hxxps://pdf[.]wondershare[.]net

Analysis

max time kernel
232s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 09:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://pdf.wondershare.net

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
448	pdfelement-pro_setup_full5261.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Desktop\MuiCached	pdfelement-pro_setup_full5261.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133397622802624496"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
880	chrome.exe
880	chrome.exe
5536	chrome.exe
5536	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
880	chrome.exe
880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
448	pdfelement-pro_setup_full5261.exe
448	pdfelement-pro_setup_full5261.exe
448	pdfelement-pro_setup_full5261.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 2700	880	chrome.exe	22
PID 880 wrote to memory of 2700	880	chrome.exe	22
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 1032	880	chrome.exe	88
PID 880 wrote to memory of 4396	880	chrome.exe	89
PID 880 wrote to memory of 4396	880	chrome.exe	89
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90
PID 880 wrote to memory of 4912	880	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pdf.wondershare.net
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa63f89758,0x7ffa63f89768,0x7ffa63f89778
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:2
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5516 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5812 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5140 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Users\Admin\Downloads\pdfelement-pro_setup_full5261.exe
  "C:\Users\Admin\Downloads\pdfelement-pro_setup_full5261.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Control Panel
  - Suspicious use of SetWindowsHookEx
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 --field-trial-handle=1776,i,8863184440423434364,14654262895137507971,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
936121c5168a15240ca83bf678349816

SHA1
ec799d8f0b5c4e4951e59567fd54feb53fbe1056

SHA256
725eceb680d2c789e27d2ea25dd9a568264c8c91a76b879b619e76d4e1660d18

SHA512
b179369501133d699b82a44fd3f8b3cb935ce2065836b2005bc82ff1484ce7153f44f3f28e1504b42f64ab271d8a25cd919565438e479f31a90ba62af9a7a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
26d38cbc2047c8c57756de831a92fcee

SHA1
787789eea407b7662dfe53bcdb8f99655815decb

SHA256
b45b62f22e2a2da2c597f7cb0fa8ad4e0fc079492549a08a46ee57a5885b67d9

SHA512
1b77978bd9129f17c019cfce1a3dd4cb21f042309443bddeb9f989cb12af58dc131e8e2f3cd3fd44651dc95ed18489b0587396a53f78f8df746cd33c13800afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
96b5c13bbc893bd2ca23c2275df1d109

SHA1
d25e69a3c2739fee92a758abacda3d70f9bb090c

SHA256
0280a7eeee1266f0427e3bb8356479351c62ce068436341962a8bab8ce919b95

SHA512
a56af0dcf64a6b407aee396b7fc06c4da62c6437a7375ea198fd82ff115980180aae7e273e2c680d2566e8127b131467290283321298832cf0b2a0579abb3146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75e7b30ba75a7df7fdc3e677e1c7b0be

SHA1
b62f7aba0a2b7c0da481df4e9ca2f4fd2d5b917a

SHA256
0db65c2cb619fcff6218f519a9f57dc5012a5c3eb11207467519acbe08d2514a

SHA512
9181b8d5f2982a8dcf7937858691db238afca7a946763d9ad208ea4f93400968a824b06deaa2e935eca070c7c067fd087c47fda613b05f4dd03923673c12dd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\f1f3f7c5ef117629c55c539a61d96415bf52bd60\index.txt

Filesize
121B

MD5
43fb0f602b5cf54192e9131672a497e8

SHA1
2d81dc0cd1916c11a059813090020eee35a467bd

SHA256
d6bae3e4b4941cfc1312fd32512c202dfd9c6ffaa6123567bc50be2ac502b80b

SHA512
43f93a0da80d6b79af349a5744c84ec20ec3ed21bd9c5675c1c4e513ea35c2208e091d7843f01ea0778f8fe0c940a71660a06d68e4af4afabafa58eb35222b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\f1f3f7c5ef117629c55c539a61d96415bf52bd60\index.txt~RFe57d438.TMP

Filesize
128B

MD5
302f01fe06e794054164b18f1bd214b4

SHA1
355df2b8c4f6de684ec4606f5ef4e57d5256906a

SHA256
ea4d3dd4019d28415a8c229e0742dd5ddc92c259306046b9237c48fedeb89737

SHA512
a508c3e741fdfc3ae2aa905abc8a692603e42020f02e7659218c7a3e278e2d2baf7e7e58c4afdac5cbcc3e4ff46df70cef5259ae996dae1e32894d01bd6d90e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
2f4e2ff44d3c582ae5addf39caacdf5b

SHA1
930358753e2c4a89e5394b45f5e1cb2da6436850

SHA256
db83be9a11e97fe69f80b4e89a17866b6e526ad2a68de7c5b21fb46a54c4a8b0

SHA512
8d8c4aef0b08e1ae92c6c66f2dcd92cf5400e283080664462a1d67d6a0657f83694392e4025f335a8f747ac64340820a60de345fbe0f46f366260679932aa85d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log

Filesize
1KB

MD5
af1b4b347bc2992d980f2cc9551df8c7

SHA1
8fce4ad433a7225cacf5408280ac06bae3ccfb5c

SHA256
a8db68f4b467ad2b7d40dcf1c6f65be58ef6015a7eef4c6dc1a4f71fb9bca30a

SHA512
89340bc99ef6fb26061063bd3896c3dc3c270d0894fc8d92bf458af2abf389220c2b4c066cfd8fe0e56c5fa1e167f8b4d0802e4b8943697e396ec0acbbca2c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log

Filesize
546B

MD5
3d193e36cbe89213b28e3ae089325043

SHA1
597fa23a5ab47ce594c3390f59143c9470fb689a

SHA256
57f34f6ef61ea292513c66ce419e1a6c4a52d715b28e87e98f3875cdd3843d4f

SHA512
ef6159a606e47526bb52c4fcd7fab71cffa5e7d63b99b831f7417257d271f40e2acaf9db90d642b066a51cf2f09f8fe92f00dcfe3e398c3f210f04a6764c6aa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
2KB

MD5
d7166c619cd14353bb63565c9a7631a4

SHA1
1e1379372d759d9aec9d9c5aabb517d17a802566

SHA256
13fcc791c3e29e65804f9aa079489137bd649ec0c802c1cf354e530f2690ea5d

SHA512
084ac0f27b24243f81dbf1454426cb75efb4b6bd08a34af2d6fbd81987e106e201d80ee0bb75e228e9d70e1497579676868958f150c4278a69cd88441ef06bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
10KB

MD5
7fa2c67183f7093f12f7507237fea323

SHA1
6035e329e391dc6269fd280f5c4654dc8de65f92

SHA256
d430f698648b37bad070aad7bd9af0695ccb644b3c73ba4d9082101d6249611d

SHA512
371b7cfee094f1169c971b1de6a6f9de02aa248638d88c052b5834cef7c62d732539745500fa0b4b6324d897be4dae9f2976d3aa8f8c7d19b6780e035fded233

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
10KB

MD5
7fa2c67183f7093f12f7507237fea323

SHA1
6035e329e391dc6269fd280f5c4654dc8de65f92

SHA256
d430f698648b37bad070aad7bd9af0695ccb644b3c73ba4d9082101d6249611d

SHA512
371b7cfee094f1169c971b1de6a6f9de02aa248638d88c052b5834cef7c62d732539745500fa0b4b6324d897be4dae9f2976d3aa8f8c7d19b6780e035fded233

Download Submit
C:\Users\Admin\Downloads\pdfelement-pro_setup_full5261.exe

Filesize
2.0MB

MD5
53f5cffe143d5c0a364f388215577e77

SHA1
94acf2bcc07dfa508141363a7a85fb9246769935

SHA256
d9a45a67be7cd991311aac22b7decfbbd4d05f3683674b1cea43074546a7b665

SHA512
44edafce8d255bd7fa093c9c4654960b5375c78a62664549be7d16e324d575bb3e0313188b42f86e460d3475b4849ca69a05a1868311c8d5990855d9b378c3c4

Download Submit
C:\Users\Admin\Downloads\pdfelement-pro_setup_full5261.exe

Filesize
2.0MB

MD5
53f5cffe143d5c0a364f388215577e77

SHA1
94acf2bcc07dfa508141363a7a85fb9246769935

SHA256
d9a45a67be7cd991311aac22b7decfbbd4d05f3683674b1cea43074546a7b665

SHA512
44edafce8d255bd7fa093c9c4654960b5375c78a62664549be7d16e324d575bb3e0313188b42f86e460d3475b4849ca69a05a1868311c8d5990855d9b378c3c4

Download Submit
C:\Users\Admin\Downloads\pdfelement-pro_setup_full5261.exe

Filesize
2.0MB

MD5
53f5cffe143d5c0a364f388215577e77

SHA1
94acf2bcc07dfa508141363a7a85fb9246769935

SHA256
d9a45a67be7cd991311aac22b7decfbbd4d05f3683674b1cea43074546a7b665

SHA512
44edafce8d255bd7fa093c9c4654960b5375c78a62664549be7d16e324d575bb3e0313188b42f86e460d3475b4849ca69a05a1868311c8d5990855d9b378c3c4

Download Submit