055f227facd235f2d552027ddb73cedac92ed76104b6f1411f2192a2cb507907

Analysis

max time kernel
128s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 12:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PDFCreator-5_1_2-Setup.exe
Size

49.6MB
MD5

01c283988c93d390d4c81c38bf00abee
SHA1

4315c9c1d1abd1d6bfc1ace76cb507bd1f0e6b5e
SHA256

055f227facd235f2d552027ddb73cedac92ed76104b6f1411f2192a2cb507907
SHA512

3de9f0effc714c9751fea0193e6cf9903e5023aab9c6830d3d19503148fdd3ab34a14c7e6aebdfa1a6c509bf80b50139a78a7a331ff0f266d632fca9b8ff5e96
SSDEEP

1572864:4g7z4YFDEGtckIyKdIokCShK9LLL7jNcH:lz4wNKdpTShwLLx

Score

8^/10

discovery macro macro_on_action

Malware Config

Signatures

Downloads MZ/PE file

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral2/files/0x0006000000023109-253.dat	office_macro_on_action

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	PDFCreator-5_1_2-Setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 2 IoCs

pid	Process
3300	7z.exe
1376	PDFCreatorSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	PDFCreator-5_1_2-Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	PDFCreator-5_1_2-Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	PDFCreator-5_1_2-Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	PDFCreatorSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	PDFCreatorSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	PDFCreatorSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	PDFCreator-5_1_2-Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	PDFCreator-5_1_2-Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	PDFCreatorSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	PDFCreatorSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	PDFCreatorSetup.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	3300	7z.exe
Token: 35	3300	7z.exe
Token: SeSecurityPrivilege	3300	7z.exe
Token: SeSecurityPrivilege	3300	7z.exe
Token: SeDebugPrivilege	1376	PDFCreatorSetup.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 3300	1352	PDFCreator-5_1_2-Setup.exe	84
PID 1352 wrote to memory of 3300	1352	PDFCreator-5_1_2-Setup.exe	84
PID 1352 wrote to memory of 3300	1352	PDFCreator-5_1_2-Setup.exe	84
PID 1352 wrote to memory of 1376	1352	PDFCreator-5_1_2-Setup.exe	90
PID 1352 wrote to memory of 1376	1352	PDFCreator-5_1_2-Setup.exe	90

C:\Users\Admin\AppData\Local\Temp\PDFCreator-5_1_2-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\PDFCreator-5_1_2-Setup.exe"
1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\7z.exe
  "C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\PDFCreator-5_1_2-Setup.exe" -o"C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3300
- C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\PDFCreatorSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\PDFCreatorSetup.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_5ABF2B93FF506722017092AC4D4208F7

Filesize
727B

MD5
54ced71663854e8350e62eeb489adfde

SHA1
c9f779c1795927a81b931f81fceee7360aefb429

SHA256
456b262554b410493a9b3bd4491103780800ec6d0b1c21a45cf663f2f51f4312

SHA512
33efa4583466afa98f29ae66123bea0bac005e71555e8d21bed82202e892478ac4ca1b9c5ee36ec7c4338edd7c7d707ff0c39160d76611c1a5cd226b6bbbc57e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
eb39794a076af6800472c8e9f0e8a5b6

SHA1
9b8aea1ab963146b3f0e529142f05da760faa489

SHA256
6d28ddacd5160386cda483f476c026e6804b28e45884bf70c9bc7f522e6cc2aa

SHA512
b03dc28055b34ab82496261b0a7f0803dcc4834b135104291db6b9b40e4f05b461a1991c0373c2f69ba8405a18c3558531bffbdfc1198f1f8491bab4242de450

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_5ABF2B93FF506722017092AC4D4208F7

Filesize
412B

MD5
7469356b3aa41db48222941fa204d0a1

SHA1
ab9e1b0c5fb2ce51374ec241940d6e5e03b4c6a2

SHA256
8a1421beff642d1136e3ab0b241fbaabdd49363043254bbbce76bfd779b2412b

SHA512
49a6981a429e81a4a1626cbaeb4f8381592baa86c21b2fdbd55ef550f8d22515a95c61c7f6742990bb023440177ed9b156145bc17693566848f0caf4877285a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
b51caeacca43771d9defe2b044c71967

SHA1
9c838af1716f047d5f62a2ba3dc5bb26e5b51b7b

SHA256
465981c6a8d84f037ff34298d0d4ac2669783927c29470ae0e724687cc77baf3

SHA512
b8f2e5cd34ed61b9a2abb9dbac088a87053f83da368ac529502f8738dd684fa058c755b1c68a285c69dffc27ace9ea2b890012ce80a3f84d79c19b1614144222

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\7z.exe

Filesize
676KB

MD5
2e3309647ce678ca313fe3825a57ccb9

SHA1
792fdeccddd3cc182eac3a1ecd7affe5b48262c8

SHA256
e6855553350fa6fb23e05839c7f3ef140dad29d9a0e3495de4d1b17a9fbf5ca4

SHA512
5eb2af380fed7117d45232d42dec4d05a6f4f6cd6c7d03583c181b235344ea922290b6e0bf6b9683592bccc0f4a3b2b9b9fd7d41fbfebf1045bd95b027539dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\7z.exe

Filesize
676KB

MD5
2e3309647ce678ca313fe3825a57ccb9

SHA1
792fdeccddd3cc182eac3a1ecd7affe5b48262c8

SHA256
e6855553350fa6fb23e05839c7f3ef140dad29d9a0e3495de4d1b17a9fbf5ca4

SHA512
5eb2af380fed7117d45232d42dec4d05a6f4f6cd6c7d03583c181b235344ea922290b6e0bf6b9683592bccc0f4a3b2b9b9fd7d41fbfebf1045bd95b027539dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\Banners.dll

Filesize
54KB

MD5
1959f4be85635e2188407bda4c87747e

SHA1
8d54ec03f68503ed204888149ac017856a7c7568

SHA256
b235334ed8e95c4fc10638a4dd68fd08cbd5f5be9bc4439af6284bf4c6d0f263

SHA512
85b92c9ee1435e002ce9d42edb6159142d6171444f236e3b0d9927aba76b60d5ebbb524cec1040ee28b3527c2171c33d8a369dde420f0fcbe2ad066102736c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\CommonServiceLocator.dll

Filesize
9KB

MD5
7072bbdc5f778b5fbe6d4b628ca1a4ce

SHA1
48786a00e787e4c2a7ceb848d89f0f7cbfda8121

SHA256
32f6701c64317249df8e95dfdff03789f2c2bf4124b8769558ff2624c56a504b

SHA512
75a8a7067035636f6d6240998be0357989e6351ce7b91a645370135904baa9a0c4dbb70c31b7cf0de495cb01dbdce183008fd582d6cd638bce447c3eaf99810d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\DataStorage.dll

Filesize
25KB

MD5
75895b347003574f6b33aa01378be66b

SHA1
c8882c26a78c320d73af4a8dd746a9a288b43b6d

SHA256
b6e260abef05efe46a752c09d9b68baa54597e7077933a7cd78019003de6fb3b

SHA512
5313ddcc2fff20443af6155fe6d74aed6e90d0932b31607ec8e5aefaed4494e78347bdc37ba6ea6f0cc6cecebdb7952889ce7901678ff29e00724dfab6022d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\EditionBase.dll

Filesize
15KB

MD5
7d5bc618e9d083e99413953234897c80

SHA1
473dd7762714f40c042ce21c0bf6291b3e3e2134

SHA256
69777d52a72471ffc67e064851e422a21ddb41dfd4ce7b6b3924b3a02762dbaa

SHA512
bfd7c7ec160d818f5b7181fa127dd9de5a46af4c48b9aba39b80126170abe801d331e6c35fe9b78cee24ae0f0f16747903601074474b96cbf6201339f9f58fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\GUI.dll

Filesize
3.3MB

MD5
196ffa9c8dcb7b60c0b25075463b1353

SHA1
f5fb335bd4b877cc2c270ecdd7984a958642ba69

SHA256
a8beeecc3084522df3373461e42d752f9db3c7bbb42be2ad9ace352d257d457b

SHA512
a23a01e73772b738d05527fb2eac9813d10335e29b0333157abe2caae09fd110cb9fe693a3472f70db9169c90edf8deb9be0a1aeef24724ae1b96cb045c0fa58

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\LicenseValidator.Interface.dll

Filesize
12KB

MD5
6ff8cdaec380a2100b639641d1989d9c

SHA1
c46d10b3648c22fb05de41f0bd7e5c72dd38e508

SHA256
ca164fdd8d4e9ea73c8b465ba9aad49a92c377f76e5a352e853bfab960ccf041

SHA512
40cbbbf9a4e96e5da17aac97dfc77109e6d997f3c8ec470538f1e20b0a96d941f53aa731c5367c2926f0e82ba8f643a192aa1ba395509465d3f4e3fc2f8e1a55

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\MahApps.Metro.SimpleChildWindow.dll

Filesize
39KB

MD5
43deff1be0fe06dc684a1b1ed5738b57

SHA1
a56380952baf99d267ca83c950fa21b8e663c22d

SHA256
460123294bfccbea3104a81ebecc881516d024e0ce47e41842f91f436c5662e3

SHA512
735ab29cb5baf17394539604d94e8aefab0b211997ba3c443234db1288246ce1c3f8f7f2fed7ba911d3df00e1641b858720d0e11ed13db5c53577e2d5cf9f661

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\MahApps.Metro.dll

Filesize
1.1MB

MD5
a1b84e1d85ef46e744e0a492c73cefa1

SHA1
492240e4796d1f7b62f16b90c530bb2bb1feb3bf

SHA256
f1a8d821a17d9a38c878b6239f1c142f04495607ad17457022ef58796c127d51

SHA512
813a63572fd0682ba57da714402de7ff8f250c535a0238711e6ceaeee7bb482360e1cfd2a4bfe40d59756ff12598ca3750df9cb34dd756e29e4e197aea7f1b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\Microsoft.Win32.Registry.dll

Filesize
22KB

MD5
da40f3db8b34571684c0cb5bcecd2a79

SHA1
1c27a41fd84d6bfe99dabae2e59fcf12fccf6213

SHA256
619737e2af8fb713085726631dd2e522fe130cac1d388a59c38907a47d7aadea

SHA512
e656d72e111eaca7c8e9b7d4106030c1104286395046c2de58a04edd590cb2714dcf3aeca2b93f843b4663f1d1e630cc19f1e4eae2fa62f0d382fa18cc8a5981

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\Microsoft.Xaml.Behaviors.dll

Filesize
141KB

MD5
6b93b0f937d04d39172f9cd61fe58fd5

SHA1
54fb26f8b4f11d01573fd1c6a1b532af2b37d687

SHA256
ff75938fedee596706171916db763ac100bc7164a7346dd739ad61660e068b5a

SHA512
d3b7bbb09842984147b8dc849ef7467c3927cd8730ccfcc310d6d46bf3070e826d7a1cffc43a2ccc33d5d8521ea07d2c19d766b127fafc71edcf288db187df1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\NGettext.dll

Filesize
39KB

MD5
f949444a5b853098d15a1430904312ac

SHA1
10640d584178057f3f49615c6beef8e27f0ce37e

SHA256
5f95595245162345d917d33b835d06bca32b17804f5fc2e54541b81ba2d56e4a

SHA512
d4d5554e0efc5fc38354e4ad3a05520d789f75f9686a8804c8edbe8aebe7a075a867e81757b127a4a8a7f0fecef387856707f60eb4fd332baa62a96907d723e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\NLog.dll

Filesize
918KB

MD5
60503a25ef7f45bc5dddcc3ef8f02b0b

SHA1
0e577eab7e9d7233b8be26431256f45200e233bf

SHA256
4b1d3cf9f1f3c4a6ead141243069162172e9ef48ba1a9bf4f7ccd618b8194b5c

SHA512
6c8f7c45606a297afd2f5523fa8340d7c72267bbcbe3f518f0fda193945d40f35f99519275fca5c44a641ed5593dcef99abf664fe713b613e58dc4f27d6125ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\Newtonsoft.Json.dll

Filesize
683KB

MD5
6815034209687816d8cf401877ec8133

SHA1
1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

SHA256
7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

SHA512
3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\Obsidian.dll

Filesize
37KB

MD5
8386fb3cca7993a1f75e57686548ffb7

SHA1
1ad7a5c6f86cfcc51cea2f4300f9d7316d7815be

SHA256
99479d9845345e0ebf5d00cbaf7fee663df662a86278e78e458c7481bf144e98

SHA512
8b1bcee91b29845b9dd3b896f4fb2dea7396cb85d9fa348a6669b66ffb9b55bebbff9584d4e2682ac58b1a785ce3a8afd87bab938b1c03ae3460ec5168b01d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\Optional.dll

Filesize
26KB

MD5
861a42ddb1203769193f2ba887fe1afb

SHA1
bd690e1e84085015819cf91918dc61da22a8de11

SHA256
4a57cb0faab044ff0219d58bb60a121e303fde61ad8e4521ab3bc79ed2f81423

SHA512
69c19817b7796c740c9a41b88beafa0b8a7d63917e5be2d08fb6bd94d364b756c60f644ca5c4e488a10393b139b98dadd4329cb5ad6283b6d1e9fb8cdfdeaf39

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\PDFCreator-5_1_2_55291-Setup_x64.msi

Filesize
121.5MB

MD5
ffa9aeb51840434ca09a9759633f6b40

SHA1
50592639bf89c740d2c03ef1cafefd301e7ac106

SHA256
7ad8b6b19f419d0976ef1e8e908901f248383f19c46ee66da87d710ddf229ad2

SHA512
0d22789af7d8024485e97527063a18499a79b0bcd4b5e9188cd2af93ef8c63e64599a245933eef2315c65f65546e522d724984ea1ada8423feb84e518fd608c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\PDFCreatorSetup.exe

Filesize
58KB

MD5
7b926591008aa0217fd014ff9b5b6bba

SHA1
c799085ebfbad10c6c33b53c3fa4eefcce5f74f9

SHA256
0158b302ccc0ae05c2f2a262c6ffcf457997e432212f0a4c2b713e7868fdbfff

SHA512
8280f1118852ade92573cef42442d4380b7d4909201b8ab666a5e08c9b69208f2faf802443bf5a00369cd53a174bfe1335be9fc60b8e7173351129520e65d955

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\PDFCreatorSetup.exe

Filesize
58KB

MD5
7b926591008aa0217fd014ff9b5b6bba

SHA1
c799085ebfbad10c6c33b53c3fa4eefcce5f74f9

SHA256
0158b302ccc0ae05c2f2a262c6ffcf457997e432212f0a4c2b713e7868fdbfff

SHA512
8280f1118852ade92573cef42442d4380b7d4909201b8ab666a5e08c9b69208f2faf802443bf5a00369cd53a174bfe1335be9fc60b8e7173351129520e65d955

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\PDFCreatorSetup.exe.config

Filesize
2KB

MD5
ab73d2be0c53da6e1bf23b5f533b7d4d

SHA1
728f2dbfc7ca03af17b2b911f25a71f5c85dd698

SHA256
ad3bffc2122f909da3a0e267115605910f1908e6bd06ce078f1f853f12866b28

SHA512
310949970b3a0e2b982f095e777221eb244ac7c5ecd0ec462a9cee0c9961c1555c751a8b204bd12bc84e786ca5395fe52c0d912a984823f01265a73286459219

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\ProjectConstants.dll

Filesize
12KB

MD5
be2391e89f70983dd8177503742b6df2

SHA1
88e77820dad4abc63989d7f8232f56f40140502e

SHA256
23613be1e32fee024889aeea013f6eefc22238bd890f76b49919b444120087ea

SHA512
878144efdaf7867fc904dbcbe2cb7b9e0928d4ca0816f0d93bc7548dbf32752bf99f2fe9de7e118a1d75c0ad5c68da0e9ea53736a4242e08d3afad33cbcd383d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\Shared.dll

Filesize
109KB

MD5
e5c727740f197537e0ccf89e149764ef

SHA1
a78a68f14a4fbf56a729fcab6f530b91be70d2cd

SHA256
ea2f3c5bdffc2432ce203b03f51878694703b8d856be5d4149131c21e987a60b

SHA512
0f98ffcff6f038df662f54f6f189daee5f15fe9611b9bcf1d6a447949a15dba5ef6e5e5755e2d6a5488ffdabf9120cbd65e0600630b1fb7906677ada835a9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\SimpleInjector.dll

Filesize
418KB

MD5
ca7496309aff08cf95f8800e6eb9278b

SHA1
46751d36818c9a167a9f7bdd2fc5d89a71f47df4

SHA256
0db464d355eeaea5877ac45eb34970cc1dc7967c915e148424cbd02288fa7493

SHA512
1b9cb11cb26bee15ba5a47992d93f81f818a0f8ad9182fdb79a8e3c90042495344b89b0a55e9e4945af3a20c1135711354cf8714fb3854920b01ca6e1919c3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\System.Security.AccessControl.dll

Filesize
30KB

MD5
2d3e0b4ddf8628b41057b2aceef296eb

SHA1
8a3b1bd9df5d052c24de2304a2928fad86927f6d

SHA256
aced52254a8c3cb6ad30f99f8b745296926c49373cab00824c2c4c10ad325b10

SHA512
faac4233c45a773c4470071b0b2a75ee81eefa45f88b76fea305443514ff9c8429af3d394884933712d1fb7a7a03701f3d9df0f1de345078ddfeeeb5b4dc094b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\System.Windows.Interactivity.dll

Filesize
54KB

MD5
580244bc805220253a87196913eb3e5e

SHA1
ce6c4c18cf638f980905b9cb6710ee1fa73bb397

SHA256
93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf

SHA512
2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\SystemInterface.dll

Filesize
38KB

MD5
cc809a2fda737badd3b9d0577d473e8e

SHA1
262e5b82701cb1f29915ec75761e46f4278dc6bc

SHA256
cb2f3c682b195cf793ca92098138adf89b381db7faa55cea1293fd855eb278b9

SHA512
282cab5c851e880c3dbb018941ebf9e8319d68af597da9f8d89f92b0fedfedd15cb7f10a6edfd7eef526296f35933ab0ab299a930ae8237dfa8a439e75f55460

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\SystemWrapper.dll

Filesize
63KB

MD5
1b80b4b170144136ee859887e0013ac2

SHA1
214abb16a15fccbe6fa8cce32df25fd53b433920

SHA256
bae697961ca2d00669123d5c725c7fa57d948b91247b143f690570936cfa9d14

SHA512
c2ca33b77985d710c2e76b795a422dca394005470b190adcca075ee2fcc596d4aa0c942e3e747ac6f0b2c6ad51eeebc0dc1fa9fa084a21e800dbd689a50d5818

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\Translatable.NGettext.dll

Filesize
6KB

MD5
2d07f8fec9bb42d6e5c7f9e7ed9045ba

SHA1
d5de53e170701437ea750e374a7ba8196a217001

SHA256
27c9f9ab52fdbf1ad74db5523b569f676621c6b87a3e1eb785febf17f9c70f51

SHA512
6c6653ff5f7512c2ad7c1a1cb3f62c6da67f7f07a64786c05cac6fa3293f062fa2481f4ff3de853c1787ef1017779be36f933a026ee6bc38e19422c036571b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\Translatable.dll

Filesize
26KB

MD5
19286beecba33c5a58360d6193cdda71

SHA1
70effead44bb30a4df884fad9f91fffc23eef2a9

SHA256
b3705e456ffa1426a46862de8d24699a2325eab34c6b0fa4909c3482c144be89

SHA512
67323e03da57ab4361bc6b9796d97c7285bd2e44fa0297b2459031ef63956533abc1c58899fe417914a69a764700e0cf4d36bed8f29e9780fa2eff3928573e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\UsageStatistics.dll

Filesize
12KB

MD5
687c731b8f3b0dde161ffa870455cbdb

SHA1
4d07caca5ee0c0587d3176846106aabf413d7289

SHA256
0dc20e3017b483219260c6cc8ddd2f3ec9e07ec7a354b638b52386b79c343699

SHA512
a15855524cc51cb1764071f48aa6076ab02ad25c20d9c708e9ea7c9a9a799031f8e64c1332359e979059d99439de6d64c578f8d473fed969f1e85cdcd3bd79e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\WixSharp.Msi.dll

Filesize
27KB

MD5
818e71edd6f91f393f697560a50f751c

SHA1
0542b48e0a2a2e649bb0621d938cd049cdecd086

SHA256
f974e66e84965edd489862cdc92d1f2167c1139cec3c703e9305c76e67ed87d8

SHA512
f11d7c222dea654c0d124e4e698b2d606ac54522df9dc7ef14dbf77b2483da887f12f900379b6cac9f2d1039599f5ca93d2708e72d7ca85244dbb4096bde9f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\WixSharp.dll

Filesize
380KB

MD5
a43afd31efe0ba14a32efb4e17f0d8e7

SHA1
5b6baf45e8ef32518c59c6062b057fcf0a40538f

SHA256
22e1e8c4e1a72e2bd67cbb906fae1eacd6fea5fea10de06c22f378e06580df0f

SHA512
fd1041fef31d65b9bfa0435ce7a56a6fd6627bec058edb5d832208c78dfa5228f6f2234ff4f14bc0e4e6a547a683d4ef71b10bc58b1f556087b9d38c6f32800b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\WixSharpHelpers.dll

Filesize
23KB

MD5
d6bffde53a7d7c0a3a7ccaaa26697ccd

SHA1
8412230ef8114faebb51108d60c4f096597e326d

SHA256
a33d6ee27a742a83f62cbecf009b4d6f678202fb3daf0509b9bdc72ec2e6c1cd

SHA512
6f064956b388e443ebf93ee6cd43dadfcc1bb9150a6415aa6347918701fbfb382c4683289ac93ded69b96ce957b9819aac7c97932a94f27f9b901846b4dc6e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlf2yuig.kq1\pdfcreator-languages.txt

Filesize
167B

MD5
5902c86ca1226f1379903fba98f4f153

SHA1
e809823201783c244c5c98878fcbd62455833541

SHA256
073f89e7414aa19d0a2a5ec2553ffdb85df69a3f21a69cb0e113dff198d54c71

SHA512
656e0a5f26ba9b2de218d2568159c62dc45aaa5c608f187879380a0e45c85ac9f6102d03c810874fd85edb49c583c4c5c9af25e152c599d88a76d516972ecb68

Download Submit
memory/1352-196-0x000000001B480000-0x000000001B490000-memory.dmp

Filesize
64KB

Download
memory/1352-20-0x00007FFAD24E0000-0x00007FFAD2FA1000-memory.dmp

Filesize
10.8MB

Download
memory/1352-3-0x000000001B2B0000-0x000000001B380000-memory.dmp

Filesize
832KB

Download
memory/1352-2-0x000000001B480000-0x000000001B490000-memory.dmp

Filesize
64KB

Download
memory/1352-1-0x00007FFAD24E0000-0x00007FFAD2FA1000-memory.dmp

Filesize
10.8MB

Download
memory/1352-0-0x0000000000510000-0x0000000000614000-memory.dmp

Filesize
1.0MB

Download
memory/1376-232-0x000001B547970000-0x000001B54797E000-memory.dmp

Filesize
56KB

Download
memory/1376-258-0x000001B549FB0000-0x000001B54A016000-memory.dmp

Filesize
408KB

Download
memory/1376-233-0x00007FFAD24E0000-0x00007FFAD2FA1000-memory.dmp

Filesize
10.8MB

Download
memory/1376-228-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download
memory/1376-235-0x000001B549810000-0x000001B5498FA000-memory.dmp

Filesize
936KB

Download
memory/1376-227-0x000001B5479A0000-0x000001B5479B6000-memory.dmp

Filesize
88KB

Download
memory/1376-225-0x000001B547980000-0x000001B54799A000-memory.dmp

Filesize
104KB

Download
memory/1376-224-0x000001B547950000-0x000001B547960000-memory.dmp

Filesize
64KB

Download
memory/1376-222-0x000001B52F240000-0x000001B52F24C000-memory.dmp

Filesize
48KB

Download
memory/1376-220-0x000001B52DAD0000-0x000001B52DADA000-memory.dmp

Filesize
40KB

Download
memory/1376-241-0x000001B547CE0000-0x000001B547CEC000-memory.dmp

Filesize
48KB

Download
memory/1376-242-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download
memory/1376-243-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download
memory/1376-244-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download
memory/1376-218-0x000001B52F260000-0x000001B52F274000-memory.dmp

Filesize
80KB

Download
memory/1376-216-0x000001B52DAC0000-0x000001B52DACE000-memory.dmp

Filesize
56KB

Download
memory/1376-250-0x000001B549E10000-0x000001B549F2E000-memory.dmp

Filesize
1.1MB

Download
memory/1376-214-0x000001B52DAB0000-0x000001B52DABE000-memory.dmp

Filesize
56KB

Download
memory/1376-252-0x000001B549CF0000-0x000001B549CFA000-memory.dmp

Filesize
40KB

Download
memory/1376-212-0x000001B52DAE0000-0x000001B52DB02000-memory.dmp

Filesize
136KB

Download
memory/1376-210-0x000001B52D900000-0x000001B52D910000-memory.dmp

Filesize
64KB

Download
memory/1376-255-0x000001B549F30000-0x000001B549F3C000-memory.dmp

Filesize
48KB

Download
memory/1376-208-0x000001B52D8F0000-0x000001B52D900000-memory.dmp

Filesize
64KB

Download
memory/1376-230-0x000001B52F250000-0x000001B52F25A000-memory.dmp

Filesize
40KB

Download
memory/1376-259-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download
memory/1376-257-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download
memory/1376-261-0x000001B549F50000-0x000001B549F5A000-memory.dmp

Filesize
40KB

Download
memory/1376-206-0x000001B547DA0000-0x000001B5480F8000-memory.dmp

Filesize
3.3MB

Download
memory/1376-204-0x000001B52D8E0000-0x000001B52D8E8000-memory.dmp

Filesize
32KB

Download
memory/1376-263-0x000001B54A0D0000-0x000001B54A180000-memory.dmp

Filesize
704KB

Download
memory/1376-202-0x000001B5479D0000-0x000001B547A3E000-memory.dmp

Filesize
440KB

Download
memory/1376-265-0x000001B54A050000-0x000001B54A078000-memory.dmp

Filesize
160KB

Download
memory/1376-266-0x000001B54A080000-0x000001B54A0A2000-memory.dmp

Filesize
136KB

Download
memory/1376-199-0x000001B52D8D0000-0x000001B52D8DA000-memory.dmp

Filesize
40KB

Download
memory/1376-268-0x000001B549F90000-0x000001B549FA0000-memory.dmp

Filesize
64KB

Download
memory/1376-271-0x000001B54A0B0000-0x000001B54A0B8000-memory.dmp

Filesize
32KB

Download
memory/1376-272-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download
memory/1376-273-0x000001B54A0C0000-0x000001B54A0C8000-memory.dmp

Filesize
32KB

Download
memory/1376-274-0x000001B54C840000-0x000001B54C878000-memory.dmp

Filesize
224KB

Download
memory/1376-275-0x000001B54C810000-0x000001B54C81E000-memory.dmp

Filesize
56KB

Download
memory/1376-200-0x00007FFAD24E0000-0x00007FFAD2FA1000-memory.dmp

Filesize
10.8MB

Download
memory/1376-279-0x000001B54C880000-0x000001B54C888000-memory.dmp

Filesize
32KB

Download
memory/1376-197-0x000001B52D510000-0x000001B52D520000-memory.dmp

Filesize
64KB

Download
memory/1376-277-0x000001B54C830000-0x000001B54C840000-memory.dmp

Filesize
64KB

Download
memory/1376-280-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download
memory/1376-281-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download
memory/1376-282-0x000001B547B80000-0x000001B547B90000-memory.dmp

Filesize
64KB

Download