdWebRegProcess.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG	HdWebRegProcess.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS	HdWebRegProcess.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT	HdWebRegProcess.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	HdWebRegProcess.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	HdWebRegProcess.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	HdWebRegProcess.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT	HdWebRegProcess.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT	HdWebRegProcess.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\HdWebRegProcess.exe = "11000"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\HdWebRegProcess.exe = "11000"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\HdWebRegProcess.exe = "1"	HdWebRegProcess.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation	HdWebRegProcess.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exexunjiepdfConverter.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BCF37AFF-A574-49DD-8972-7AF10850DD4F}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	xunjiepdfConverter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\TypeLib\ = "{BCF37AFF-A574-49DD-8972-7AF10850DD4F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\Version	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	xunjiepdfConverter.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	xunjiepdfConverter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	xunjiepdfConverter.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\hPdfConvertMenuExt\ = "{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	xunjiepdfConverter.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	xunjiepdfConverter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	xunjiepdfConverter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{57F7AED5-B08A-43B4-967F-F75418074CB2}\TypeLib	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	xunjiepdfConverter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	xunjiepdfConverter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	xunjiepdfConverter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\xunjiepdfConverter\\pdfconvertmenu64.dll"	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	xunjiepdfConverter.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	xunjiepdfConverter.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PdfConvert.PdfConvertMenuEx.1\CLSID\ = "{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{57F7AED5-B08A-43B4-967F-F75418074CB2}\TypeLib\ = "{BCF37AFF-A574-49DD-8972-7AF10850DD4F}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	xunjiepdfConverter.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BCF37AFF-A574-49DD-8972-7AF10850DD4F}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BCF37AFF-A574-49DD-8972-7AF10850DD4F}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\xunjiepdfConverter\\pdfconvertmenu64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BCF37AFF-A574-49DD-8972-7AF10850DD4F}\1.0\HELPDIR	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	xunjiepdfConverter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	xunjiepdfConverter.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	xunjiepdfConverter.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PdfConvert.PdfConvertMenuEx\ = "PdfConvertMenuEx Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PdfConvert.PdfConvertMenuEx\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PdfConvert.PdfConvertMenuEx\CurVer\ = "PdfConvert.PdfConvertMenuEx.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\ = "PdfConvertMenuEx Class"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings	xunjiepdfConverter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BCF37AFF-A574-49DD-8972-7AF10850DD4F}\1.0\0\win64	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	xunjiepdfConverter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	xunjiepdfConverter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	xunjiepdfConverter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{57F7AED5-B08A-43B4-967F-F75418074CB2}\ProxyStubClsid32	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	xunjiepdfConverter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	xunjiepdfConverter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\hPdfConvertMenuExt	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BCF37AFF-A574-49DD-8972-7AF10850DD4F}\1.0\ = "PdfConvertMenuLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BCF37AFF-A574-49DD-8972-7AF10850DD4F}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\xunjiepdfConverter"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{57F7AED5-B08A-43B4-967F-F75418074CB2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	xunjiepdfConverter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	xunjiepdfConverter.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	xunjiepdfConverter.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\VersionIndependentProgID\ = "PdfConvert.PdfConvertMenuEx"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C405CEC-8624-4FEF-B3BA-9D4E5A8F58B5}\Version\ = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BCF37AFF-A574-49DD-8972-7AF10850DD4F}\1.0\0	regsvr32.exe

NTFS ADS 10 IoCs

Processes:

xunjiepdfConverter.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/tools/Common	xunjiepdfConverter.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/tools/Rtf	xunjiepdfConverter.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/tools	xunjiepdfConverter.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/tools/compressfile	xunjiepdfConverter.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/reg	xunjiepdfConverter.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/tools/Common/Resource	xunjiepdfConverter.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/tools/fonts/etc/encoding	xunjiepdfConverter.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/tools/fonts/etc/color	xunjiepdfConverter.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/tools/fonts/etc	xunjiepdfConverter.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\C:/Users/Admin/AppData/Local/xunjiepdfConverter/tools/fonts	xunjiepdfConverter.exe

Suspicious behavior: AddClipboardFormatListener 5 IoCs

Processes:

xunjiepdfLaunch.exexunjiepdfConverter.exexunjiepdfConverter.exexunjiepdfConverter.exexunjiepdfConverter.exe

pid process

3876 xunjiepdfLaunch.exe
2040 xunjiepdfConverter.exe
1072 xunjiepdfConverter.exe
3836 xunjiepdfConverter.exe
1232 xunjiepdfConverter.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

__Package_pdfconverter.exexunjiepdfConverter.exe

pid	process
1312	__Package_pdfconverter.exe
1312	__Package_pdfconverter.exe
1312	__Package_pdfconverter.exe
1312	__Package_pdfconverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

xunjiepdfLaunch.exexunjiepdfConverter.exe

pid process

3876 xunjiepdfLaunch.exe
2040 xunjiepdfConverter.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

taskkill.exetaskkill.exe

description pid process

Token: SeDebugPrivilege 692 taskkill.exe
Token: SeDebugPrivilege 2760 taskkill.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

__Package_pdfconverter.exe

pid process

1312 __Package_pdfconverter.exe
1312 __Package_pdfconverter.exe

description	pid	process
Token: SeDebugPrivilege	692	taskkill.exe
Token: SeDebugPrivilege	2760	taskkill.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

xunjiepdfLaunch.exexunjiepdfConverter.exexunjiepdfConverter.exexunjiepdfConverter.exexunjiepdfConverter.exe

pid	process
3876	xunjiepdfLaunch.exe
2040	xunjiepdfConverter.exe
1072	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
1072	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
3836	xunjiepdfConverter.exe
1232	xunjiepdfConverter.exe
1232	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe
2040	xunjiepdfConverter.exe

Suspicious use of WriteProcessMemory 37 IoCs

Processes:

installer.exe__Package_pdfconverter.exeregsvr32.exeregsvr32.exexunjiepdfLaunch.exexunjiepdfConverter.exe

description	pid	process	target process
PID 3228 wrote to memory of 1312	3228	installer.exe	__Package_pdfconverter.exe
PID 3228 wrote to memory of 1312	3228	installer.exe	__Package_pdfconverter.exe
PID 3228 wrote to memory of 1312	3228	installer.exe	__Package_pdfconverter.exe
PID 1312 wrote to memory of 692	1312	__Package_pdfconverter.exe	taskkill.exe
PID 1312 wrote to memory of 692	1312	__Package_pdfconverter.exe	taskkill.exe
PID 1312 wrote to memory of 692	1312	__Package_pdfconverter.exe	taskkill.exe
PID 1312 wrote to memory of 2760	1312	__Package_pdfconverter.exe	taskkill.exe
PID 1312 wrote to memory of 2760	1312	__Package_pdfconverter.exe	taskkill.exe
PID 1312 wrote to memory of 2760	1312	__Package_pdfconverter.exe	taskkill.exe
PID 1312 wrote to memory of 8	1312	__Package_pdfconverter.exe	MovePdfConvertMenu.exe
PID 1312 wrote to memory of 8	1312	__Package_pdfconverter.exe	MovePdfConvertMenu.exe
PID 1312 wrote to memory of 8	1312	__Package_pdfconverter.exe	MovePdfConvertMenu.exe
PID 1312 wrote to memory of 1496	1312	__Package_pdfconverter.exe	regsvr32.exe
PID 1312 wrote to memory of 1496	1312	__Package_pdfconverter.exe	regsvr32.exe
PID 1312 wrote to memory of 1496	1312	__Package_pdfconverter.exe	regsvr32.exe
PID 1496 wrote to memory of 3372	1496	regsvr32.exe	regsvr32.exe
PID 1496 wrote to memory of 3372	1496	regsvr32.exe	regsvr32.exe
PID 1312 wrote to memory of 3668	1312	__Package_pdfconverter.exe	regsvr32.exe
PID 1312 wrote to memory of 3668	1312	__Package_pdfconverter.exe	regsvr32.exe
PID 1312 wrote to memory of 3668	1312	__Package_pdfconverter.exe	regsvr32.exe
PID 3668 wrote to memory of 2764	3668	regsvr32.exe	regsvr32.exe
PID 3668 wrote to memory of 2764	3668	regsvr32.exe	regsvr32.exe
PID 3876 wrote to memory of 2040	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 2040	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 2040	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 3836	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 3836	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 3836	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 1072	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 1072	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 1072	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 1232	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 1232	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 3876 wrote to memory of 1232	3876	xunjiepdfLaunch.exe	xunjiepdfConverter.exe
PID 2040 wrote to memory of 4088	2040	xunjiepdfConverter.exe	PDFConsole.exe
PID 2040 wrote to memory of 4088	2040	xunjiepdfConverter.exe	PDFConsole.exe
PID 2040 wrote to memory of 4088	2040	xunjiepdfConverter.exe	PDFConsole.exe

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3228

C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\__Package_pdfconverter.exe
"C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\__Package_pdfconverter.exe" /S -console=show -version=1.0.0 -adminact=true -authorizationact=true -dsc=true -ssc=true -instdir="C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter" /D=C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1312

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im pdfconverter.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:692

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im xunjiepdfConverter.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2760

C:\Users\Admin\AppData\Local\xunjiepdfConverter\MovePdfConvertMenu.exe
C:\Users\Admin\AppData\Local\xunjiepdfConverter\MovePdfConvertMenu.exe
3⤵
- Executes dropped EXE
PID:8

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s /u "C:\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1496

C:\Windows\system32\regsvr32.exe
/s /u "C:\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll"
4⤵
- Loads dropped DLL
PID:3372

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3668

C:\Windows\system32\regsvr32.exe
/s "C:\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:2764

C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\HdWebRegProcess.exe
"C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\HdWebRegProcess.exe" 0
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
PID:1448

C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfLaunch.exe
"C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfLaunch.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3876

C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe
"C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040

C:\Users\Admin\AppData\Local\xunjiepdfConverter\PDFConsole.exe
C:\Users\Admin\AppData\Local\xunjiepdfConverter\PDFConsole.exe getfilepagenum C:/Users/Admin/Documents/DenyCopy.pdf C:/Users/Admin/AppData/Local/xunjiepdfConverter/state/2021-08-26-13-46-16-235
3⤵
- Executes dropped EXE
PID:4088

C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe
"C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3836

C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe
"C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1072

C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe
"C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1232

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\xunjiepdfConverter\MovePdfConvertMenu.exe
MD5
e2e45894a9d0757690b1b4d1d2925229

SHA1
7f899fd1379260b143917eeea7b7b0df89d8d0f6

SHA256
13586ab6a3c833b34f90810b34f8226477710db98242a9411b6d2277ed220341

SHA512
21e58bb17713ad801e1186dd8be534696398b83ecd7d23fdfbbe222acd236aa553ed366621f122361b1bd29c5ddfd7587a4bcbb9b3fd890cfd6e07f12750aa63

Download Submit
C:\Users\Admin\AppData\Local\xunjiepdfConverter\MovePdfConvertMenu.exe
MD5
e2e45894a9d0757690b1b4d1d2925229

SHA1
7f899fd1379260b143917eeea7b7b0df89d8d0f6

SHA256
13586ab6a3c833b34f90810b34f8226477710db98242a9411b6d2277ed220341

SHA512
21e58bb17713ad801e1186dd8be534696398b83ecd7d23fdfbbe222acd236aa553ed366621f122361b1bd29c5ddfd7587a4bcbb9b3fd890cfd6e07f12750aa63

Download Submit
C:\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll
MD5
904cb39f227b211abea7c8122ed6932b

SHA1
104d7cba7e41f83ae5373cf6bdef4f2d06a903b6

SHA256
066370686b018d4f7969c7b15ceff75539eea4b730acf6d218325ab9dea8fa62

SHA512
8f25519dabb2b86ba0f325c3ef8519125088b49ff1769d6e13e6c42127792cec821c69d750142fcd21dbc18b606143c72eb7a54f476f74e2e67a93359d2809ae

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\HdWebRegProcess.exe
MD5
b45f48b0fa1db20fe9175912423f41cd

SHA1
2edbbbc28cf1dac874e152d0f4615f8706d98073

SHA256
88f18d31e3ae4480e2674c45d84c8f2c4669203d4a2f701e1e57a67dc70c1b5b

SHA512
4466f8680206868bf746933f6126b0b0512d0d452cf7bbe7c7f51cf56cbd40facc288cb535c7194a01c3a87c363ddb6b92f18517ae65d384ecb583d79b24ce87

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\HdWebRegProcess.exe
MD5
b45f48b0fa1db20fe9175912423f41cd

SHA1
2edbbbc28cf1dac874e152d0f4615f8706d98073

SHA256
88f18d31e3ae4480e2674c45d84c8f2c4669203d4a2f701e1e57a67dc70c1b5b

SHA512
4466f8680206868bf746933f6126b0b0512d0d452cf7bbe7c7f51cf56cbd40facc288cb535c7194a01c3a87c363ddb6b92f18517ae65d384ecb583d79b24ce87

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\MSVCP140.dll
MD5
1d8c79f293ca86e8857149fb4efe4452

SHA1
7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f

SHA256
c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4

SHA512
83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\PdfOperation.dll
MD5
82a2df2b0ef57b4408b7065d7ea4133e

SHA1
e57b3d2dfe3e65d0c47fc9078183db88ae5f984c

SHA256
42b3a3d558942058b9ce7460849cb4981e39347fc17272370662a7a10b1c10af

SHA512
ed757b4fe5c967433c9754e97ac37611cc23f7d368df53ab2a7dc894b5123bb38803466cf53d6703a2b574581fc0977fa1a38ec8c3dcdc80e2d48a8a910df4a4

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Core.dll
MD5
c96bb37abfe76314a7933fa1e2e613b8

SHA1
f11f8b382d40103f3e86559e0cf80d1618f9bbb8

SHA256
061d82e422d4c80e0a2b564464ba15b7abb43fb2bdbe0d48588704b670692aa7

SHA512
1252e50df1df18919aa720e23cf5c51ae225fd110ccadfc7e31f83680d35802271feaab53650ecb2292ff29b66cb53fcd62442f9f3ac97ad185bfa1a7d368705

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Gui.dll
MD5
b21fa8a548e8be4b4a4e3c968d6705e4

SHA1
23ec664690cac61f53129dde29a4f603e598b4f7

SHA256
93aef39f573f95a94a11bbae7defbaa51c44e5d5304d147b7ea9b87e11b1a386

SHA512
8cf349ba56d3c942fb0dcf42fccbbc878115ac5c4cd7dd0fa0313587601246483320e85f031717b21004df06ccac7ef0a6768203cf11074bdc228aa214fe2807

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Network.dll
MD5
df1c211802022609db96183c389c72da

SHA1
2b6cb5f688fc11486d3f81bb234b4dc1e018c28e

SHA256
02a0b66118b459113e4c060d3a49210ca6e53a6bc7f9ad8561b22f71bbbff0c3

SHA512
f625cc8b98eccc73a26743a2ba995b7656bea7582c31cddb080fc23380fe71a9d4037d61fd37e050197e36d8041c260671aa87c044e5102fea2dfa06ae71183e

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Widgets.dll
MD5
53b85bf4cc2f207d3f792a8e0959a82a

SHA1
9276a57687cea5969ec44128ba3e941fe2c42446

SHA256
935506280861cc7dbea7c76f7beecdb0328e12f9d939d7a32b65aea2b309c68b

SHA512
a58887d701248b312a6421eb1863567ee14eb998b8024e1bfa02e97c75efb606109db359fa5424024d9d2ff0e90f7610806ba6900cb6059cf77262ff2ff8f9fd

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\VCRUNTIME140.dll
MD5
b77eeaeaf5f8493189b89852f3a7a712

SHA1
c40cf51c2eadb070a570b969b0525dc3fb684339

SHA256
b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e

SHA512
a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\__Package_pdfconverter.exe
MD5
24d2b6da84ae9ca5e8e7a9056431a5e9

SHA1
da2cb3700e0b50ae96352497fbba87fdbb30e62b

SHA256
190c32d452968ddc9384ba2ad43578bdc00e6c2e67e7bacf41acf296cf67de77

SHA512
81f41e5cf5eaebc00765f3d95726ccdd0fddd5ab2eb6df3e318ae1fa9e8da244d65ef405b486c02ebb6b0f77dad02be29412d2ca5e108881a6af60bf2a1788a1

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\__Package_pdfconverter.exe
MD5
24d2b6da84ae9ca5e8e7a9056431a5e9

SHA1
da2cb3700e0b50ae96352497fbba87fdbb30e62b

SHA256
190c32d452968ddc9384ba2ad43578bdc00e6c2e67e7bacf41acf296cf67de77

SHA512
81f41e5cf5eaebc00765f3d95726ccdd0fddd5ab2eb6df3e318ae1fa9e8da244d65ef405b486c02ebb6b0f77dad02be29412d2ca5e108881a6af60bf2a1788a1

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\imageformats\qgif.dll
MD5
7bcf73aabfd29a7d26df753017cabb85

SHA1
d3b74361f7e05891f1f3c21490a4af05a0a1fb4c

SHA256
340d574ec3e951ba881a42eaef0fd4fa5b838e574dcbe1aef969e620718b74aa

SHA512
e1ca9b4c5cd0d7f6f2ceeef7ddf88c015123ba93e8558a2dc419f5b83d9602f61687093256f6046b3b188b30e1304731cff1c89cfd7bb8e7c3d1fd0cf607fe13

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\imageformats\qjpeg.dll
MD5
14b60f9a779f567c62b106ab3feabf3a

SHA1
9ee5a48a72e8ff9f39dfb257bce62604f8617063

SHA256
68a44b1649d98a71130cd20f4bdb935c86d41bcb16770a739cbdeb4d4919eba9

SHA512
e42ead42332c04130ca949fa89aeaaa6bd59f42f8a6f63d5d8a2062d13a1fbd1d5e6bc6aa023368bbc0a5d217c3777564c02eee1b0cb6c69c8a2058fe7075bd2

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\imageformats\qtiff.dll
MD5
dd89ce01a1b193d4ef7b1b106ec5d5fb

SHA1
9bfada068403f7d3a814d4ae4e77f202c7a435bf

SHA256
df5dd58c00a33b8e4d667893be2960232490cb62d0681769f55d7e08962d9e50

SHA512
2e88b4aaaed46654896c85323fefe950396859fdcb0daacefd9f96e3a9f02756265069679801da328a8e09f884dcee243809169d8964d9c88c589b1a377652d4

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libcurl.dll
MD5
8cc0513e5529e3558713f1a92e31a836

SHA1
8240206bab15bebe89497dbea10d487cdad82277

SHA256
3957fe36b83977852467156c3b2d7f1e2c57e776c84f0e2b05c4e5980ff8e886

SHA512
eb2db119d0997647382e4add00bd5d55b2129c0c3df1d0995f74879378280b7943a66741de6ca135066c3a0205ced2e18a5a10e3c542018f28e3d5010a99ab7e

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libgcc_s_dw2-1.dll
MD5
043b39434829ce93637b1801d57b2082

SHA1
297b5f72104130e17d92789adbbcfab8fe700a82

SHA256
4d2e2d408d399d066b0aaef2047f7a33515c13c589832de0d9f1ba87a530c394

SHA512
eee912b21d31c54bf913d11028f1637a041809bbe4cd6a5ca28c664f72b397d67d03230ba652a06b86916aea7e7ff5999a5b26cc14c067ab1652ab82f565edcf

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libstdc++-6.dll
MD5
dff338824edea7e20c7f7b2690045090

SHA1
f822aa16fb0911f663753afd6540a715231bc00a

SHA256
79622396dc4c7afbbceca03e69f727bf1862735ee3ad671aa3ee7ada8aa446c3

SHA512
7bb718ef44a0184ea0108954ba8a5c771b71905acea27b900032ec3b7448bab977b0889eb5a2465f7a4e4cfa5c53140f9c9daadddeca768f220d652eb708c1b2

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libwinpthread-1.dll
MD5
1f4411c1f66c9cdf96ca9d7f9caf52d9

SHA1
ea04be653df7335483c7c8f46367d75d4ad9224e

SHA256
b5fe4d6408ef2baabdd168f4c7250900606468e9aeb24c71e0c833d3d715ae65

SHA512
8b95d0533773c5424733862cf60ed0f0d2ed5c7016b602a71dc4ce4a90ef0946de605f46c94fb0f6c3135447f60a00d3476e8b91a61e079885aa764bc1407b8a

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\platforms\qminimal.dll
MD5
bfb0f172d629f2d2fc99bfcb39adb19a

SHA1
06975c9024bb76be302d5835c6ea0641547823d5

SHA256
ab24ee509acccf5af5bc25723a8e7c8e72c2ddb31531dc2c37bfeffa8c8d8cc6

SHA512
2be96a1d89c4cbef164d4be9824c73bf6ba4be3748f2b464056468f1b263cccfceaad6510fddcce5ecc3b916b61d2ac61f543e242f4ceec20373d81871c6eefb

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\platforms\qoffscreen.dll
MD5
0c93381828eda9362b5908c0b5f3beed

SHA1
93b884149372113e01f86393eba4d501a03a9313

SHA256
c1f6922453429326d04773e7a1e91cd366ac2792502cf7524355d7ae664d1916

SHA512
175069ec9b00bafc2bd6f6a3f67eab062d8f3e16a3f9d4930ee88172c793f2f47dcdbb86899a526a01093be53bc67242788e2463dfc3c02dc3f15ce5ab35b325

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\platforms\qwindows.dll
MD5
cb5228f4a964cd33e1bd5304d28d789b

SHA1
125a7580d0b3937f32c3624d7e6cbe3e4ffe1f47

SHA256
b79538353288ff2a0438500873bc268374e4db35da33bbdc64448ff33d24e85b

SHA512
f3ae5129b5aec72cfdfa19ce7cbd4313f92e518a2c2838652c561b8100879513ca1e37a7b78a7009785773ee4f345f0c2ddb65837e42fe4da7806182f2c99271

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe
MD5
4df7c89c2e7aa2b85805bd44e1fe7095

SHA1
1619fd12ca81dff38c623dd06cdaefc81aec6ab8

SHA256
2d420e18d51ede8dcdb36b9b4099204cec15b17451aeb09a923f09089efd2621

SHA512
b9df4596119cd2ac7c8b27149b5a6b0ff07557d48866aad31ef266cbb8b51aaa30f2156f96619a19890f3fe54234925f61313bb21bcd52fdd97333879fd3b3e7

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfConverter.exe
MD5
4df7c89c2e7aa2b85805bd44e1fe7095

SHA1
1619fd12ca81dff38c623dd06cdaefc81aec6ab8

SHA256
2d420e18d51ede8dcdb36b9b4099204cec15b17451aeb09a923f09089efd2621

SHA512
b9df4596119cd2ac7c8b27149b5a6b0ff07557d48866aad31ef266cbb8b51aaa30f2156f96619a19890f3fe54234925f61313bb21bcd52fdd97333879fd3b3e7

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfLaunch.exe
MD5
f1f4fc1244f2af11a3a0fd7d35032e47

SHA1
6900806ad5b155a5c302d806c8e9c35499c1cab2

SHA256
30fe0af7f379596f10b6b5dc51614d0c1279a2541d253517df692db22df2edb4

SHA512
bd74849f6087a5c2e7d4357df6d8a873f01e1de4dbe6100957b7d662c0a264d9824001c96fbc4514006e4a1bbc65d44c53449eb0c0b20bdf3060bb524f94487b

Download Submit
C:\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\xunjiepdfLaunch.exe
MD5
f1f4fc1244f2af11a3a0fd7d35032e47

SHA1
6900806ad5b155a5c302d806c8e9c35499c1cab2

SHA256
30fe0af7f379596f10b6b5dc51614d0c1279a2541d253517df692db22df2edb4

SHA512
bd74849f6087a5c2e7d4357df6d8a873f01e1de4dbe6100957b7d662c0a264d9824001c96fbc4514006e4a1bbc65d44c53449eb0c0b20bdf3060bb524f94487b

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A24.tmp\KillProcDLL.dll
MD5
1cc87d2b5a79b18f133b4f944e2f2f74

SHA1
98e0ddb727c76e06be1668434d754e5b80a0c154

SHA256
de1177a4bd1c56c3555f366d40b37d7dd9cb25e16c4973d0a4d22bf9a8af7aed

SHA512
d8fee1c09fef9af4e1f38baaffa3a6d059713b14ecad900815c086cc22855644fcdeacd6bba31ea6e6925831e650f7b0d34e6dea4c57a978fb4f5bf0cd6d72a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A24.tmp\KillProcDLL.dll
MD5
1cc87d2b5a79b18f133b4f944e2f2f74

SHA1
98e0ddb727c76e06be1668434d754e5b80a0c154

SHA256
de1177a4bd1c56c3555f366d40b37d7dd9cb25e16c4973d0a4d22bf9a8af7aed

SHA512
d8fee1c09fef9af4e1f38baaffa3a6d059713b14ecad900815c086cc22855644fcdeacd6bba31ea6e6925831e650f7b0d34e6dea4c57a978fb4f5bf0cd6d72a9

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A24.tmp\ShellExecAsUser.dll
MD5
552cba3c6c9987e01be178e1ee22d36b

SHA1
4c0ab0127453b0b53aeb27e407859bccb229ea1b

SHA256
1f17e4d5ffe7b2c9a396ee9932ac5198f0c050241e5f9ccd3a56e576613d8a29

SHA512
9bcf47b62ca8ffa578751008cae523d279cdb1699fd916754491899c31ace99f18007ed0e2cbe9902abf132d516259b5fb283379d2fead37c76b19e2e835e95a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A24.tmp\StdUtils.dll
MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A24.tmp\System.dll
MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A24.tmp\nsExec.dll
MD5
f27689c513e7d12c7c974d5f8ef710d6

SHA1
e305f2a2898d765a64c82c449dfb528665b4a892

SHA256
1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47

SHA512
734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A24.tmp\nsExec.dll
MD5
f27689c513e7d12c7c974d5f8ef710d6

SHA1
e305f2a2898d765a64c82c449dfb528665b4a892

SHA256
1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47

SHA512
734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A24.tmp\nsExec.dll
MD5
f27689c513e7d12c7c974d5f8ef710d6

SHA1
e305f2a2898d765a64c82c449dfb528665b4a892

SHA256
1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47

SHA512
734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc

Download Submit
\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll
MD5
904cb39f227b211abea7c8122ed6932b

SHA1
104d7cba7e41f83ae5373cf6bdef4f2d06a903b6

SHA256
066370686b018d4f7969c7b15ceff75539eea4b730acf6d218325ab9dea8fa62

SHA512
8f25519dabb2b86ba0f325c3ef8519125088b49ff1769d6e13e6c42127792cec821c69d750142fcd21dbc18b606143c72eb7a54f476f74e2e67a93359d2809ae

Download Submit
\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll
MD5
904cb39f227b211abea7c8122ed6932b

SHA1
104d7cba7e41f83ae5373cf6bdef4f2d06a903b6

SHA256
066370686b018d4f7969c7b15ceff75539eea4b730acf6d218325ab9dea8fa62

SHA512
8f25519dabb2b86ba0f325c3ef8519125088b49ff1769d6e13e6c42127792cec821c69d750142fcd21dbc18b606143c72eb7a54f476f74e2e67a93359d2809ae

Download Submit
\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll
MD5
904cb39f227b211abea7c8122ed6932b

SHA1
104d7cba7e41f83ae5373cf6bdef4f2d06a903b6

SHA256
066370686b018d4f7969c7b15ceff75539eea4b730acf6d218325ab9dea8fa62

SHA512
8f25519dabb2b86ba0f325c3ef8519125088b49ff1769d6e13e6c42127792cec821c69d750142fcd21dbc18b606143c72eb7a54f476f74e2e67a93359d2809ae

Download Submit
\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll
MD5
904cb39f227b211abea7c8122ed6932b

SHA1
104d7cba7e41f83ae5373cf6bdef4f2d06a903b6

SHA256
066370686b018d4f7969c7b15ceff75539eea4b730acf6d218325ab9dea8fa62

SHA512
8f25519dabb2b86ba0f325c3ef8519125088b49ff1769d6e13e6c42127792cec821c69d750142fcd21dbc18b606143c72eb7a54f476f74e2e67a93359d2809ae

Download Submit
\Users\Admin\AppData\Local\xunjiepdfConverter\pdfconvertmenu64.dll
MD5
904cb39f227b211abea7c8122ed6932b

SHA1
104d7cba7e41f83ae5373cf6bdef4f2d06a903b6

SHA256
066370686b018d4f7969c7b15ceff75539eea4b730acf6d218325ab9dea8fa62

SHA512
8f25519dabb2b86ba0f325c3ef8519125088b49ff1769d6e13e6c42127792cec821c69d750142fcd21dbc18b606143c72eb7a54f476f74e2e67a93359d2809ae

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\PdfOperation.dll
MD5
82a2df2b0ef57b4408b7065d7ea4133e

SHA1
e57b3d2dfe3e65d0c47fc9078183db88ae5f984c

SHA256
42b3a3d558942058b9ce7460849cb4981e39347fc17272370662a7a10b1c10af

SHA512
ed757b4fe5c967433c9754e97ac37611cc23f7d368df53ab2a7dc894b5123bb38803466cf53d6703a2b574581fc0977fa1a38ec8c3dcdc80e2d48a8a910df4a4

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Core.dll
MD5
c96bb37abfe76314a7933fa1e2e613b8

SHA1
f11f8b382d40103f3e86559e0cf80d1618f9bbb8

SHA256
061d82e422d4c80e0a2b564464ba15b7abb43fb2bdbe0d48588704b670692aa7

SHA512
1252e50df1df18919aa720e23cf5c51ae225fd110ccadfc7e31f83680d35802271feaab53650ecb2292ff29b66cb53fcd62442f9f3ac97ad185bfa1a7d368705

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Core.dll
MD5
c96bb37abfe76314a7933fa1e2e613b8

SHA1
f11f8b382d40103f3e86559e0cf80d1618f9bbb8

SHA256
061d82e422d4c80e0a2b564464ba15b7abb43fb2bdbe0d48588704b670692aa7

SHA512
1252e50df1df18919aa720e23cf5c51ae225fd110ccadfc7e31f83680d35802271feaab53650ecb2292ff29b66cb53fcd62442f9f3ac97ad185bfa1a7d368705

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Gui.dll
MD5
b21fa8a548e8be4b4a4e3c968d6705e4

SHA1
23ec664690cac61f53129dde29a4f603e598b4f7

SHA256
93aef39f573f95a94a11bbae7defbaa51c44e5d5304d147b7ea9b87e11b1a386

SHA512
8cf349ba56d3c942fb0dcf42fccbbc878115ac5c4cd7dd0fa0313587601246483320e85f031717b21004df06ccac7ef0a6768203cf11074bdc228aa214fe2807

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Gui.dll
MD5
b21fa8a548e8be4b4a4e3c968d6705e4

SHA1
23ec664690cac61f53129dde29a4f603e598b4f7

SHA256
93aef39f573f95a94a11bbae7defbaa51c44e5d5304d147b7ea9b87e11b1a386

SHA512
8cf349ba56d3c942fb0dcf42fccbbc878115ac5c4cd7dd0fa0313587601246483320e85f031717b21004df06ccac7ef0a6768203cf11074bdc228aa214fe2807

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Network.dll
MD5
df1c211802022609db96183c389c72da

SHA1
2b6cb5f688fc11486d3f81bb234b4dc1e018c28e

SHA256
02a0b66118b459113e4c060d3a49210ca6e53a6bc7f9ad8561b22f71bbbff0c3

SHA512
f625cc8b98eccc73a26743a2ba995b7656bea7582c31cddb080fc23380fe71a9d4037d61fd37e050197e36d8041c260671aa87c044e5102fea2dfa06ae71183e

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Network.dll
MD5
df1c211802022609db96183c389c72da

SHA1
2b6cb5f688fc11486d3f81bb234b4dc1e018c28e

SHA256
02a0b66118b459113e4c060d3a49210ca6e53a6bc7f9ad8561b22f71bbbff0c3

SHA512
f625cc8b98eccc73a26743a2ba995b7656bea7582c31cddb080fc23380fe71a9d4037d61fd37e050197e36d8041c260671aa87c044e5102fea2dfa06ae71183e

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Widgets.dll
MD5
53b85bf4cc2f207d3f792a8e0959a82a

SHA1
9276a57687cea5969ec44128ba3e941fe2c42446

SHA256
935506280861cc7dbea7c76f7beecdb0328e12f9d939d7a32b65aea2b309c68b

SHA512
a58887d701248b312a6421eb1863567ee14eb998b8024e1bfa02e97c75efb606109db359fa5424024d9d2ff0e90f7610806ba6900cb6059cf77262ff2ff8f9fd

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Widgets.dll
MD5
53b85bf4cc2f207d3f792a8e0959a82a

SHA1
9276a57687cea5969ec44128ba3e941fe2c42446

SHA256
935506280861cc7dbea7c76f7beecdb0328e12f9d939d7a32b65aea2b309c68b

SHA512
a58887d701248b312a6421eb1863567ee14eb998b8024e1bfa02e97c75efb606109db359fa5424024d9d2ff0e90f7610806ba6900cb6059cf77262ff2ff8f9fd

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\Qt5Widgets.dll
MD5
53b85bf4cc2f207d3f792a8e0959a82a

SHA1
9276a57687cea5969ec44128ba3e941fe2c42446

SHA256
935506280861cc7dbea7c76f7beecdb0328e12f9d939d7a32b65aea2b309c68b

SHA512
a58887d701248b312a6421eb1863567ee14eb998b8024e1bfa02e97c75efb606109db359fa5424024d9d2ff0e90f7610806ba6900cb6059cf77262ff2ff8f9fd

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\imageformats\qgif.dll
MD5
7bcf73aabfd29a7d26df753017cabb85

SHA1
d3b74361f7e05891f1f3c21490a4af05a0a1fb4c

SHA256
340d574ec3e951ba881a42eaef0fd4fa5b838e574dcbe1aef969e620718b74aa

SHA512
e1ca9b4c5cd0d7f6f2ceeef7ddf88c015123ba93e8558a2dc419f5b83d9602f61687093256f6046b3b188b30e1304731cff1c89cfd7bb8e7c3d1fd0cf607fe13

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\imageformats\qjpeg.dll
MD5
14b60f9a779f567c62b106ab3feabf3a

SHA1
9ee5a48a72e8ff9f39dfb257bce62604f8617063

SHA256
68a44b1649d98a71130cd20f4bdb935c86d41bcb16770a739cbdeb4d4919eba9

SHA512
e42ead42332c04130ca949fa89aeaaa6bd59f42f8a6f63d5d8a2062d13a1fbd1d5e6bc6aa023368bbc0a5d217c3777564c02eee1b0cb6c69c8a2058fe7075bd2

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\imageformats\qtiff.dll
MD5
dd89ce01a1b193d4ef7b1b106ec5d5fb

SHA1
9bfada068403f7d3a814d4ae4e77f202c7a435bf

SHA256
df5dd58c00a33b8e4d667893be2960232490cb62d0681769f55d7e08962d9e50

SHA512
2e88b4aaaed46654896c85323fefe950396859fdcb0daacefd9f96e3a9f02756265069679801da328a8e09f884dcee243809169d8964d9c88c589b1a377652d4

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libcurl.dll
MD5
8cc0513e5529e3558713f1a92e31a836

SHA1
8240206bab15bebe89497dbea10d487cdad82277

SHA256
3957fe36b83977852467156c3b2d7f1e2c57e776c84f0e2b05c4e5980ff8e886

SHA512
eb2db119d0997647382e4add00bd5d55b2129c0c3df1d0995f74879378280b7943a66741de6ca135066c3a0205ced2e18a5a10e3c542018f28e3d5010a99ab7e

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libgcc_s_dw2-1.dll
MD5
043b39434829ce93637b1801d57b2082

SHA1
297b5f72104130e17d92789adbbcfab8fe700a82

SHA256
4d2e2d408d399d066b0aaef2047f7a33515c13c589832de0d9f1ba87a530c394

SHA512
eee912b21d31c54bf913d11028f1637a041809bbe4cd6a5ca28c664f72b397d67d03230ba652a06b86916aea7e7ff5999a5b26cc14c067ab1652ab82f565edcf

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libgcc_s_dw2-1.dll
MD5
043b39434829ce93637b1801d57b2082

SHA1
297b5f72104130e17d92789adbbcfab8fe700a82

SHA256
4d2e2d408d399d066b0aaef2047f7a33515c13c589832de0d9f1ba87a530c394

SHA512
eee912b21d31c54bf913d11028f1637a041809bbe4cd6a5ca28c664f72b397d67d03230ba652a06b86916aea7e7ff5999a5b26cc14c067ab1652ab82f565edcf

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libstdc++-6.dll
MD5
dff338824edea7e20c7f7b2690045090

SHA1
f822aa16fb0911f663753afd6540a715231bc00a

SHA256
79622396dc4c7afbbceca03e69f727bf1862735ee3ad671aa3ee7ada8aa446c3

SHA512
7bb718ef44a0184ea0108954ba8a5c771b71905acea27b900032ec3b7448bab977b0889eb5a2465f7a4e4cfa5c53140f9c9daadddeca768f220d652eb708c1b2

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libstdc++-6.dll
MD5
dff338824edea7e20c7f7b2690045090

SHA1
f822aa16fb0911f663753afd6540a715231bc00a

SHA256
79622396dc4c7afbbceca03e69f727bf1862735ee3ad671aa3ee7ada8aa446c3

SHA512
7bb718ef44a0184ea0108954ba8a5c771b71905acea27b900032ec3b7448bab977b0889eb5a2465f7a4e4cfa5c53140f9c9daadddeca768f220d652eb708c1b2

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libwinpthread-1.dll
MD5
1f4411c1f66c9cdf96ca9d7f9caf52d9

SHA1
ea04be653df7335483c7c8f46367d75d4ad9224e

SHA256
b5fe4d6408ef2baabdd168f4c7250900606468e9aeb24c71e0c833d3d715ae65

SHA512
8b95d0533773c5424733862cf60ed0f0d2ed5c7016b602a71dc4ce4a90ef0946de605f46c94fb0f6c3135447f60a00d3476e8b91a61e079885aa764bc1407b8a

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\libwinpthread-1.dll
MD5
1f4411c1f66c9cdf96ca9d7f9caf52d9

SHA1
ea04be653df7335483c7c8f46367d75d4ad9224e

SHA256
b5fe4d6408ef2baabdd168f4c7250900606468e9aeb24c71e0c833d3d715ae65

SHA512
8b95d0533773c5424733862cf60ed0f0d2ed5c7016b602a71dc4ce4a90ef0946de605f46c94fb0f6c3135447f60a00d3476e8b91a61e079885aa764bc1407b8a

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\msvcp140.dll
MD5
1d8c79f293ca86e8857149fb4efe4452

SHA1
7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f

SHA256
c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4

SHA512
83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\platforms\qwindows.dll
MD5
cb5228f4a964cd33e1bd5304d28d789b

SHA1
125a7580d0b3937f32c3624d7e6cbe3e4ffe1f47

SHA256
b79538353288ff2a0438500873bc268374e4db35da33bbdc64448ff33d24e85b

SHA512
f3ae5129b5aec72cfdfa19ce7cbd4313f92e518a2c2838652c561b8100879513ca1e37a7b78a7009785773ee4f345f0c2ddb65837e42fe4da7806182f2c99271

Download Submit
\Users\Admin\AppData\Roaming\HuDun\XJPDFConverter\vcruntime140.dll
MD5
b77eeaeaf5f8493189b89852f3a7a712

SHA1
c40cf51c2eadb070a570b969b0525dc3fb684339

SHA256
b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e

SHA512
a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

Download Submit
memory/8-125-0x0000000000000000-mapping.dmp

Download
memory/692-119-0x0000000000000000-mapping.dmp

Download
memory/1072-210-0x0000000068A80000-0x0000000068FB1000-memory.dmp

Filesize
5.2MB

Download
memory/1072-198-0x0000000002CB0000-0x00000000032CB000-memory.dmp

Filesize
6.1MB

Download
memory/1072-202-0x0000000002CB1000-0x0000000003074000-memory.dmp

Filesize
3.8MB

Download
memory/1072-219-0x000000006C7C0000-0x000000006C87C000-memory.dmp

Filesize
752KB

Download
memory/1072-213-0x0000000061B40000-0x0000000062055000-memory.dmp

Filesize
5.1MB

Download
memory/1072-223-0x0000000000400000-0x0000000000F03000-memory.dmp

Filesize
11.0MB

Download
memory/1072-217-0x0000000002CB1000-0x0000000003074000-memory.dmp

Filesize
3.8MB

Download
memory/1072-195-0x0000000000000000-mapping.dmp

Download
memory/1072-215-0x0000000069900000-0x0000000069A92000-memory.dmp

Filesize
1.6MB

Download
memory/1232-222-0x0000000069900000-0x0000000069A92000-memory.dmp

Filesize
1.6MB

Download
memory/1232-218-0x0000000068A80000-0x0000000068FB1000-memory.dmp

Filesize
5.2MB

Download
memory/1232-225-0x000000006C7C0000-0x000000006C87C000-memory.dmp

Filesize
752KB

Download
memory/1232-197-0x0000000000000000-mapping.dmp

Download
memory/1232-221-0x0000000061B40000-0x0000000062055000-memory.dmp

Filesize
5.1MB

Download
memory/1232-226-0x0000000000400000-0x0000000000F03000-memory.dmp

Filesize
11.0MB

Download
memory/1312-114-0x0000000000000000-mapping.dmp

Download
memory/1496-128-0x0000000000000000-mapping.dmp

Download
memory/2040-199-0x0000000002E61000-0x0000000003224000-memory.dmp

Filesize
3.8MB

Download
memory/2040-174-0x0000000000000000-mapping.dmp

Download
memory/2040-220-0x0000000000400000-0x0000000000F03000-memory.dmp

Filesize
11.0MB

Download
memory/2040-214-0x000000006C7C0000-0x000000006C87C000-memory.dmp

Filesize
752KB

Download
memory/2040-194-0x0000000002E60000-0x000000000347B000-memory.dmp

Filesize
6.1MB

Download
memory/2040-205-0x0000000061B40000-0x0000000062055000-memory.dmp

Filesize
5.1MB

Download
memory/2040-206-0x0000000069900000-0x0000000069A92000-memory.dmp

Filesize
1.6MB

Download
memory/2040-204-0x0000000068A80000-0x0000000068FB1000-memory.dmp

Filesize
5.2MB

Download
memory/2040-208-0x0000000002E61000-0x0000000003224000-memory.dmp

Filesize
3.8MB

Download
memory/2760-121-0x0000000000000000-mapping.dmp

Download
memory/2764-135-0x0000000000000000-mapping.dmp

Download
memory/3372-131-0x0000000000000000-mapping.dmp

Download
memory/3668-133-0x0000000000000000-mapping.dmp

Download
memory/3836-201-0x0000000002DC1000-0x0000000003184000-memory.dmp

Filesize
3.8MB

Download
memory/3836-212-0x0000000002DC1000-0x0000000003184000-memory.dmp

Filesize
3.8MB

Download
memory/3836-211-0x0000000069900000-0x0000000069A92000-memory.dmp

Filesize
1.6MB

Download
memory/3836-196-0x0000000002DC0000-0x00000000033DB000-memory.dmp

Filesize
6.1MB

Download
memory/3836-216-0x000000006C7C0000-0x000000006C87C000-memory.dmp

Filesize
752KB

Download
memory/3836-207-0x0000000068A80000-0x0000000068FB1000-memory.dmp

Filesize
5.2MB

Download
memory/3836-182-0x0000000000000000-mapping.dmp

Download
memory/3836-224-0x0000000000400000-0x0000000000F03000-memory.dmp

Filesize
11.0MB

Download
memory/3836-209-0x0000000061B40000-0x0000000062055000-memory.dmp

Filesize
5.1MB

Download
memory/3876-163-0x0000000002380000-0x000000000299B000-memory.dmp

Filesize
6.1MB

Download
memory/3876-165-0x0000000002381000-0x0000000002744000-memory.dmp

Filesize
3.8MB

Download
memory/3876-170-0x0000000061B40000-0x0000000062055000-memory.dmp

Filesize
5.1MB

Download
memory/3876-164-0x0000000068A80000-0x0000000068FB1000-memory.dmp

Filesize
5.2MB

Download
memory/3876-171-0x0000000069900000-0x0000000069A92000-memory.dmp

Filesize
1.6MB

Download
memory/3876-172-0x0000000002381000-0x0000000002744000-memory.dmp

Filesize
3.8MB

Download
memory/4088-227-0x0000000000000000-mapping.dmp

Download
memory/4088-228-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/4088-230-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/4088-232-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/4088-234-0x0000000007260000-0x0000000007261000-memory.dmp

Filesize
4KB

Download
memory/4088-235-0x00000000060B0000-0x00000000060B1000-memory.dmp

Filesize
4KB

Download
memory/4088-236-0x0000000009630000-0x0000000009631000-memory.dmp

Filesize
4KB

Download
memory/4088-237-0x000000000BAC0000-0x000000000BAC1000-memory.dmp

Filesize
4KB

Download
memory/4088-238-0x0000000004E90000-0x0000000007256000-memory.dmp

Filesize
35.8MB

Download
memory/4088-239-0x0000000005600000-0x000000000571D000-memory.dmp

Filesize
1.1MB

Download
memory/4088-240-0x00000000059B0000-0x00000000059B1000-memory.dmp

Filesize
4KB

Download
memory/4088-241-0x000000000A350000-0x000000000A351000-memory.dmp

Filesize
4KB

Download