e14274d9724505d314d2025563420b4e5064f5f54e4dc6a22f0d2dc7031f340c

Analysis

max time kernel
137s
max time network
163s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28-05-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WS.PDFelement.Pro.8.3.8.1253/pdfelement-pro_full5239.exe
Size

126.1MB
MD5

fc63185f81f764004cc2d1d05272c062
SHA1

d271b39b93727dfca6535895ae8619780f2053ac
SHA256

86ce2f762468736cfcc82cf95ee28ba476bdba022f5d96a6f976eeb65bf8dc0a
SHA512

8e08f6997fc140a39da079235477096f7491ac3f2b308e5e1520882c5c6866fefe3deac272729b3ee7ac36d70a2b47a33a1ecde58109156f48d52d1fab63dccc
SSDEEP

3145728:cNCCVySU1XUS6d99oCPF2m8PfCQ/cAHvcglL:v1kS6dDtHQ/7vcc

Score

9^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	PDFelement.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	PDFelement.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	PDFelement.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	PDFelement.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	PDFelement.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	pdfelement-pro_full5239.tmp

Drops file in System32 directory 9 IoCs

description	ioc	Process
File created	C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.HLP	WSPrtSetup.exe
File created	C:\Windows\system32\PEPrinterMonitor.dll	WSPrtSetup.exe
File opened for modification	C:\Windows\system32\PEPrinterMonitor.dll	WSPrtSetup.exe
File created	C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT5.DLL	WSPrtSetup.exe
File created	C:\Windows\system32\spool\DRIVERS\x64\PS5UI.DLL	WSPrtSetup.exe
File opened for modification	C:\Windows\SysWOW64\PECRT32.dll	pdfelement-pro_full5239.tmp
File created	C:\Windows\SysWOW64\is-FJS6G.tmp	pdfelement-pro_full5239.tmp
File created	C:\Windows\system32\spool\DRIVERS\x64\PDFCREAT.PPD	WSPrtSetup.exe
File created	C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.NTF	WSPrtSetup.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
6112	PDFelement.exe
6112	PDFelement.exe
6112	PDFelement.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\Resources\CMap\is-RVNC9.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\WSIDAuth\PricePageStdTabBtn\is-SPUK4.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Components\PageTurnBorder\is-8J701.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\PageMenus\ImageCopy\is-PAEGN.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Product\ProductIco\is-0443D.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Annots\PdfLineEndStyleStartClose\is-EOSQE.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\WSIDAuth\VipGridColumnHeader\is-QAGVH.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Document\IconRotateLeft\is-QM46C.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Product\ProductIco\is-E4NQR.tmp	pdfelement-pro_full5239.tmp
File opened for modification	C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Zip.dll	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\MainMenu\FileMenu\is-5VCI5.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Annots\BorderStyleDash3\is-ITMTB.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Certificate\AddCertBtn\is-UCAPE.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\PageMenus\ImageBringToFront\is-489MD.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\ToolboxMain\DataExtractGlyph\is-GC2N3.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Uninstall\FormBlackIcon\is-HFKR8.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\is-08CR1.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Annots\AttachmentTypeTag12\is-B16TU.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Portfolio\PortfolioMenu\is-LVK4R.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\MainMenu\FileMenu\is-4328S.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Mobile\MobileBottomContentChs\is-J6N4L.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\PageMenus\ImageExtractImage\is-IHC3N.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Ribbon\RibbonDropDownArrow\is-97VNH.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\is-0EIPU.tmp	pdfelement-pro_full5239.tmp
File opened for modification	C:\Program Files\Wondershare\PDFelement\Addins\EXP_PDF.DLL	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\CMAP\is-5K5HS.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\FilePanels\ImgTaskStatus\is-6P0V2.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Menu\MenuExportToImageGlyph\is-MUVBM.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Menu\MenuExpandGlyph\is-R02DB.tmp	pdfelement-pro_full5239.tmp
File opened for modification	C:\Program Files\Wondershare\PDFelement\api-ms-win-crt-locale-l1-1-0.dll	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\Resources\CMap\is-VL2SF.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\SkinForm\is-EA5CH.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\is-RAIO2.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Home\RecentItemIconGlyph\is-7E00H.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Portfolio\PortfolioSplitterGlyph\is-FP4BE.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Ribbon\FormAlignRightGlyph\is-1HG4C.tmp	pdfelement-pro_full5239.tmp
File opened for modification	C:\Program Files\Wondershare\PDFelement\data_api.dll	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\AboutLeftLogoChsBiz\is-V25HC.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Certificate\DeleteCertGlyph\is-RFL3F.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Document\IconAlignRight\is-TSVTI.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\is-PJAVJ.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\PagesRotation\Rotate0Glyph\is-BSJCT.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Trials\NewVersionNoteImg2\is-MICNA.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Languages\PDFelement\is-96ELE.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Signature\MenuClearSignature\is-D6RC9.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Annots\PdfLineEndStyleStartCircle\is-29U1I.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\Splitter\is-IE1QH.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Product\ProductIco\is-8EVT8.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Feedback\FeedbackTopRightBgk\is-7JQHT.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Menu\MenuInsertBlankPagesGlyph\is-60V33.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Sign\SignEraserBtnGlyph\is-3CRAI.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\AdvancedSearch\IconSearch\is-RNJ63.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Settings\SettingOcrOverTips\is-QEMVO.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\WSIDAuth\VipProductTypeTrialBigGly\is-B4F24.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Components\EyeButton\is-UA6RD.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Menu\MenuZoomOutGlyph\is-SFDT6.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\MessageCenter\MessageRadioButton\is-OBBGU.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\NPS\NPSForm\is-KA4Q1.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\WSIDAuth\VerifyEmailImage\is-U7449.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\CMAP\is-SBJJA.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Product\ProductBackground\is-84DL5.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\CMAP\is-5OMTG.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Ribbon\RibbonHeaderFooterGlyph\is-G7QS9.tmp	pdfelement-pro_full5239.tmp
File created	C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\NoCaptionRectForm\is-B4BFE.tmp	pdfelement-pro_full5239.tmp

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Executes dropped EXE 10 IoCs

pid	Process
1432	pdfelement-pro_full5239.tmp
3004	Ldr64.exe
4480	_setup64.tmp
4156	PEAddInDeployment.exe
4784	PEShellContextMenu.exe
4564	PEShellContextMenu.exe
3060	FileAssociation.exe
1764	WSPrtSetup.exe
1632	Process not Found
6112	PDFelement.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1336	sc.exe

Loads dropped DLL 22 IoCs

pid	Process
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
3516	RegAsm.exe
2580	regsvr32.exe
2580	regsvr32.exe
6112	PDFelement.exe
6112	PDFelement.exe
6112	PDFelement.exe
6112	PDFelement.exe

Registers COM server for autorun 1 TTPs 40 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\RuntimeVersion = "v4.0.30319"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\ = "mscoree.dll"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\CodeBase = "File:///C:/Program Files/Common Files/Wondershare/PDFelement/AddIns/PEOfficeAddIn_x64.dll"	PEAddInDeployment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\Class = "dmd"	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\Class = "dmd"	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Shell Extensions/PEShellContextMenu.exe"	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\CodeBase = "File:///C:/Program Files/Common Files/Wondershare/PDFelement/AddIns/PEOfficeAddIn_x64.dll"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\ = "mscoree.dll"	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Shell Extensions/PEShellContextMenu.exe"	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\Class = "PEOfficeAddIn.Connect"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\RuntimeVersion = "v4.0.30319"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\RuntimeVersion = "v2.0.50727"	PEShellContextMenu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\Assembly = "PEShellContextMenu, Version=8.0.0.10, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\RuntimeVersion = "v2.0.50727"	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Preview/1.0.0.55/PEPreview4.DLL"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}\InprocServer32\ = "C:\\Program Files\\Common Files\\Wondershare\\PDFelement\\Preview\\1.0.0.55\\PDFThumbnailHandler.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\Assembly = "PEOfficeAddIn, Version=1.0.6860.23340, Culture=neutral, PublicKeyToken=null"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\Assembly = "PEOfficeAddIn, Version=1.0.6860.23340, Culture=neutral, PublicKeyToken=null"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Preview/1.0.0.55/PEPreview4.DLL"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\Class = "PE.Preview.PDF.PDFPreview"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\ThreadingModel = "Both"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\ = "mscoree.dll"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\ThreadingModel = "Both"	PEShellContextMenu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\RuntimeVersion = "v4.0.30319"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\Class = "PEOfficeAddIn.Connect"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\Assembly = "PEShellContextMenu, Version=8.0.0.10, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	PEShellContextMenu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\ThreadingModel = "Both"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32	PEAddInDeployment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\RuntimeVersion = "v4.0.30319"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\ = "mscoree.dll"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\Class = "PE.Preview.PDF.PDFPreview"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomain = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "799"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\Implemented Categories	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\ThreadingModel = "Both"	PEShellContextMenu.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}\0 = ".NET Category"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{84E153C2-0254-3298-A4E5-35F5F8220EEC}\1.0.0.55\RuntimeVersion = "v4.0.30319"	RegAsm.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "163"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wspe8\Shell\Open	pdfelement-pro_full5239.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFelement.AssocFile.PDF\DefaultIcon	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Implemented Categories	RegAsm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "200"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\ProgId	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}	RegAsm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Shell Extensions/PEShellContextMenu.exe"	PEShellContextMenu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{815baf99-0c5d-4fa8-8ccd-1129ee6d25bb}	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{84E153C2-0254-3298-A4E5-35F5F8220EEC}\1.0.0.55	RegAsm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\consentmanager.net\NumberOfSu = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFelement.AssocFile.PDF\DefaultIcon\ = "C:\\Program Files\\Wondershare\\PDFelement\\projectfile.ico"	FileAssociation.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a00d65b5e1b0da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PEOfficeAddIn.Connect	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PE.Preview.PDF.PDFPreview\CLSID\ = "{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	RegAsm.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cdn.consentmanager.net	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "717"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0A87A3CC-494E-37FC-863B-18EFFCD7B791}\1.0.0.55\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Preview/1.0.0.55/PEPreview4.DLL"	RegAsm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "197"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\wspe8\ = "Wondershare PDFelement"	pdfelement-pro_full5239.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\Class = "PEOfficeAddIn.Connect"	PEAddInDeployment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\ = "mscoree.dll"	PEShellContextMenu.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "8158"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}\ = "PDF Thumbnail Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}\ = "{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.youtube.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\consentmanager.net\NumberOfSu = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PDFelement.AssocFile.PDF\shell\open\FriendlyAppName = "Wondershare PDFelement"	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Icon = "%SystemRoot%\\SysWow64\\fontext.dll,10"	RegAsm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\wondershare.com\Total = "50"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Icon = "%SystemRoot%\\system32\\fontext.dll,10"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0A87A3CC-494E-37FC-863B-18EFFCD7B791}\1.0.0.55\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	RegAsm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6859.32006\ = "mscoree.dll"	PEAddInDeployment.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	PEShellContextMenu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	PEShellContextMenu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	PEShellContextMenu.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	PEShellContextMenu.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	PEShellContextMenu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	PEShellContextMenu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	PEShellContextMenu.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
4156	PEAddInDeployment.exe
4156	PEAddInDeployment.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
2420	MicrosoftEdgeCP.exe
2420	MicrosoftEdgeCP.exe
2420	MicrosoftEdgeCP.exe
2420	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	4156	PEAddInDeployment.exe
Token: SeDebugPrivilege	4088	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4088	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4088	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4088	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4300	MicrosoftEdge.exe
Token: SeDebugPrivilege	4300	MicrosoftEdge.exe
Token: SeDebugPrivilege	6112	PDFelement.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp
1432	pdfelement-pro_full5239.tmp

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4300	MicrosoftEdge.exe
2420	MicrosoftEdgeCP.exe
4088	MicrosoftEdgeCP.exe
2420	MicrosoftEdgeCP.exe
6112	PDFelement.exe
6112	PDFelement.exe

Suspicious use of WriteProcessMemory 52 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 1432	3572	pdfelement-pro_full5239.exe	75
PID 3572 wrote to memory of 1432	3572	pdfelement-pro_full5239.exe	75
PID 3572 wrote to memory of 1432	3572	pdfelement-pro_full5239.exe	75
PID 1432 wrote to memory of 3004	1432	pdfelement-pro_full5239.tmp	76
PID 1432 wrote to memory of 3004	1432	pdfelement-pro_full5239.tmp	76
PID 1432 wrote to memory of 4480	1432	pdfelement-pro_full5239.tmp	78
PID 1432 wrote to memory of 4480	1432	pdfelement-pro_full5239.tmp	78
PID 1432 wrote to memory of 4156	1432	pdfelement-pro_full5239.tmp	80
PID 1432 wrote to memory of 4156	1432	pdfelement-pro_full5239.tmp	80
PID 1432 wrote to memory of 4784	1432	pdfelement-pro_full5239.tmp	83
PID 1432 wrote to memory of 4784	1432	pdfelement-pro_full5239.tmp	83
PID 4784 wrote to memory of 4564	4784	PEShellContextMenu.exe	85
PID 4784 wrote to memory of 4564	4784	PEShellContextMenu.exe	85
PID 1432 wrote to memory of 3060	1432	pdfelement-pro_full5239.tmp	87
PID 1432 wrote to memory of 3060	1432	pdfelement-pro_full5239.tmp	87
PID 1432 wrote to memory of 1764	1432	pdfelement-pro_full5239.tmp	89
PID 1432 wrote to memory of 1764	1432	pdfelement-pro_full5239.tmp	89
PID 1432 wrote to memory of 1764	1432	pdfelement-pro_full5239.tmp	89
PID 1432 wrote to memory of 1336	1432	pdfelement-pro_full5239.tmp	90
PID 1432 wrote to memory of 1336	1432	pdfelement-pro_full5239.tmp	90
PID 1432 wrote to memory of 3516	1432	pdfelement-pro_full5239.tmp	92
PID 1432 wrote to memory of 3516	1432	pdfelement-pro_full5239.tmp	92
PID 1432 wrote to memory of 3516	1432	pdfelement-pro_full5239.tmp	92
PID 1432 wrote to memory of 4176	1432	pdfelement-pro_full5239.tmp	94
PID 1432 wrote to memory of 4176	1432	pdfelement-pro_full5239.tmp	94
PID 1432 wrote to memory of 2580	1432	pdfelement-pro_full5239.tmp	96
PID 1432 wrote to memory of 2580	1432	pdfelement-pro_full5239.tmp	96
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 2420 wrote to memory of 4196	2420	MicrosoftEdgeCP.exe	101
PID 1432 wrote to memory of 6080	1432	pdfelement-pro_full5239.tmp	102
PID 1432 wrote to memory of 6080	1432	pdfelement-pro_full5239.tmp	102
PID 1432 wrote to memory of 6080	1432	pdfelement-pro_full5239.tmp	102
PID 6132 wrote to memory of 6112	6132	explorer.exe	104
PID 6132 wrote to memory of 6112	6132	explorer.exe	104

C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\pdfelement-pro_full5239.exe
"C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\pdfelement-pro_full5239.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp" /SL5="$70214,131334917,477184,C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\pdfelement-pro_full5239.exe"
  2⤵
  - Checks computer location settings
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1432
- - C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\Ldr64.exe
    "C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\Ldr64.exe" set64
    3⤵
    - Executes dropped EXE
    PID:3004
- - C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\_isetup\_setup64.tmp
    helper 105 0x294
    3⤵
    - Executes dropped EXE
    PID:4480
- - C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe
    "C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe"
    3⤵
    - Executes dropped EXE
    - Registers COM server for autorun
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4156
- - C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe
    "C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe"
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious use of WriteProcessMemory
    PID:4784
  - - C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe
      "C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe"
      4⤵
      Executes dropped EXE
      Registers COM server for autorun
      Modifies registry class
      PID:4564
- - C:\Program Files\Wondershare\PDFelement\FileAssociation.exe
    "C:\Program Files\Wondershare\PDFelement\FileAssociation.exe" /a .pdf "C:\Program Files\Wondershare\PDFelement\PDFelement.exe" "C:\Program Files\Wondershare\PDFelement\projectfile.ico" /FriendlyAppName "Wondershare PDFelement"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:3060
- - C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe
    "C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe" /log "C:\Users\Admin\AppData\Roaming\Wondershare\PDFelement\log\InstallVirtualPrinter.log" /dvrname "Wondershare PDFelement" /prtname "Wondershare PDFelement" /monname "Wondershare PDFelement Monitor" /monport "Wondershare PDFelement Port" /monfile "PEPrinterMonitor.dll"
    3⤵
    - Drops file in System32 directory
    - Executes dropped EXE
    PID:1764
- - C:\Windows\system32\sc.exe
    "C:\Windows\system32\sc.exe" start Spooler
    3⤵
    - Launches sc.exe
    PID:1336
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" /codebase "C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PEPreview4.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:3516
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" /codebase "C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PEPreview4.dll"
    3⤵
    - Registers COM server for autorun
    - Modifies registry class
    PID:4176
- - C:\Windows\system32\regsvr32.exe
    "regsvr32.exe" /s "C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PDFThumbnailHandler.dll"
    3⤵
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    PID:2580
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe" C:\Program Files\Wondershare\PDFelement\PDFelement.exe
    3⤵
    PID:6080

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4300

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3008

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4196

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:6132
- C:\Program Files\Wondershare\PDFelement\PDFelement.exe
  "C:\Program Files\Wondershare\PDFelement\PDFelement.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6112

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\9523d8c2bde04a95b8649768920b2b4f /t 5972 /p 6112
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Newtonsoft.Json.dll

Filesize
438KB

MD5
b09dd7bc8db1052267b7b2859448f89b

SHA1
b327bff7ab6354e318a4f0bbb8d4501d13813614

SHA256
b8571bfb694bc5b849fd43044468f7dbf5384f858e561ff72a3a89fac6d43f75

SHA512
313b6f48d3bc8e7ee02e259235f0dafbc4a2553cf6ebf54022946714927876836778ff5cf131cc4b458c29de0a53a14c4fc9fed48487d67f43cbe73dbbd6472d

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PDFCore.dll

Filesize
997KB

MD5
cef6ecd2cc33eaeb8be20f31c60029a3

SHA1
88bdfd23bc113c87c0ac7971764ea9b2b7ac5770

SHA256
14f51febe15cb98bc739b774f98363239c063950a57880b37e97d3a169c7ed32

SHA512
8023197fca85fbf29a803c6c82834a986727face5ade81d5f5a9f275cc69fd78644a77404908ebef81c835e74ca44b787bfa53f1e81602a2355469b0296fa69d

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Button\Button.svg

Filesize
791B

MD5
8c590890f360ce56c5c3b61c7902c8b1

SHA1
2f59b2e0bd786d8a81f92c8e20895b7d5017ab51

SHA256
72c0438f64a47c65970c919e855a7dc9506dbb4b147c25ee3796b13bb5eccb01

SHA512
a89fed6e2000a911328e3ba3d556717b7243689da985c826497ccafa9510f43f98a29cc0d1eff68ed3cccebd1f660a6ed832c9282e65a201b4c884ed3072366c

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Button\Button.wskin

Filesize
1013B

MD5
c355258614cf62c2b68ebb3730c31ab4

SHA1
17ace59b7e76c6c0432040de94c4324160396d47

SHA256
3906eb5907a362b66c1657ac9a40924b67b154031a6c697c9efcfeea391fd397

SHA512
28517b9435de85deeb189a3c53036e27c2b6eca68a9c47f5ade08329b202bb0bdcb2d464dd06f3b1b75a698d14d837bbcdad5760fb8b4f57461ee03f4388bdc9

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\CheckBox\is-31MPC.tmp

Filesize
922B

MD5
f50ed9e5d09a6b6079edb930232db4b1

SHA1
16d095b2f7f658d4ed968308b5d31589a521a1ce

SHA256
458e15295b9056034b52cba1d40f2ec4968bbcb219fc2d5d935eb526e956a2a4

SHA512
1760a50129b8f145ff57109aaddd12750e1b5d982fe49762445757c8a94e20ce51c2d1764005697c116de8812f0c56ef4e1cdb8e81bde75b9e0a8c8140d765b9

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Edit\Edit.png

Filesize
539B

MD5
6d090fb776d2e8a2020d59b9f2e2c74b

SHA1
9f615739f5ce0add86f45fa4803112c10ddccb60

SHA256
369f8970c147c2e3dff6835b379ab3dc7c1c57a60dbb69d3511e10ed6b120cde

SHA512
e460150069821fd710ce661862b1d53c6e5fa797e7e4d69ec4f22462f23d07196a4efedf84426ddfea9edb03f5c4b6bcc92b8756b31f8e11e82d7228d824f799

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Edit\Edit.wskin

Filesize
807B

MD5
f1f835304931d4a937179b9e21f46066

SHA1
759e5815768708138ef9c74d24d9e59191bc781b

SHA256
80bdabcf666cca486a2e799abc7b9fa51696aaa8f8516bb5653042bfc8ac921a

SHA512
f47e94185e4f9757aada2385426f75e745edf3cd54f5049aea9cb7a31a68f08093584462f26b8db3c7daa6b0a0943ecda1d988473efab735b5a5788a5b75fe62

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\MediumButton\MediumButton.svg

Filesize
614B

MD5
9669def171fe650ddabd1530de47f51d

SHA1
4cdb1e9701b13f6aa75023b6e49c3ed19aa609c0

SHA256
a8c6c151730fc85d937b2255faae92c5618ddd80ff84a6e8d6a69510d3c0f848

SHA512
134e8e78108ebe58e8df46f8a67f193f0f646e21fbcbcafafa8aee225365e9de656aff702ea65f3a2d2c0ee040b7864b36acce79806090229f8a0992c6ebb771

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\MediumButton\MediumButton.wskin

Filesize
978B

MD5
5b0da6837f359303f690973b393c34d2

SHA1
da28656914159d4aec3f04fb519d8bb6a0f7db16

SHA256
49a45bbc8f23a2cfbca6fe919fe8b5db8bd6c5cbac899ed8957e710f3942f015

SHA512
6e32dd2e86dd692a12deff2c1fa6a798a55d1b0eab5e946b10188008f3a5f74401e962b695b4d6743deba836e71be990b5fee37865600066fa897a25b4136b70

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ProgressBar\ProgressBar.svg

Filesize
213B

MD5
89c167b175911549ed00f88c9d7abe37

SHA1
657e6c877cc38ab23e40f95e2516c95b39971b53

SHA256
58b424dd89a3b2551099d3d96fe7f6f2a97cbc4fc07f7859bcd4a519c8b95a9a

SHA512
e9d2eeb6c2cfd547ae4fc96840e3c0f0b13bdbaa7457fec14fe7493520dabee33913989ea5228edbab9bb67b3cc5a25df64289d4b25854c8ee8ce04cbf648861

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ProgressBar\is-6NV45.tmp

Filesize
541B

MD5
e89d8de63957786822e713032b400e4c

SHA1
55b4be584ca50cb5c5b5a9f3df93cf4769d4d7aa

SHA256
c3326cd6f05121ee9b91894fb5170c4d6b19b1be80a4fa572219ecc8dfd9da7c

SHA512
3ffd1071e9ee10a08f307ae01c99308f503f8597ca9edca63b32f044f70cc06cfd07c246b55401fe50c29a9bb1ba0cf22fb59583b96622ca09c2b255f86770e1

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\RadioButton_Checked.svg

Filesize
619B

MD5
10293900935d5967f100d0e778d638a4

SHA1
0362490c7003c7a391ef18742ff3a7b52904edbc

SHA256
f1b5c5fe35c952b4ad4ea814441ded0f6c4633e79366e396bfca143f0a77e9cd

SHA512
2c27fdbc37c28e75a2da44e7aadf7fb9f33e1ee24961b808336f32f9a8969e560acfc19b046ccb54f3e292071cee63c70ea832195f3545e6a061fc73021ab87c

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\RadioButton_UnChecked.svg

Filesize
415B

MD5
7b7792eb780d0308d55fc4824a8381f5

SHA1
7b2bd8baba1201253f614979984fc1b03902ac96

SHA256
9c7c3bf7a219567ad97628691485f8858cab55457706b5fca9339e7632ad9ee3

SHA512
246a208ec79fbd8cabb566a4f843dc02622eb5162ecfa342132b0342d6f3efc02f8549680130f1d99b70d920b56044cee91f2819e845476f06429049f24a3cb2

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\is-M1VGD.tmp

Filesize
893B

MD5
62cc2bc68c8978e096a58cf330a2ace1

SHA1
27741298ef4a80f66430fd85d3412224c03d33a8

SHA256
4e6aee0113892460268c920d585aed0b76729807c5be540966bd5f6a5c8e662d

SHA512
ef3357cb75727e69a8f097b3e9fe253f9aadb852689e373ed0c36ba7f9c57ab8ff2ac3be2b7d27e78892a2639f5239e38684d5e6e19c066afc7efd0bba1e75e6

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\ScrollbarHorz.svg

Filesize
229B

MD5
e754688b0a34390a1348ce480afd9a04

SHA1
fa94cc2b89600c214c177f27aeac0981927845bb

SHA256
6742a3fcbbbec782f2670d1cc1de61a49219cbb15483ab9bf0a557c2ce307f66

SHA512
1d4cd05138f2e64817a02969ec47b459dd4c7d477903861cc8f280b7f6679ca7697351d966582e4149aeb7965ce8e050f29b3c2e6422f4b71e76637e23cfd201

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\ScrollbarVert.svg

Filesize
457B

MD5
c121db36ebb40df32ddb2da1b5ba86c6

SHA1
3507f4581464986783acd1fb6f828ad40d2585e0

SHA256
b882c415ce076d2c53088d6ba4ac9f0988b329a54e0f27c75689915df492f095

SHA512
312b7536cdd8db8e87e79a73b6085240f408c86cb1f8fbd355a2d87230c333686e4e5a21d82e6446a4c0d7f3409e9011f8d372e5e549936ec61229608c2f0129

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\is-68LFI.tmp

Filesize
2KB

MD5
d9c28630e01bb75c16a8d9ff1f022908

SHA1
d261f522e767f9a59bdc69c1e50abe09eed1b578

SHA256
7fdafd179a23bf9d7e9d886fffc54fbd91d467886eb07ceea49c6810d6af5f22

SHA512
4d8cba33574ac3b0bbe328e83c71d2238c72563567b9b265b709a4bfbe85c2f47e5c902acb8cdaff335f907e0d799d9fead22eb94a45ecf4941d2415d25b16bb

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit.wskin

Filesize
2KB

MD5
a6a7c9d1c8612747bc8a407b3f3fc821

SHA1
7651e15ea5cae50c5722aaf802cd7c0436c551a0

SHA256
95c4bf6522241e24079b88b6010a288ae0e78fd90dcf9fa8bf0b8581de080e2f

SHA512
e3b18dcd111057385fd3259ce40a2f87c478e9da0ea37aa893879f0df137f1e13265c70c0a7797cbbdc6e6c6d4ba4ae5828730195a7840d0af9bb9fd0ed99a25

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit_Button.svg

Filesize
251B

MD5
a0044ba1d97dd4ef0d35c9ebcc338476

SHA1
fa0880ad64400b6c3109df02d35974b41cbd4574

SHA256
5a1b887eb653989cfc52895026b4b7db05a65096a54d473c8c7bbdbe5a81499e

SHA512
47f8e9a2453ef0bbb530292b111c120f4cfcb38890512f74511132a173beabb44ae3eea3d1ae346a8563078909ec9738ff41a238ae84d5194ca41f1f654211ab

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\is-96K7E.tmp

Filesize
306B

MD5
c02593a3d7bc4c2ba798c19bfb4bd8d9

SHA1
451ec6b5a62b40d53c7fcd646f4dd9e0fa7efbfc

SHA256
fcda27a4633a60821e0d18fb444945cc3600ce7c41e802d8e681992f795ed25a

SHA512
cb27a9a7f681f6977225ac33d0ded42ec6de1d9309dd4130ae95443f597d5e86e06e059d5b74007804571b37c2391a5cb663b0bde61b3409f2b75ca65f72ab6b

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\RibbonButton\RibbonButton.svg

Filesize
213B

MD5
239181d168243ee24b723f3bd74913ef

SHA1
924e4ab3f10bf603a04848a7d1d2d5ac12db3444

SHA256
0873872810f9009911c552349b044028268e1387bc9125fdbb80f936a9018270

SHA512
6660c77581907e50fdb70ac27defa368b7f47426e9a2b6f9deb020b1a315c9c250fccde69d4bdda52433b8ae5c2a248a17ee637e768300244cc7750b6dc16fba

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\RibbonButton\RibbonButton.wskin

Filesize
529B

MD5
9ce7816dadfcc390680c774f322c3243

SHA1
b6792d664f55e36258aef5e3ec18958f60684918

SHA256
66ef5c706e2ee0829f7cc106c2bd01153be7f7c659db0dfc1aeb72b0fc0c13ea

SHA512
919de43a7207e0493d84c18723e6a475e7a6694939f16654b1da7e69a1fc9e50298fe8a9b57267629d72bdb90fbe45d2041c736f761ead2444f69701151110d7

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewFitWidth\ViewFitWidth.svg

Filesize
1KB

MD5
8a0d3f06dc0782e26647f599b9849c90

SHA1
51c0bcb04fd368d08d5716bd56a9884c07e666b5

SHA256
caf94db5b9653c01bcc2b89036974198ced7e9d0802b1ac6fabbce827984e2b0

SHA512
24aba91a8baa7972bb8a4335d5e58ecdf3b30889ac41f6007a0f1e3dd2cf2a9d664f68b0098af9642df9d07e8ad389816eea49a4f8b79aaef207955a8256f0ee

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewFitWidth\is-UPDFS.tmp

Filesize
456B

MD5
502e2c2b608d8cedebe01b9a754a9d6d

SHA1
23b40e207c27469d996adeb7019ceedc8022c9c3

SHA256
c6e32814fd42ccb3217ee42ebd1a83c2c63b76aac22bb37789fd5078361140e8

SHA512
30e61215b7b81d9a8b9dfd51e74b8d329ae1c598bb02d32424b63013447d31d450dc44543ff316307d65438bc8a422a59ef1b9d0ee04ab2ff64d9e7f596f40f3

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewSingleGlyph\ViewSingleGlyph.svg

Filesize
1KB

MD5
2362989d4a7cf5227bdc0bf30337f2df

SHA1
ee58d97f446b5edc95f933e2cfb8ed5ce054aae5

SHA256
7b310094757d62eed58bb1cb62381f5318dcbe4466c1a604143dfc198c149568

SHA512
ef441963f77f3b073d513980bc742daf9e08b70b65d94431044d23862395f4f5a6d5fd163046fdc6450f5fbe2ff0da82bac32f14e7658eaa84bea3b5221489ee

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewSingleGlyph\is-TRCQA.tmp

Filesize
462B

MD5
d228a12379dfb529f9c0b31dc8e37f6b

SHA1
4ccef3204327fd462f8a4a1484b2f16a728abb30

SHA256
3e37d8666772d69095297b0c961877d66387c1cd80bc12529baea62d2f3cab6f

SHA512
8a21678ecd89a4ec4ca3d8a5a7612834258bb6e8678138ee0afd0d1cd5411cf1d0424186f5ac6ba34044c67e22cad08bc670c41d672440b90eb97d5eebc9d62e

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusButton\StatusButton.svg

Filesize
213B

MD5
cf1be02aa0463d8f5664b03f73a92f5a

SHA1
73fba8e4867b2caf023c2c4ef2af3d06b95bdf89

SHA256
1303f89133aabbbbd8bc50a3eeff9fb3ee0df3517c866ae20f6105f8f3246ef1

SHA512
c6d71237e14188ab0de8e60db11c4487482abe736be0870667d7eeae38f936b8b2a37160771b405141595da80882a753ee6a42a71206a2fa8adc39b5770d94ab

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusButton\is-H7OOQ.tmp

Filesize
440B

MD5
ff3565fe69b2e37977b8210981ed95e6

SHA1
8cf48cde5b6442991e01d1530c841cb6d190e9a0

SHA256
168aa6a8cac1e4422f8b0a9bffe15b0a16ab5b1d42aaa7b5b7f05ddf9daa5446

SHA512
51242ec71f0ec9a6d906075c00da30ae943cb41230f43c7f3ffe5b5508e8615c7d7bef49bf3b776e292b738604598e23bc919a087e266552857cb6986a912f65

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusNextPage\StatusNextPage.svg

Filesize
299B

MD5
39a9a94fc06657e7739dc9a387b5ff05

SHA1
66c95fe764109dab48b7ddc1286c82c8b95a6b72

SHA256
6d4494d3391748800554ceaa39b517211000f4100d93cb3e0c8ea767f7a97c82

SHA512
a4618d12f27736bebd3ed85bdfb113aa1785fb3106ce5d3df5e1be01a6c85a420fa1a27c13e5d924cad7a7822bbd4e150e4a04504144fb12d4e27274b032f43f

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusNextPage\is-FANFQ.tmp

Filesize
460B

MD5
17a2e8f56f2f8d8a3c81119d9c89a510

SHA1
9f88e5b16e7cf9775bf51c98958499329d68ccbb

SHA256
887cd8b29614fd05b9299fdd5cea9ff0d396f11609f50fafa0dfab71875648a0

SHA512
b764b9a5e0783353c70c880eb9f2d657d37ecfe1b4ccb2986497483a1f78dfb4a3bdea7a66b0db33f43beef682e500286985b4a79383d2c6bd278d42f0e9dddd

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusPrevPage\StatusPrevPage.svg

Filesize
295B

MD5
527e37170d1580a98f42ff05cd2dbc31

SHA1
aca77d886cfe754e2f79f2f73325c6f01ff88548

SHA256
2deadf23fef1ba098b209b10a2c6925f60db049576ca07c39db8906c3493e1a8

SHA512
dea7b3622acf72c33671b10ea9d352543ce507fe35eea8bee670ccc9e1fa0a46de230da77dee393ae9d7582de1448641d551254b532548652f15d3cbbae640de

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusPrevPage\is-AI2FE.tmp

Filesize
460B

MD5
ba559f73e766f9d9316aec311e3012aa

SHA1
7fb4baf18ec17480153392696fa63ad90d8d4f75

SHA256
9369c869a261bf6f5abbb65dd0ad11dd41edbf4288f5aa9be1d0f9858d4f5d8b

SHA512
1000a000d8056fdd4caac99f676c4ba216709505501bc81c90b32f345deaca7be311531cb018ba5c08b819492abc768d17b7506b0cbf491f9f60f422dfb8033b

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomIn\StatusZoomIn.svg

Filesize
440B

MD5
37152eb8b181541211befdbf774793f1

SHA1
d98a63c87532e79f475967d0b004d732f4062387

SHA256
abf832d3de32a43d484d99d388d63d583455221c8262bcada929d444446d3fcb

SHA512
688832a50c4f8e48fd418a8dfee36885faf0c495842168b086214e1ae05f2e119f201af8031ff78589131402d31de860bfc03b211bd15177b1587b265fa57c24

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomIn\is-F1FEO.tmp

Filesize
456B

MD5
baca8e7fcee3a4c63878f44fc5fe1f8d

SHA1
3afb6c2697827ee79661a516a8803c95323a80d2

SHA256
fd02f9f8404ae4a7f7c27e4a12b1e341d93476543cd188ed98db6c3210ff3c14

SHA512
0e2831a2c71acc33b7c34456126befd451926c2923011eece2b2a3552b41aec9868a7c1d2ccf3b64d340a53cf973d3b425be818441a8a8edb9296e78ff19dfe0

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomOut\StatusZoomOut.svg

Filesize
322B

MD5
1205e43a518e0d0337414ca50a3b8f57

SHA1
102491a641e5eb1320e6d9e5d8c7e4c75e3a4f39

SHA256
986b7947ec7bdefd5eddf19f34d0bfcd2c7745c3dcf54c8ec1364745d39f3539

SHA512
460790e2751cb7b518aa0947d5c6d9fea739a5c688883e881dd3730c776f3efe7d6bce81f89f9d10f88e91e29ebea758756317f7b54f9df4a00c04f07bf3222a

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomOut\is-KI4I4.tmp

Filesize
458B

MD5
da0860f38460a20b1df68b12db5d709b

SHA1
59e34a02ebee88a244b00ea26eb346d943e302da

SHA256
c9e1b550bc3b61a76c5f6dafb22143f4b7155de75308a887e220b9d399f426ef

SHA512
68431816d8db7f5b4b6d4c00d4074f5042c3aed98ab3d2db9fc5ffe9ece269695a4c96d9297bec042bf1adb3f3ba872e56ceb26429cc5b9300132832ece399ec

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Core.dll

Filesize
550KB

MD5
1933eff2930539d057e942545a02da2f

SHA1
9022420d724bdbbf1180632c5a7c7e5425d96716

SHA256
b76dc4cc4d844296574c0f0703ef4909b1aee7a6927e61d49ea614d3bbac2079

SHA512
3151600b54e120a0589a188661579aa7cde1b7b6abc8ffece20a705b47f5f557accd8a4e17ef7b77905defe5259e0cc3fc5e5a0afdc16028f35a84e043e55ea3

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Ctrls.Html.dll

Filesize
534KB

MD5
87a67e76e03d6fd70c0cc44aa2d8b748

SHA1
90b13a9c9f8e73eb60df333d0b6254db30b9d453

SHA256
40cf055c2e6946b3f122ad9befe78f34b14f132516b765f10dda7972ee143037

SHA512
189b414125f30b6b33d6122e4048df9fe1991f8fbe168ca624919e6cbb08943b39cca3c42debb06f11bd446eb1ae957f07a8ace8f87b51c8fe97ef9d56d65091

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Ctrls.dll

Filesize
1.3MB

MD5
83886d6d8a98d9e769ad220f85ef8687

SHA1
dd206bf8bf8b90d5cf1c571bc8be5d994c6a1886

SHA256
fec19513bd2908f0c96fbff890d17d4726bac26abded6dea3a67234f1db0ff01

SHA512
e7e40f2c896c545eb9eb9ee9eb034968bffb83322f5149143ddd176cda36957653c048248197d33fd056a75ee4e378c9f76d5e8e4d5cd93b27e27dfcab3be9c3

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Localization.dll

Filesize
39KB

MD5
0d02b0745fe9f18e25096a5d7a424084

SHA1
811df971f147b005a553f4e7509bd697c56c3b61

SHA256
91799d0f760e4acea9609e59a1d8e7730aeec1d076eb2f78676d77278bd7442e

SHA512
bdc3c2aadc4441e212d133e61fa3dfe25e4ce9df89806012bed9f76a32b4ca8eba678ada931b3083604f0dcc34d82c6edbef7e20c8a996c5093d9ae72f7c84eb

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Zip.dll

Filesize
111KB

MD5
69b043cfbb033cfe31b10fb95ff36c6b

SHA1
a2b9425366f6c0460949a7f762d31a2415f95047

SHA256
11ef85110aa31d42e5e238ebea05969f476fed23c6f40e41d33a882e7147b986

SHA512
bc9bf3ade6c7013fa9ac234776c70ebd80df1897ff33997d434b7e0f323650b401898fb310ff03d61c98e050bf5caf821fb286afa7123c3117e8a56f5060fde3

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Chinese.dat

Filesize
1KB

MD5
56c39e309af1a6f9bcc9ffc6c03787ab

SHA1
03adb1806fb642905168d3cf0c3c7928257ad995

SHA256
60744af893268566873e00dfbb71718c25e0ac97fc456d494ed803e75d87c60b

SHA512
4db422858c0765e5c528f70d46bcc0809bd496a44a7d4b86b35da17888652ab29f93663010144cf9d2dc8123be8c58162cbbb7ee5f8a2b9499c2975235e1f99e

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\ChineseTrad.dat

Filesize
1KB

MD5
706af567453be6c24fd3164ae1bcb256

SHA1
638755694ddb2dcfe4bbf6da1fbe7298ddc4bcb5

SHA256
e9ee5c6b861cdfa443022cc096b174fefc84639d62f61a520da82d98051da3e9

SHA512
53f9e5f4bbc4bf609081f33ebb5469e386c3dbd9ec1215bde5488acacbe4c9fd66fda03e9e0c83060464fc3569d96b9f787fc45f64084ad65ae4906113a21cc2

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Dutch.dat

Filesize
1KB

MD5
ad74da81dcfecb23cc239cdd1cbc6381

SHA1
26b21325493dfe42f58d55fa075e3a772733b640

SHA256
d9134eff96291502ffde4f4d684ca1f486ca4fdded342e14b2cbdb1463a4a184

SHA512
635d09b3529f3d81de51852ce35fe68cdd3a6964136dac4a82c2b0b68001f4b7c8f0873526d965b1970f7aa5a15f5441ea2f29cf47ddb5ba923c1e0f6ddcaeab

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\English.dat

Filesize
1KB

MD5
87b35a58971d43918c25802b198767c3

SHA1
3591273b4d085835287037b4df5eb08a812196fa

SHA256
8449657870b5b04cec29b7369258eb44efcb2ac136a88f0c42bb20d29cb4bdb3

SHA512
5f7445a0cb8d1a2bba46982ea6618e999f51dee4f5301b66ab363798e47f92c7cf2fc61d464f8d21b86f4068c9d4ab44c63b8f8ca71cfc00b5ea3a4da5b93ceb

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\French.dat

Filesize
1KB

MD5
a44f4ba0372a28e623e63b740b24af53

SHA1
a3b067cb96a4ab2122ebfa7e1fb695b24317998b

SHA256
1c5fd0e622d03d80f0903c935cb295bc13f5f5025a7576780570c0f9522a80a3

SHA512
f02d5beb273135734205220b0d3ac4bb942210c7d6a5b33d5d39d3253bc25d82952307c39e3831cdd8d72984284522c9b65149f6d3b836ad55984318676ba4cb

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\German.dat

Filesize
1KB

MD5
86803d263c970c6ba8092096034b80e3

SHA1
f1bf5e19fd8c83aec64725777fce44ff2ce92d1b

SHA256
257d9f9d7ffd4af1dc1cdc17947aadd88454fb83a72aa9febf3e06f170ceaa7f

SHA512
558be4d72885827613d9ef8322bbe05ba24b5f04e11aa8709c5250aabbb676cf42136165bd3489cc607ef1d75ff0b8032290660bf27393341528e392a0794c24

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Italian.dat

Filesize
1KB

MD5
c9893256f33cb1047c01483974c9f034

SHA1
73c1bc8621dcf556b85e4a7aacd3066cb9ccf8df

SHA256
89637178e756d5b847d50132919f56e450f9b53f362a59197382e787c7574f36

SHA512
16d012318658a1ddaf7e1d70ae16db9c0a3176fddc5ffb6252f24e9cdc2e156551af3a07cbfc476ffb553f78c255c1729a2fe256ab96cfce3faac2559bcc1afa

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Japanese.dat

Filesize
1KB

MD5
2a5a949092ef0080ed33fe8730b67502

SHA1
be1a9fd0f8a00aaa85874d6f794dc78fc773d4af

SHA256
ee654d15a978f1a10b0f245cdea5aacf2e64bbd2a46087fe07913edbd204c9ed

SHA512
acf48ed619b4bb52b6f78dc18e83fcf4603a604bdbe963883a240c771b80104d65c533cdb2661c9c8657ec0c30c09ed522362d074736fd27b5bf101777cfdb55

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Korean.dat

Filesize
1KB

MD5
6a2cdb3374539d30e740faee4efc199f

SHA1
84b5a967f3a36c680ddf793a73ffe7903f5c0f44

SHA256
ca854fda32b4a7d162551e2a3528e4e05e4ca0cff4b01571b6b2fe24c7523cfa

SHA512
c010d23f34908c7d9793a8522151b57d7a6c6afd76bf9087d9bf6086f006127e69d91e41e2bf27feba9c9b9c1416a5a426261504f4d9d43503cd988fd2e6de60

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Portuguese.dat

Filesize
1KB

MD5
e728781bb89a0b7a3ed0e8bd3b69095a

SHA1
fef29889dda8cc0d9b5fcd3e921db1dd30de3e2b

SHA256
5d2b2ab441654a460d1a6f544355dce35d564cd85422c5a48ba0f5782cac9fc2

SHA512
1d1b347bfa9dae9f0ec5e20c93d3da59ed4fdf684e43b0abc0673052b38033d1eaee71a663ce917458215ed7792853a5c65cec2c7d3e7ae35ed12e135cb4dcbe

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Russian.dat

Filesize
1KB

MD5
f24df3f1bdffa9bf62e5469baf7b8592

SHA1
99cfb37c1c7bffadf67cb270454e55318039eb24

SHA256
728f2db1ca5fc65b181e561cc768ef70a752edfcaf65deb39f380af07c6fb3d4

SHA512
82f565a2375538093f5dde48e103754765621016c1811917bc6ace6592857a3c70df90df40042d2771de0dcbb1eb36a1bcffc1faeed6523fce2db0517c2f5006

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Spanish.dat

Filesize
1KB

MD5
0812951e0c76719e77ac8b198540c51f

SHA1
d78d9cd3cf36bd96952b227ceb22bb1db4aa5d6d

SHA256
122df514ae77cceddc97ac24d232767347c5ed8303ac27e04a77b485fff6ca69

SHA512
4cf9da6cb973c5e3958ed8204305c25b66261bd51f9d0c3cab235498a0549fe711a9f7b7a6b27a4343ef7069e7de1a7debd92fea105e214d81cb47b8fbd76242

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PDFThumbnailHandler.dll

Filesize
316KB

MD5
e0cbd36c28d487f1bd9a1a50cfd96dca

SHA1
d20476dfae233bb1bac76f43fb5fb985e23db0cd

SHA256
74492088b26f2d437d8a61bd608664a40eb5ecf570a7911bb4a9ee974d8d4804

SHA512
6d03c27ca65a94def8ecdaefedd06d642cf3bc0c95c979d7d3f8869d0bc1553662f7a27d9c8b97e17d0ad6d6b25ea2f6af09eb47133da1a622cb0dae5da80d4c

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PEPreview.dll

Filesize
2.4MB

MD5
bef98ee44d1b3881454a59e8f2e9d07d

SHA1
e9ab35cf56ab9e3f50cd2e1fa504004b43523e34

SHA256
6becaf49b50fefe7bc86a11f947424f9f90e89657e82fc92036b08c02b8517ca

SHA512
f21acd61ce06e9e756e5980d824090a56fa575e6e3b688e3e3b52f78e5602ab7371bda5bdf860cf47d7720ddefd3cfe955a51c9b1593f38225adb85ee605777c

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PEPreview4.dll

Filesize
2.4MB

MD5
541ca5524bcd654b6c6e7b07e33bb33d

SHA1
a75a4723e51504a11e8cd4552a337bb039135930

SHA256
6e08efdb4ed342144f59bdb88b5d6d051864315e499031dff7075f88e2087a4f

SHA512
92d0322c0557e2243668326f6474457cba9814797fddac55e9c4d5eb46846fea631a820daefad3a3c16c0debb32a074d4845382c5cdd910078717172b24441e1

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Button\Button.png

Filesize
2KB

MD5
ba7c64064ceb4c9ac211b5b281a96d0d

SHA1
016199a3efa2afe97159ef2b15ba776c589726bf

SHA256
60a79c6f41416687431b7a68825ece081c320a564cfa0c38b2b316a2ef912492

SHA512
e0b07cda515f50a4d99b6ae14377df5b92d03345fb2a4fb668ff47031c94c9abffda37e8d8c7c0cbbc68fc0dc1df6fe4c2da4b165bd3176c96a92cb7bf56398f

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\CheckBox\CheckBox_Checked.png

Filesize
702B

MD5
170b516f06c1addcc8a073f9656392df

SHA1
644da60fb0342c200d5cb12370fcdccc87214857

SHA256
b2e16e0358921374d57852c31e86534b45a47af8bb21c7ae0a7a6f54ddc694fb

SHA512
a8003fbf46453f345e954a5ea21df450e7eb016460069225943b9504442ea27898235548835be696149bf263240fcd7d1d9d30318113ce9ff76fe6cd22804be2

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\CheckBox\CheckBox_UnChecked.png

Filesize
412B

MD5
44dbd8d220beb94d4f4ac0369bf12f80

SHA1
d7ac8f4e5ff0979bd78f8593ed5c673fb9ea1b12

SHA256
bb70de8ec5b6dd19acc95fdbd3b42ba810e0fca4809482733073021b36d0e8a4

SHA512
a0fcbbab4e498ad6b2e5a45aa9675c9dd60d09e151c2b24b8b56f1e26bbf19941bf90939ea01726fd150ae17b217cfc1d31586ab160db66b90ee2cf051337589

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\MediumButton\MediumButton.png

Filesize
1KB

MD5
6ea31102097fe7cbb13ba56605556671

SHA1
87d40bbc639b0e7bf13b7c5716d7894493dae499

SHA256
7bf30c184193541480b8ffeaa9659101a39bf2d72338fe6c425e3aaa2679d3d5

SHA512
a02dc4041f4fa83c266ec2f7b462a0166d48bf8d907d406166b588d4db0493f13e210889abfc45d5ef1bf0ef7ef0ccf7ea90010a942b1ac86260e00e26c9ddb7

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\NoCaptionSkinForm\NoCaptionSkinForm.wskin

Filesize
2KB

MD5
60445f3eb1329b459945a10f8b30d231

SHA1
25bc36d77866d1fcc2af8b0f0c2933c32127a3fc

SHA256
694fcaf578714661f4450dee9de3cffd67aa9a92591f7849e427aa3634802363

SHA512
436cd050bfc5b31d73b0a3f62732b1eff9dd8bd57585c27fb02df3b1b35112d2c81c3f97ce2e3071c41c37938e1dc6f3b84c3a9e0b4b1ef7f0f32771040bb723

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\NormalButton\NormalButton.png

Filesize
345B

MD5
81a5efe9b291d1ea5494662c155fca24

SHA1
c6b55a746b20220297e233abb5920c6b168cf1c4

SHA256
a202e1eb5289f8c65935169098a95f3917ec46f6fd1586f47b328d14dee9ab4c

SHA512
805ca9d416fa2f97c25fc939210a7512023e262e6f9081cb9fb448807766ace9d81ed83c4c442a037aeea56975771683ce516c84caf12b0d1d11c05da25a6364

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\NormalButton\NormalButton.wskin

Filesize
650B

MD5
89d1b7b15b31b0a69f788422bb08d5d7

SHA1
d793ad0944e51f8be3089e685f6f3dec4c9062a0

SHA256
ad30392e1b79a35fbacc5144226ddd1c6a0cdc44786f138a9bea54eace03491d

SHA512
5e75c953da9f3bb3840df67626d2bad9b1765c61a3a7c6cccbd9d400ed90524dedd0b96fe0d01fece074fd4992eb0aae75b93eba45811d05be121e9e1035b969

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ProgressBar\ProgressBar.png

Filesize
336B

MD5
7cb6ed874434219d6bdbdc410c203c71

SHA1
4048091fb201d7e73604d049261e30c0b1407def

SHA256
0748728fa125e2b04d50949404b5161bf80bd4dc28468073685ae7b6ce9329ca

SHA512
da64418aa847685550a7cf1c63ea60d09fadc7e9f4757ed14bdc7e695a426b2f553538575bcafc107e2712ca53d444b18b200b88d73599550c9aaebad324e85f

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\RadioButton_Checked.png

Filesize
1KB

MD5
036f3be175c9c713dbf2dd0eee044f4d

SHA1
58a0dde4cda725da9abb39b4bf1fee7fcd73fb01

SHA256
79af67144aa98692fa1928d7d5c19838ed2db4ceaca83d1615c482a9069ca92c

SHA512
0e1e61efeb9738b4bd8af190c3d431f069448c5d38835406f6e1ce9b6c9275f00cc8ce7680aab59d1ad8a6156a543d54a52d5f2a0a62c46325b65d2dddb1e608

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\RadioButton_UnChecked.png

Filesize
993B

MD5
8b68a34c8c699adb4fcd6de06b28e97a

SHA1
690366e716687dfaedb9e69f1deb0d833932b7ab

SHA256
1bf92b878211cd181a7ad1ee8fc2dce19bef673db5dde1161bdb03400630cdc0

SHA512
d64e7ca256a1d0d9867ff77625aa34f07e2624259ba6ee9350d48ca1a3454a5f60a2dac21d77664fefbdac88a03a21f20f7bd0bd1ace1e10df7a836143111e03

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\ScrollbarHorz.png

Filesize
465B

MD5
dd47bf3b2daf0270bf219fc85b7f8c0a

SHA1
98fb68b1d086a829deb74f908013d754b376a996

SHA256
b72bffb8d2894375d052c142f7b0ba401bad232666db2948726e6292b0fe66fa

SHA512
87bbe1cb3321508ea63e61b9977d63c511cb1a8deb59b5ea939b08881b09d512ffdba2760f51a3284c4957162c2ad0a935ac55e63bdae151b97c470b5b978706

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\ScrollbarVert.png

Filesize
478B

MD5
39da31d0c71a2f0ed8b18648e5d41249

SHA1
be077d7b0aad2829d74acad99217f43af39454ea

SHA256
583a13b80b59ea05fff1617bf126320a4c7f413bb0aff8ff67791729ee3f3626

SHA512
87de74f7b52a07dc4ccf5a29624eb95a3688488b6467fc1f0e23c45ea0998797acca8dc27ff0d163c5c348b4e07c38559de72743158af94305b673cb158b6259

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinForm.png

Filesize
19KB

MD5
d3f0d6075e72d7b9ca4451355497c900

SHA1
e8f476d1e140a1f475638d5a96aecdf1dc728289

SHA256
7cf137db7a8b9f791f66ce3b3080748d6c2d44a1fcb7676653330d875d6131b8

SHA512
9eca094bb417218a98d86ebbe4eeda26be38355fb0d9405204aae65be8bc62f5e76738500fd9dc02546c8880bb22bbb62c70bde22729987980e52de1d9761a57

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinForm.wskin

Filesize
2KB

MD5
58d5adb315bd16819787d1a572bd78eb

SHA1
2959306079cdb2a50c7b0f55ddf5535be6ccd074

SHA256
25a2f040c7636fb3bb20a3de3923606ef93cae256dad6a967cd7745f990147f2

SHA512
a356cf2500caa4ccd96c347bfc4660ad774927ab37b05e129c4692eb453c3fab1ee476fdbca3efb91af0d70035666c149b83080e2d068a9899a3a7adeac93ac7

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinFormCloseButton.png

Filesize
870B

MD5
e744313ff8b4364d38e39704eb090881

SHA1
abe659f72bcae552f36a9c31467a71c8c590db06

SHA256
0158f3882ea0f491f362bc246ca5a8fd88ab3cb15389a3e6fce3d9faac585d93

SHA512
88caf470daa21ce3f62f600c27c7960f91146bc7ddb22e2b560a1539b0f00f650101075d4dbf41557dfab052ab476ce7b0292fa5c98d3a5001d89d0faa69c394

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinFormMaxButton.png

Filesize
406B

MD5
88985b69af9b0cd14ba98184b9bc6b21

SHA1
20db3ad804a09f73cec7fadede6f1c7ac30b042a

SHA256
72c258565cbe251cfa8d4a5ec3d44ddecdfa269ede279abb2cb1c48a7bb88ff6

SHA512
7f8093e837add62a159313344706b4311a858cf6c59ec96f378df0fa0d6f0d52cdd983a4e68eea52844102954b28e83a041c4cff6301de0a401c9a9b9824fdd8

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinFormMinButton.png

Filesize
320B

MD5
6e0e9860c072fb5ad4a0ff48b2fb4620

SHA1
426056b0f0f186b786d0b9bb4b3c45fb1198ecc2

SHA256
2c59c92e53b26674a137dfede5c108316e262762f6142717b4f484fcd5b93de5

SHA512
9633dd775d33f07d1db208759e99ca9295d3361b875276d3912fdb192c66ca26bb4489b043f49f4cd97eed70125f135425b86524fd9991538e851f1daae3e457

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinFormRestoreButton.png

Filesize
426B

MD5
4e3e565a6302d18b53224a242ff7f1ba

SHA1
e7041c12df58ee3a84f65e079e55b081db7ceb53

SHA256
b1f91b0efd5659dd4aea356ea0654397ab7a1ba7de4111b6ffd51942d14e2a2a

SHA512
cace19c14d2ab0ced634deb46c0716b0a533663d229f9551243e70440d8ea304f2e3e557dddeb11e34b13bd793bdfff391890133e067ad1e31e4549295735b24

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit_Button.png

Filesize
173B

MD5
ec6c0f8a64d5febd5873b59b55776ec7

SHA1
39ea9ba8999edd7c521ac88fadc56b097128c8c6

SHA256
632a82957334ab83f08abb6fda3bcedc5ab9e6a69387349bf8969443ab900bae

SHA512
bbd738b57ea1a55fc29f51769d859e485f9d1dc68ba52cbf0f7efd33d1a8d797f3fb552ad1d7507a53aebff922c4aa1b98def7646b7af5bdec1f799a1ad4558b

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit_DownGlyph.png

Filesize
249B

MD5
ee53eced329d40ac319016dd868c8011

SHA1
a3ba9a98eba7401930529d52c53c169ccf7a6d5b

SHA256
f8081cebc31784053cc199dd1ced1bf27cf106c127b464586ee82d487289d07d

SHA512
4bedf790c09dbd152a9617187b50c3b6faadeeb1c7ed34720813417220b0ab2bff8a99256a1fbea714be89910568beb0eaaf2b24fcaf6106db7c5fd851c4343b

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit_UpGlyph.png

Filesize
243B

MD5
ab6e2db10985e3b4d06e733a686777b6

SHA1
6dd84d47107f4fb1254ec3651198936a04783150

SHA256
7999a7515e67f5b9c6d50d4469fb46a6a148da9d78e4d7b73c47103228b284e5

SHA512
7b88b1bdbe01e138e6a5525d09f2c8ea7db3482d1253d9f46b21c06dbd5e8d3b3c064771214fc96eb2da1105014b252506499eb3430b602df78800aafad51b69

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\RibbonButton\RibbonButton.png

Filesize
173B

MD5
a704c1d6a819e470e62c48f9e2135f02

SHA1
05b1fe3077d813ec2badd579b073aba8d0d960c9

SHA256
4552e2be55cbc44eec1da8c0eab075bba4de142c4bbef30ad590ac2c47de6513

SHA512
43c80ffd9fd9f1a3e1f987766db684087c90c301a18b596084130895492581d3cd7ed74cbcda1b4ee5531a8b03c22a7da6432aafe6dde0152bd6a54a477ad7ad

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewFitWidth\ViewFitWidth.png

Filesize
768B

MD5
c80695147ee86f5d525ab7f402d6b6f4

SHA1
5b687560fe7f5a1ae6c897950865899712acdd8b

SHA256
8c74c4de755d5a890cfae35782bfc4ae5f1c1ae27915b365181a6f2804af8bc6

SHA512
6c19bdc77261545f8eacfa8f94ea78af43d19fe7d40de98e93c1b10fea7857b47a9215d0576d5bc1c6d9c4cc15a7e5461343129108076a47bfef6dda07452944

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewSingleGlyph\ViewSingleGlyph.png

Filesize
560B

MD5
a4bed43c54afdc2498ae55dbee049f32

SHA1
3631be5fccaa149d271daadffb843854fa150f4d

SHA256
71bbcf36bad3b8363291150d7f8b1496ed9e1522356335f8c85f6543ef92c26f

SHA512
632bb77ca11d3522372233fb23ab7d86aabcb515461e83f9830fd913c880d6d537411a5540e6991fe53168ad434ec53eb059e9095985845d652e6c8c6f599f4e

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusButton\StatusButton.png

Filesize
175B

MD5
34f4aa8b68d0f30e24375f14217fee4f

SHA1
09fce08880d88aa101557c0544c97aff3029b911

SHA256
356d29e700287f390a0e6187fdcc5e476497beae7f412c8a38fbc7e57dfdf432

SHA512
654c0ebf149b4674cae99ac20295f416652be2e8a5019ad06f5246d0542ba615f1c920200b7c2c0bcc579a72ca04909f16a98188396960b3dbd0842b2d796b41

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusNextPage\StatusNextPage.png

Filesize
448B

MD5
9f0572be4d62a07729d1185431ccec1e

SHA1
d7742b901e60fb0df5e46ebc9e4d4c934ab61254

SHA256
1063cdcc10417a624ccc0a6cc80159954636245e0f2581ab3939e7e4ebcf98b8

SHA512
c5f9fb9f4b861166f848dd76224eaa2325328c9441e782a7a185b2e9b00c49a833e64fde8f09d31aea880f0be239dab171d56ee13c745a7401eca9b01f39446a

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusPrevPage\StatusPrevPage.png

Filesize
422B

MD5
b6c7c78e839148cd2426f69a87ea90bf

SHA1
7fa130f82057011e5cb39b17dc2fa21c792d5cba

SHA256
3f30bacdba57be2db083c8718b6f45f5edf9e477978bb0c9c5d69730ebd10f64

SHA512
7670f1938f4519a01c03188894f93dabc991429cefc542a345c7610a7c780a476cb69fcbc58450dad2e2eac31d0d0188949b7da906c4ea0d4b62d47a6cec85f4

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomIn\StatusZoomIn.png

Filesize
204B

MD5
eed9b6545d0724d7d54be1f4ca5414cf

SHA1
8e9774a4c5db28387bf15e9cfe1f393dd78dcc73

SHA256
8027304cdbee27104c2633e05bf5a28ebef650180ddd412b85b5a9188eca1245

SHA512
d8a714e8998234c841e80cba62af4f1cc52c276b92ef704a80c4bfe0be34934e84a6b6841daa2324ae2d278013bd78f8fc69f65ff9bf2b2cf8b7b2ab0fb148f9

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomOut\StatusZoomOut.png

Filesize
167B

MD5
6ff9e32e601548d6dfbf441fbfeeb8f7

SHA1
7aa7463da300fd0c91dc7248295c433712ffb73b

SHA256
3f0a36969afcbdba012674a6b819bbd75758a0dadb5546ef1c4567d11c179dca

SHA512
47fcde90a43b9d496b7905fa420a5976fbfe1c6cf01e582696d17eeb1d00f3516b41933165ba042fd632dcc5cc2295daeab1f05801ca01b9ee7c216c0ab2c3bf

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Svg.dll

Filesize
1.7MB

MD5
0ec20eb3746935deea978ce4f97e9485

SHA1
64bd0b6cc5b04c8c6c2b42ec300664df7c4c3b03

SHA256
6fb79ce0d7901313898f2830fee8198e8c15cd8bb8729fbdd333fb6c5b846beb

SHA512
cf104ef5259d670b7a6f7203e05131ee6325234ecca464eb7d2a702933a4ff0f9523e4833086365ce9119532c4485daa2ffe2796b418d9d5dd949142a5eb50b6

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WsAP-PDFelement.dll

Filesize
4.0MB

MD5
17af6e2cf33d01a7429414b4cd8c08da

SHA1
0eb8d56d94c85f42618fddff43610fc6739d4027

SHA256
e81e88fa4adc7dfc18e40958819252c9def3d04a9c10b6ec5cbfaf82c7aa125a

SHA512
569e5b343876107a398d5a53e9623138ca4907fcd6182a64b6419b661e12e8f09453b8daf58d11fe4ed30a538418dc0cff640f060ac0913904e1eafe51b034f6

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\icudt.dll

Filesize
9.5MB

MD5
b31557acc49af7fa82fe5760cf3cc535

SHA1
bed2c51fa94d3c64e3b1c0ec1ada42f6aee6953f

SHA256
fa2baca478445a68c31d2d735730615e48189aeb73964bbca95fc4b5bc32c4de

SHA512
45d272f433d71ffd169fe3e230bf1818bf652978da038b97a9ce9069acc88c74a5cf69ba1e51417976b0dd14f729673e0a3c5b15e807edfecf9a52bb795d7dd4

Download Submit
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\libPdfCore.dll

Filesize
24.8MB

MD5
a3a2dfac7c5829542c3f6a6d8e81fed9

SHA1
ac0bbaaabd970ee264f56de5cea6d11079dccd1f

SHA256
de6f8c77f6e65fbb5cdfbf4493141c75a1e4588dbf41d4247722ff9c2628eee1

SHA512
1b731aabf305a34ef4139cde406ecc66fda178f91b17e1b9e9b128a47f36c7678b118e080162a5f64502feaa956d5be861a8d6071e418011d42551bbd8d39333

Download Submit
C:\Program Files\Wondershare\PDFelement\AddIns\EXP_PDF.DLL

Filesize
94KB

MD5
01b6bab757adb8e800f467f5dd6f20a4

SHA1
c3a143c1671c91a826460c15401767675dccd6f6

SHA256
77b0cf57e08bcf0b4bd2274ada906e19c67ac7a2d04df19ff300a756fe96399d

SHA512
6f300e5bdb7eb5c9b91a8dc93b4f54f0f9ba23ca6e8c30bf92dba1e39902f85c8a1b7cc1bec1db569fa0f3e5761ef270f34adbc7d6855674a18707dc263003ed

Download Submit
C:\Program Files\Wondershare\PDFelement\AddIns\EXP_XPS.DLL

Filesize
55KB

MD5
ee6e8231bf4a7cc9539eeb457d8acf39

SHA1
643956b3bf9aa29a643c47710f8369dd95622d23

SHA256
7b4d3b16ea4dc23773911971cde5de6a4125c7e4590c1245d78667e02526e769

SHA512
c330faf25588fe3420cfe2b38487fcac4ffb5011a2b4e6cb149d7679bd2ac29d4a76cbe804082451b02e83a3bcf80ed70ea351f60175a5e1755b9819bd1a51ce

Download Submit
C:\Program Files\Wondershare\PDFelement\AddIns\PEOfficeAddIn_x64.dll

Filesize
133KB

MD5
997399992609992f43daf6ba90a6fe99

SHA1
aa81216d449fa612626f2949acec51139b1a5773

SHA256
0a382dca5ceb70d3c0715728eae4dcddd00b54678d2362656fe3d743530aab20

SHA512
182dbaf6dbe5bbd816329cfb47edb5124e1b99825c8385d005265101b7815ca33e6fe4270bd3cc7e631193af8738bfef404b9d3a8e49de2ab2ce5df662cfd9bc

Download Submit
C:\Program Files\Wondershare\PDFelement\AddIns\PEOfficeAddIn_x86.dll

Filesize
136KB

MD5
a3e7adab6154d87b283be745dc43b440

SHA1
4a320759a7ea14966e8f39fecc8c3816c21a677b

SHA256
465f4e2cadd96cc2cec6355b5e2a09e342e9b5bf71647caabc1d61016ad81c0b

SHA512
fd40663b0ca48f0852c598e12c0530a9c8a89d7112bb316ddbe22495c1085a3cf45d308b54b230fd15f912627562a5308537f3280671d44beef78f028cdba41c

Download Submit
C:\Program Files\Wondershare\PDFelement\Customization.xml

Filesize
173KB

MD5
39cb407374b0120604aa033e5cb5024b

SHA1
1d01096d4e319ab387ea684b7857055da85457f1

SHA256
253879c63d3450fdc0d8b4748bf5897d8e0c8d3ba7b111260b45dd931f5d84de

SHA512
0e825bb7b03e19c9eb22badaa361d10626c82c87c889ad59a9ed78c9bd2fdc4b489d3cb1cd50752d771e8c064793b5361a3ab4d405b460766eee8305db40c454

Download Submit
C:\Program Files\Wondershare\PDFelement\FileAssociation.exe

Filesize
63KB

MD5
5b996305083fa4cbeaccd851043d17fb

SHA1
df94872e26c3ede88b69958e77856c6a18cd6b06

SHA256
432348082c9dba82ac4061c91fd298a5647e71739580cf0d9ee48f36c23abaeb

SHA512
2ca67bcf3bf8776504344b98544760c9168b1378066a4f25f9bbdf971384da95c1dd748beabb3a02e07a703c25f69dbd059bdf00cdbb1b536b4237bee1ce867c

Download Submit
C:\Program Files\Wondershare\PDFelement\PDFelement.exe

Filesize
12.2MB

MD5
ecc9b72ce3d5a0b7305ae5916d5b0003

SHA1
d544bb4cd46c78a012c16a351dafd2ae8dab9a7c

SHA256
5a1c55f8c7bbac15ade4a73b6d3a9578c566a488ca9d4aece3af2ea5009547cd

SHA512
58e885cca53bed10fabf9e442439d28371b127d4655acb507c9994b1307b6f37cb44fbac7af524dda805fbf71d838260b4edcad89fedf86d64fc75c1ba98ff03

Download Submit
C:\Program Files\Wondershare\PDFelement\PDFelement.ini

Filesize
29B

MD5
14a5a81e49194a159fbec4aa47a0a5e1

SHA1
7945798487332a9c3b1e9da7cc198f9c64519b1e

SHA256
e1f72de3f138041cfc860c19f2038e4221615f10d2835d816abdb8c96e70b195

SHA512
3a04721756ad4fbfbdc551398492e4a455abd0b7041e8a3cda352cefb9b1a326ec3735c5ddb8e24b9dfb14030613303d244d1ca5044cb3c04bedb9ffaaa59d74

Download Submit
C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe

Filesize
138KB

MD5
c262c4666e79075184be40b6af3a2b10

SHA1
453ef3989c1cf92b8841db01cd9615819dff9764

SHA256
d7e2cbe220a7bf6d3b313c3d94ee9be48e41a7eca171ebd43e2f5adca2052f5a

SHA512
b6e0688a46347e221fe39bc67048164332e96f1de363476fc5e1df405bc1a062786e9fb08e5cecef51df7bdd2ddaf32bc8709313c0c0aa04f2ad583fadae140f

Download Submit
C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe.config

Filesize
541B

MD5
76d54a388667208b269aafec6e091bfa

SHA1
c54d5bea5fc945aac10d014fdb6463545413f377

SHA256
bf5856cf607ff0e85ca64b06997c0de15a8d95b8813dfa1471a680c22aab4c51

SHA512
be1612b68f52a39ccf75c9d08745547af423bca28c17dc7a258bd175a5271790385060d932adb093fc12c14cab0b8ebf317bf4787bb1ba81463abdb431696c67

Download Submit
C:\Program Files\Wondershare\PDFelement\PEOfficeAddInInstall2405.log

Filesize
5KB

MD5
7dad5fc663c9c3781fe534c12c7dcfb8

SHA1
7e06f414a17cfc5489aabf50c2c7bcbfee2c5973

SHA256
7600009d2715c1a903f229e82c16370d5028c30e324a21bc45fb546c4228bc64

SHA512
ea3c2185a3acb4b208bea01a23ed7865396d085c3cb4642535d980934318b325a0554f723c414483c7e94938284aa91092fa464b004d8286fa3d58f1a6209bf6

Download Submit
C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe

Filesize
516KB

MD5
59754e3db61e910c41d50d364d86372c

SHA1
2cd5ceef3727c106f540934190edace69eee9d5e

SHA256
65eaeae795e79e0948e1a3767c7abb18cf16ee5649f23620e80f878ff9dd7d1b

SHA512
05a7b94400d9af3cad75f2c2dac33cf22d2be4bf789e24c6fb24fc2081bda0d443ad0c546520e608429b4e76c4a2a08513cbbef702c01763541ddf8b1dbbdad4

Download Submit
C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe.config

Filesize
134B

MD5
fdad6e56c3813f4021ff8177dc33ef84

SHA1
6585426c5d35e23c9acd4c3ed271241fddbf6a8e

SHA256
581337c905162b25581705895a91f3af7c8a577161c18187485f1bd15692c90d

SHA512
0b9caa3ed4edfcf4a34ac0e007cf5916f0ed083b092fc285aea0aa2d39d6082507fc41a2878dad89696f3f033307902bb73178846748fbf3e8d9527d4bd70419

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\Edit\is-DSF8T.tmp

Filesize
422B

MD5
2ee16bf1472ce9c1253899d537588ac4

SHA1
2e432b9b4de7dde3cb6be36a190cecb655f73791

SHA256
1576511d43700b606ffb5de707898e11d485886a152a1ce6633a87484c0b5c60

SHA512
26ec79cfcf7b4ecf77a9b92ec2f1c1e0107f0633b0448d9432575c03c5cd568e18b524c562d454898283c2f7ce6b02ed927346152462996016f09610a22476a0

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\NoCaptionRectForm\is-4VUIE.tmp

Filesize
626B

MD5
fcf4a918896fec7d200855b38d35e8d5

SHA1
f10ff3614091040c6443f5004810927f3e8703f0

SHA256
184c8316b4c6d4e61b6c77fcb2ab6362fcb6e39e71f549022775c523c587ec0a

SHA512
98f17adeb930aeb4f5cda42cda047b4c40f86c94eb2b0f27e1a95c48ab9a3bdb667daec987e91839bff40d1e8398e3789a23aa02b240c84cf808cdfe32c8f43d

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\NoCaptionRectForm\is-8JKMR.tmp

Filesize
707B

MD5
59f52ac368b851795d6a21dc41889d42

SHA1
f735989728c84b159bc784055b5d9f7ab5643ede

SHA256
34eec78b34c3eb9b1627c6e0ad5cb738764df40adbfd59969fd998a711ae3ef9

SHA512
ef118a27ba8007307a693def3237fe9d43b23370e3919b2325c1833d6b8d756d94b8efd68e1693bb7a53f78f248bbe30ddbc48d65c14037c154973222b495fa4

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\NoCaptionRectForm\is-MSO5L.tmp

Filesize
908B

MD5
b694479ae142aceb1472822be9a7b058

SHA1
b085cfc0abe85883c78c86f62ce43129a935a5f3

SHA256
fdece11232f8a0322aadf12b9b400f45ee08f24f177ac454b37a559c435a41d0

SHA512
3191eabb1a65a8e2c9de6008f580cbe95f8669d85464c384afc2b17485c4377f33f6f1bbe0f7aaa765637d4c6156a1dfca243dcd54381d4e0483684ccf9018ec

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\NoCaptionSkinForm\is-0BNNI.tmp

Filesize
945B

MD5
8d8906c16ca23026059a4e04f7b29b86

SHA1
b34221447a772118749af8d8bbe96a0678e60804

SHA256
bd9bc22139791579f1f1ac59896c950c5547f2425e437799386d6ab4de726813

SHA512
78502bb9584210fb859295338c8f998b5cae20e06e0ced3ad12d0b39bd072ff9d0e186e8edcd9657b78b04c580ef1a5dccaa9d3f37055f48483d9a1bb856a17c

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\SkinForm\is-GMRFN.tmp

Filesize
2KB

MD5
cad87deacc9ba636f7783aec9615c002

SHA1
228b0527623dd4821da33c3473f5045d19416d22

SHA256
25535e5bd695de49282e286f5ef0480f790f774ca19eb960e5973c13f4d1dd86

SHA512
f0aee82c065312cc6166a0c9b55fe0e48771610aff62df45e9f43da66cd27f6555b20dea4d2acb1f889ee5fd809fd780a5d47e25ce90bf285d9343f60ac4a625

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\FilePanels\FileItemCheckedNoHot\is-D341I.tmp

Filesize
893B

MD5
b5922581016b1751d29a0d929f32b339

SHA1
200aad95c8fbdef26db66aabc11bca607b9f690c

SHA256
e14200823b2c0ef2572ef3f20dbb804680b4e217b3873415a0d90bd74e217085

SHA512
f2409f134e44d613d929a9caf97107b59daeda0cb52d0ca0a3f69895e3745c80931d02cc15f138e08f6d08130bb8e6bb4b9b137d4a30061262ec0f1f3f023515

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\MainMenu\FileMenu\is-S9C5S.tmp

Filesize
289B

MD5
1db15455fd9110dd0e956c1535e38df5

SHA1
d4b4fecf997dbd8e9c7b49f39a08c59bb6012e43

SHA256
303087c6a25b3e36ba4df28624442d6c967f8bcfa902886843eb35edaf6a44e9

SHA512
e291d05a657fae6d4ee6216edb228d48af34604dc47a214c4e5b00be09ca6dcd01351cb476ca295b7be1ee4085dcf7b50fa1203c58d0b0039f8e15529077f752

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-2291D.tmp

Filesize
575B

MD5
0054139a6b6b074bbb0cb80d8aa093bb

SHA1
1ddb29a9c4695c82e4e894ca33efb258d21bc59f

SHA256
ad3d5541e38aef8b401d690364ad5922152e271c863df06fce7198598bdf34fa

SHA512
b769848fd5e02f48032a8d8e8d32024503da67d69b168e74e041139096c01eab7c1362a10060c7d3c29540849d1227be2c8c95d710afcc8627c82567ee89b9cb

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-307KV.tmp

Filesize
515B

MD5
4bcc8de11c9687c3e1858c3e875d3b53

SHA1
9a82851bb487bc9af6497f010fce04789b6a277b

SHA256
48f0b6c1ede931d8af598fdc96ed619cb7ad7ca2fc1062392967d22890dc44c3

SHA512
c4346b4d3844481c70f6b29828691a89d49ffdd99d35e072d98f370cc428b3b1fa2a62d9390a3a4d7f015af1064712e6edb8dc61fb9512302266f306df642b94

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-JM4E5.tmp

Filesize
679B

MD5
a5cbc43b1792c4dfd1340d04cf51a3b4

SHA1
165b5c20ce48097d0d85de0be7b1a7b6b0dae06a

SHA256
34f5bd5e4e24142156e1358c8a33269a259628457940dbdbad615ca48894c002

SHA512
b878e330583fbef81ec5ae3690e01b8de69be534eaef90c89af9616b2e704d8aa0865694d4a4a7f707e14c4318279797ff6f308f592869e793ee32f3cc3c76da

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-JNEMV.tmp

Filesize
846B

MD5
695c7c51022bd592ec256a9ab29ae1a2

SHA1
5b6efccffe8a2cf77acdbfb3cede06da1ca63e4e

SHA256
b80fd79b412cd671d397cd738e94cd24123b56f99c6ccfecbe19a1409393ab17

SHA512
b69ab8cdd76bc402b8897b52b76df653c5af99dbbfbd24c18a43fb13e9c27572412227d406958f782cdd59548284068189910d24f14f544b0f7a7e7eff020986

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-LR02B.tmp

Filesize
1KB

MD5
12fa328ce5b86a4eb7821bbf042c94ad

SHA1
4804fee5012cc9011c778d0339778e3c584ae7d9

SHA256
f913990aee5f2a9d1ef48ad54bc86a3cff645928cdb41a07bfbc4d90c50a6ed7

SHA512
afeb9341b6c367f5f1386faeb0da4fc3fd2b75184d1a1bc2a7c0b2764f0e493d4ae041c033cdda750eb8d8a8e74a512b5749ffbfb1a15b8eed1d126b9b527245

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\MessageBar\MessageBarBtn\is-F9LMQ.tmp

Filesize
427B

MD5
e51927b0b2ddff65ba96d8abcc8e1a8c

SHA1
d34c3877bb37ce0b82a8390b22a283fceed642fb

SHA256
e7d60213e0f519d9e6668a7a1a0465989c0d13d2db1477b7acfd05ba8bdb2a1c

SHA512
afff86c6394ac4434ecfc5e79bf46f53112d7dc64d96a6878a12fa4aa524b35a0c75589e8637395417fa20563029bf742ebca330daf192012673cb45b90fd3c0

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Portfolio\PortfolioMenu\is-DPP49.tmp

Filesize
647B

MD5
0a58a0fd6f6f8b8d11fac7c1c4ea065f

SHA1
4c205036f90f649268f71dcd8ca0a5c8aef92352

SHA256
ff68c3c7a515c086dcb6e34da5b49e6bd88208f67f50fe74f8a9ee9b309cfe01

SHA512
d518cfcbef2db817a54e95a2efda887330f94cb98e6ab4945863a378991690f35a5d13c7164158b63085c048dfb4b53239cb3760ccd99b43adb18db8c5b5d075

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\SearchPanel\SearchPanelReplaceCheckBox\is-7F0JK.tmp

Filesize
306B

MD5
813e3e243744698ffcc3a2b947c8bf65

SHA1
ba5973e70c81c40a1a29b29b33b98b7a0ab4cdd8

SHA256
0022d278ce7bf8f59f401d87e869599d42a6dc485a9df71584c102063077800d

SHA512
9b5a38e84d014d7feb645ee67cdfe329d0afd02def8751bf3683b6b2e833e69b7cec6d32fbd6716073fbc059f837f1990afccc9241634998b713f09eca07bb66

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\WSIDAuth\PaySucessedGly\is-379KK.tmp

Filesize
545B

MD5
faf0efa2ea320ccc01078568e54b0e9b

SHA1
0ede513b5198c16c324584dd8c53d06cc42d801c

SHA256
8c1e9e6e16e3ac4e0d6da92d4f47ea9a23ef31918796663087d8eb069f2c9c31

SHA512
dffe1666d11cd55e6bc0f92b95ba0cad4fb0179b8747cdecb6ed6a6c2935f1764d1bed2922f2013b8edddcee801995e09723dfe765219157c0fbb9bde15074ad

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SkinForm\is-3HT2H.tmp

Filesize
848B

MD5
b247c6d902af824c09423b0ffeb3e7df

SHA1
a36cd7a62e519e1576b705c1efd504d01154f69a

SHA256
11b86c587730f11224dca489b53a74bb588e29bec2a1557bfb9d8ed88e25ec3a

SHA512
af3b2bb59d3274f58938a9d3c6b3639f56bfdb52986e3a5dbf8d37417c0f33514296f1ab6506abe23ea00b951cc3f6ab29b5698d1fa077146917e572d32c3c7b

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SkinForm\is-9VP0J.tmp

Filesize
582B

MD5
ddfbb9636d3f44a3b6d3933fa0f4f69a

SHA1
a785c47b15692305c57918146f3123a88c9fcfbb

SHA256
6fe60ee8142a3322e2b7296c2d1764d774b9e873f47ff9b9d1c8e8e3d476d2d4

SHA512
b145d889214806335a1ed2e68a63b9af040d910d876bea82297eaddb90b11dcfe87971118cf432200744ae6e2c0b64aebbc6d436e88967ef3392550da8e7770b

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SkinForm\is-GJBIB.tmp

Filesize
663B

MD5
458be888a4996fab5f149b540e206d0f

SHA1
11ddbe2b721c56eabe2c4bf7fcec596b9d320d70

SHA256
e699646cf7a6373bc41f1ee73729f1a80cc2a880f49533a9d2062a23294cf475

SHA512
1ad34e99cb2306d2d833b34565323a210f878a121d363729c9e97ccdca6bdac941ad41f6c85f9ec1e5cf5b98aa2f395a84ac55388721202a1561be4d08f5ba59

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SkinForm\is-PUT46.tmp

Filesize
914B

MD5
db376129b4955dd1d0d138ceb63df78e

SHA1
f8944f26704c1539b70fcac59e147a2615d82804

SHA256
f0c8f73437359bd639588d6d5aca936de0eac65e691000c81702b0a81b605386

SHA512
cd01f888dd281ff13b523f1f0130f53bc5fd1ff2609241d1b8bf8b16856196f7bc82742c3dc7481e5a2de0f5bd57d47a0f2f1490b8ff3afe406f0053ab5b7d0e

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SpinEdit\is-GRVFQ.tmp

Filesize
1KB

MD5
01db6c5f5758c6e6edbc6b3245049140

SHA1
aa7502fbd772eb5073f17264158a24ceebcc2dbf

SHA256
c02e052b508ebe1948317e45fccc33f651fe5d9c027e4656c268c7d79bb61319

SHA512
c2007982a5a13c630c2a32d1eec815ae44687b6c3a2b356a6ebe92980ff3bd0902e149c40837c59651d914ef1948463240b34a902df3b6c64190d6d4e7bc7db0

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\FilePanels\FileItemCheckedNoHot\is-R1QPM.tmp

Filesize
895B

MD5
8fdba27687182449859d61b135ce6785

SHA1
f74d892e3ef8f5d62e8b6dabe5da8d2acdf86935

SHA256
a7f5de5f0cf27e8bb5baf28ee4341ba312060d330cb5613be078d24a66964c26

SHA512
16c5bfbd1f9b4f4dcb30fea6d2b6ceb7419c1111ab099dd919b53e1b0ac2ed5f60483817430907e7b213b25547e798fb3e279a55c089c0ffdfef4d0e6e09e28d

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Home\RecentItemIconGlyph\is-M6GS9.tmp

Filesize
967B

MD5
43383636ecb82b8d0062368c73055963

SHA1
d46df158bb54372abfef5e7b218cb654e50d19b3

SHA256
d8d097b20c1864b6018ad6b7e2778a3eb2fd9be325fad4ddef04ce96eeccab2a

SHA512
5f615c79fd881cca7f622ff980d27b3fcfa4b3cf3eb259be1b1367833c21e6dbcb48368e57c0e04188fe61a5ce38a2372edf08dedd8d85566f1b26a097d8e5f9

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\MainMenu\FileMenu\is-7NVEG.tmp

Filesize
312B

MD5
b13ab40718810c15bcabe527e4040aac

SHA1
b6578332df7db7f1332fad7c4ea7a6aa2dd7aec2

SHA256
09d3f655ca4b448bde388b031f55c47c98e534a5b9f7a02acca98fe124302f7e

SHA512
bd40a5c53215b8126856e8450b8901cca7741c1e32d55412cbc82739a9088587ce645ed75b597aa51aa89a46380bc1ddb62cf689061c817b35187b68d129dbe3

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\AeroMainForm\is-5SE83.tmp

Filesize
529B

MD5
97ed3681778e96ac18da5ad2b546f437

SHA1
025049f614b3ed25c4d5064850592d8d38e7836b

SHA256
dc65fbce07bdbb47d0d7fc5e6e7b8fb32cb44e351e3211ab90f17ea50288348a

SHA512
51e0f54db1df3d2f0068d6eb3a32d31c3215a1a942e01f46ceefc651011fac2e3d7e42aa4f90ae2253282e5730f975bd1084ca68a2acfbf825dc80a650e8d3a4

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\AeroMainForm\is-OT2HC.tmp

Filesize
469B

MD5
97333e9ea6f9079b48142988b166f4b6

SHA1
837637a2264f672969b57a9453d24ebbc38565ac

SHA256
022d256c9971c0b47d4379f5c495468dcb16888707e5f2257cc8bd0de5e0f816

SHA512
038f7405fd968854ecf32d7c3425421987a4de6df4c1ae846ab9663809a959e9fea655fe6c742931ee6b85ef7cd15f7ab4df62b73aada99d9d40341b16585bef

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\AeroMainForm\is-R4PC2.tmp

Filesize
788B

MD5
025b29eb9ad51a33644bb5e9ed10ae72

SHA1
d7c0f002737be9f12670f2e268b05ce7126075f7

SHA256
23d7f2da826e99a51efcdf5bb8c5185c8be9c6694d289c2aeec83f2455fc58bb

SHA512
0daa656efd7f90752ee4d900c641ae472590814c3d8e5ea515ebe83b10a22ccad58a0cd4f573b2552de55f60706ba7e0dcaec1af3b63398315ea4bbf01f1c2a2

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\DocTabControl\is-KJF6G.tmp

Filesize
251B

MD5
dacc24e102c7d718581e81ebb6b41cb8

SHA1
847464e37c7f67b0567807f7bdb3aa2622a2d578

SHA256
4542810eb43845a87c0e1ada1e7df8cb8ebe4058755f3d832bc49891f09847ed

SHA512
87b55264e190db9a60f671b683d407a47b030a8a99c74174f675df54392ef72f8c90a706aaf1eb88d2bc3c78fe9779482c20153380e47566a94fa735b17a1d8c

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\MainForm\is-96JKL.tmp

Filesize
711B

MD5
85f8b42127b421fa7d88bfc1c4668fd9

SHA1
79f2b1bf990ccabcbd2b77743b1e6058caa583be

SHA256
e39589f8239c6fd8f703815a79fae72cf5b45ce5df2b34eaae40f3f2859993a9

SHA512
40260e69a1eca46a2694907d9a19830b3c93e5e63d7abfa4fffe85eeb77973464abcc1add2b470ad52c2147f539729ca72a7e2c7d805c9b5581156f42127310d

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\MessageBoxes\ErrorIcon\is-V7VTM.tmp

Filesize
743B

MD5
652a891815f1bc2a536fe66c8c33ae3a

SHA1
0565af5a62b0b9defb120211e97df5c433594448

SHA256
29bbd6f37ececb9230bdb6a6535973b2d161c41fe2cc3f0b08a662c76959237e

SHA512
5b5053aa6d02a9bb4c4b0283c1654198459e6cdd7dc55719d314989630edb191879eb0cfe08f9c589caf179a073cff7adf26cdf0ebf54973c1f89e7e6f1b7a1a

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Mobile\MobileCheckBox\is-E21AF.tmp

Filesize
1KB

MD5
10c133ff7ac60a10d69741c8696ca995

SHA1
ea4b1debc0bb2a895a7d904932abd0bdb1110a45

SHA256
d34dbd1cbe40996121a415dbc927dfeac64a0efab3c35148b68ecb49a19189ee

SHA512
98713a8fee5a4c3d7d1fb9b6dc1a94858d2db71b43c0b63fb4567b7ec4aa808732a60244a60dfae32fa00a54a3b267daecf2ecf0482b915fbe8981cddd30cac1

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Mobile\MobileCheckBox\is-FCEIF.tmp

Filesize
1KB

MD5
3e4691bfb9848223ba99df02c20fddbd

SHA1
5098b0850c3779f4e557d806f0bdd1c3908bc4bd

SHA256
70d90be4f4f8772a2c9f16e702a0ccfbb85169e77c427d8e1f552225265288b8

SHA512
7d46a691aed6ec00ec365f6b30349d4c94be59a3b381dfcf5f9362d50f25295313894cb5bad61dde806fdec17ed22e81a90dfdaa85788e923c90e810a1a0d34c

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Portfolio\PortfolioMenu\is-GS8L2.tmp

Filesize
661B

MD5
8d7191aba73278f1bb89e9c0d38c743a

SHA1
f6fc47f7e5383dfc540f3f5fea3338bd28862d9a

SHA256
f43df0a110575ad6d001d6d89c94adb31f31193a125cf5b75d10e72affe27965

SHA512
807edbcebff453aeb760a0663e3002519f2bf49dde883e709f4d3ecffd9d6b47e9053d4f923d6263c4198dbe4df475d76424c2d67f1ecc7265f49f1730ad3959

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\SearchPanel\SearchPanelReplaceCheckBox\is-2J7OI.tmp

Filesize
306B

MD5
88fc80e4f22b666751f858429c4c6a7d

SHA1
f056875dbd79ca3f0fd86dbf8eef6b8773f7597f

SHA256
84cbf39fca38f2f027c212fdcbf0e749a2147069a6c638009e425822f2e50863

SHA512
f95c85882c8085f1eaa6be025bdc3449d29ffc96df8cc24979c3084f5dac9278cb793190dc305f3f553129cda21c2ff566c91e3b55073aeab2a2e21493356c29

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Settings\SettingOcrOverTips\is-DQFDM.tmp

Filesize
571B

MD5
0927a43e74cc9c9c2431981d467bcc93

SHA1
a8c63ffd64df48e4ebff5d80a1aca4fa0b1de04e

SHA256
e5f0367c0e944a15ba802ca8c8127705f8abd6e2e779a9196842becd198b95b3

SHA512
937d0b205b7fcd985fcfb3d8b2cefd461e7281df11f62c4e8b70522bbf6dc7908da41f42f01e8d9ba1173697a84bb99b37a8bc33a9a986c9b395f07674cef6ea

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Signature\SignNOBigImage\is-U3CU3.tmp

Filesize
8KB

MD5
77f6afb9e650ad69356954663eb09f8b

SHA1
228ad9bf120fa6a441727b90064eaa95d35cb2f6

SHA256
30c63fe7dfb776d168fabd5b1ff78870c5cfa984e485fe424737dbf6bf5ec645

SHA512
9c9fcedc14cf3ca95d93d5f5a11ead9dfeebb1e4abc7931f7c48c468c6c1363fc3f31eb270e6a3954e08ce5c9fb660dd58554e4c41f6ce5d781731bedb28c9e2

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Signature\SignNoSmallImage\is-L5LGT.tmp

Filesize
9KB

MD5
bc6b1670e6702aaa7b46ca679121afd6

SHA1
168926ae9ee5dc5b3c951949136c54adfbe8af29

SHA256
beac39f2f76feb9ee8a3fcb2478b1b5fedea692f6f9ff1beef0526f20f6d1c8c

SHA512
07ab42aa2461fced1bd688cbbcf174f44d0ec918e443ca238e90b3c7e205383ace5037050a9f508e202d7674f317e73b8166edf4f3aa37d7db0ddfdb20a3eee8

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\StatusBar\PageNumberBackground\is-5A7VL.tmp

Filesize
159B

MD5
57b1a901eeea1357fa2b4a7461947719

SHA1
9490d0eeece2bca074b166c91049b359b0391918

SHA256
cb0d787086e6f404c82aee2bf384db7f2b40eef020fab16de5084594b9254b58

SHA512
a9d35a49c66f2e55e4298fff9832e04996dfb4f29df4e3b61fae17f28ea34a2ae58029f1a05e78d4805457c48bb42d8d4ebe2437e723cad53a4177c9fce5b7e3

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\WSIDAuth\LoginTextBox\is-S5V4S.tmp

Filesize
1018B

MD5
bf3ac3afc247e6141dc733aa5044f722

SHA1
25b42d3c3254cd8d4e3a9e8c9028337ff9558569

SHA256
7a74c059563836de4e9b2757e34a676456dc324c2a9f4eec0618c9c36001a33e

SHA512
f3596cf48b2075c77bf975a3620029c8e60ecacf5a99ae28fa326251476ddb2a654c03a0e0108193203768777273cff9afd3ad2fb7ab2063a5fc01928d86c642

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\CSS\is-ADT75.tmp

Filesize
104B

MD5
c71de36815d234e886e5eafc376bb514

SHA1
c1f0c9ea8908525d952cbc0db64a11b79a0b97a0

SHA256
0ef44486c08fd5bcfd216fcb2722b938170b5c15563b9131da6d5325d0b1e666

SHA512
c938226d4953d78a7f53eda4ed5a1846d7f3561f78157951da03aea36eb295f88879f987792327b3c8e085571ee97bda703d5e321d7198d905c7044d01f6e176

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\CSS\is-AQ6JN.tmp

Filesize
60B

MD5
e4ab34ef3af025df85d68067c46e5137

SHA1
02722818f09dca6e74188dcf8287877849b1bda1

SHA256
4becd8d3bd33385f206d1608d4ad2d5191e033974f73d09989d63e66b92ee214

SHA512
dbfd62120da401141dd35da8b805e0a7b08776a11f0211c85ab5364d30b3ca0ce8cb77e9e62a8f5a740626d52577fc1b7d99be5a4a77e8cd15d2db00e3a2e7e8

Download Submit
C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\CSS\is-CL6S6.tmp

Filesize
91B

MD5
1ce62199ac7ed87d171deaa424df6d69

SHA1
2403ec031d41e145bcc55e15bd5900a8e252ce94

SHA256
d792a897882d97a58ce09ae90be5e53d376977687e091a44289b4a0467ebcf0e

SHA512
7c18af4b19d0658f432705d576ab8003b3e06797866047193284bc27ed3ef1b58debec50b2ee1e260e1cf46187acf32909a3ae196ac8b80720d606e257371068

Download Submit
C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\Resources\is-K5J28.tmp

Filesize
219KB

MD5
c83ac04eb75e390fa0c9465ca66ae0fd

SHA1
4331410d4a59c1fbd8c46e609bfac5bbaba0f883

SHA256
949bfa729dfe77987a0da8d85bd24f272da512ece48b435e702f797f24f9038d

SHA512
2ad6924bdb903d4ad5c1a60e79fa64901c4c89075aa67e806a23442ab16ba1931e02d90881e4cdd3b9f7eeae1fc68d07d8bc11fb0e35209aa9724fb8071d78ce

Download Submit
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\PEPrinterMonitor.dll

Filesize
278KB

MD5
9dcb0351332621c00c7dfafcde6df3ad

SHA1
cf53a36158bca80ec89a8e276f661c6a63831d05

SHA256
011f682171bf61ee6000b1f921fa98647701bb11b11c86188c4395f1b955bd12

SHA512
0993493d221098ecbe2327eee7a43b1a122f094b467ef0b00476cb49e93c15b4ba7b982ae269203f64c3ca8245951d0b371e03bcaf25762f4bfeda78b602253b

Download Submit
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe

Filesize
146KB

MD5
2f95c0f7b5429cad4fef24c37b005014

SHA1
bfcbf13f4639f3784d630153449fa3ce2048d1d8

SHA256
ff754b2719b5e08db2bc34aad3e7d1b14f6651e7c4944707eb38de95e461b69a

SHA512
8868bcad45924eecc443bb3c2ffdd0ad48487de8687edb2c8ccc2b01b64860b8993d7afc70d12cca64ebc563889d6687d242a0f83983f1e621457454049d8421

Download Submit
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PDFCREAT.PPD

Filesize
31KB

MD5
7b3694cff54a0f58525abd9cc3e62475

SHA1
d7fffbb17f7e02ae03b1dca1a808c53dbff67436

SHA256
479ded50a99ee0ea2d671cbeb68cabfda049b18ba6729eb81422fcd08d690afd

SHA512
a440dbabf93bb0f5b2e8a37fa1f03e84d29eb8a9eb08558b0f8a57f6200c4e9a4c17174051130ee01cdff299c72280bee78478014d75d4f2316160a0c8f787e5

Download Submit
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PS5UI.DLL

Filesize
248KB

MD5
34fe8243c4ce5db32b593857a9ab65bc

SHA1
bedd7610b754f6216131a0f509fc9d8813e439f4

SHA256
28a1cc523e3708c48fca4095d1ede1a81fdf1954b743eca4d6c8172f0116a3d6

SHA512
561503728c5598ce360e85130bef4172fe0e0fc57417e2549d6a15c509244d67cc84ef775450c133170df2e9c258951549fad32c3080a52394078756b60f3376

Download Submit
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PSCRIPT.HLP

Filesize
25KB

MD5
02c3f8c32018f3aaf66e7421400f1781

SHA1
a04f2e40287af78867161fa3f1606045088da212

SHA256
6faef4c998e810fff139958f28722c79879ec2fd66c97c7e3e2c5040fd5550d9

SHA512
c30fee64d74a536117de46c81b6e22ec82634d1284783a317bc15e85cfd561fad7d50a63ca863ea6520b5cbaecf9061f7b52d3d99050484ce8a004f81dab7990

Download Submit
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PSCRIPT.NTF

Filesize
1.0MB

MD5
e45e03bdfbddcee4b6d62bc922ef24e7

SHA1
1873ec050afe6275e95df8b6a1a43098dccb9f25

SHA256
3eb48a31bb8bfb34534ff6e251e9b97e29e8b8e3a4eaf6c929b026caced3498c

SHA512
0dd54c060ca8b2fb676a14488dfeb30de9b0458a23aeb632c1bc4de54fc6b8066c86450a896726f04ca74bcecec03fac15c69a81ed17215b53501da57607f915

Download Submit
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PSCRIPT5.DLL

Filesize
732KB

MD5
fd759f3f3dbda773e410172b8fe9b716

SHA1
be6553806f25e3c3413064e6fc4a82d01bab3ff5

SHA256
b5b15b0f92cd60314d45aa2bc3cf06109a050b3c096168fb35d584281fed3507

SHA512
789e351e84d409c37c77ce51b82fc63ce22023ad0ab326f7455aca2a8834fe7145293f30ee19a616d4fe1917512a9ce1fdb0856004852d67c0d13b5a737627a4

Download Submit
C:\Program Files\Wondershare\PDFelement\is-4IESB.tmp

Filesize
539B

MD5
a70491f336626d0e533cb69ec59c9b63

SHA1
9b5a25038699abc1bf207755e38876e256f55821

SHA256
7323370e83d9d90e08467153d61c0c023891769051bd6656c15bd8b815ff6a8e

SHA512
6d31507ad0ab1135742054c631c408ec06d8623451eac70ab5ca6553de472e8a0061ad7c7472fd8d0cdde74e5ef382d6c6e89fd2c425805fd498ff1d4007284d

Download Submit
C:\Program Files\Wondershare\PDFelement\is-DVLU7.tmp

Filesize
536B

MD5
5295757d4c69e6a41bba69446e7de1f0

SHA1
c8d0cd0908b2e8dadbd4c0f5ffc8296cd363bc04

SHA256
70aec6dca7932e63e7888675bcc3e6a453372720a8ed5e6042398dfd34657bcb

SHA512
0e2539e3f7b84ad6eb5ff50ff7267a7f6020b86cab9109d4923feed49650b5c4acb9016960b12e99bcec7c09f73a0e5d11f90da3d20b6c5744c6963201f3cf29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA4458E7366E94A3C3A9C1FE548B6D21_4D96F6C14A43BEA1464E6FC42CC823C8

Filesize
471B

MD5
c7eaaf6bde4e6c791251c8d0c486b4f5

SHA1
8718a53fae59db884a500a3af40b180162cea671

SHA256
7a49f9ad27fb4805b6f9750be0a28eb2987abc7c3fb54db8de3dc5f7a2f96cae

SHA512
3fe2531e63388b32aef721785fe3f9d413233002c9ad51f6c11327290e0a821d4ea260408c9d12fcffc4d1c4e97ab0d067711a48de552cd77c28f11007e84f7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9

Filesize
471B

MD5
72e4590d6f0031346bed2058b84a1feb

SHA1
70b124310d398df1a37974942a04d40fb3333d20

SHA256
09e30913a3f36658ddfdc75dac6579ee64b2ce013e21a0a1a580d83e2c7f6d0b

SHA512
98c6b07d62d6acd1937b143846dae8b891487744b4d6652a7413259038faac1aa36c6fba0801a497c0b653bdf7e5acab9ccf4ed5374904161127e96c8ab86776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA4458E7366E94A3C3A9C1FE548B6D21_4D96F6C14A43BEA1464E6FC42CC823C8

Filesize
404B

MD5
752c28b96fcc562534916739807bb019

SHA1
3e7f9d7638260d35744fb4b488da2e9b7abfd690

SHA256
b74d42d006e590ff249a37f18e126daa6ef449ea67474399c4edaf51d5c010d2

SHA512
7fdc5a8bb24f25359953d9b73b4e4eb46ea5098a2d5c3521f8862087ecdd2ff32801285548e51e1e5a83c641d9d65173aab27292fad70f3123d016011960f349

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9

Filesize
408B

MD5
601f12bbac31a55a6b6055d55b470f7f

SHA1
03ea86c977a05aa6633026988c3f510fdb24bafb

SHA256
82d288da05d62eb6639ef00f852c4e3983442ac0978fa1cc4a873434a2014c89

SHA512
3641111c8c225e310a82baea74e05458830e8bf695069559f1060b518b06754b37e8b23d0ccc53b27f0498707d98eadff27fed6dfecd2d7f7e879a26bfb6aeaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\PEShellContextMenu.exe.log

Filesize
426B

MD5
001ba80328a79b5d1306e58020987adf

SHA1
4ab0414fe63294b2a119cd7cc1de2204a9ee4056

SHA256
fa3d41370782e1de2c7b7e714aa2d621871003208d5b8e8980fcfc97d5221339

SHA512
b363e344de829f1e094582f15478dc777d115dac846d79619334d1c5e6db6e1d618ae7f540300a10bc36f8857d1acfd356705669593aa5862a0aebafc100ee84

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RC7J9QNT\tt[1].png

Filesize
126B

MD5
e714c69ca26dcdabcf9016341f66b5b9

SHA1
1c78ace0e38129460966521ecb9f3ce70563a5e8

SHA256
a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace

SHA512
14179e1e37d02cd4e31a6997dd06f4af685bec694967adbfdcb341bc50d8558664a884694e670c76ba04795bbaca6e5af756472f9bd18ce2344f936bc15f9943

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UJB2BMT0\bat[1].js

Filesize
45KB

MD5
72bca04fd669eb89fc65d59052d0fc00

SHA1
27e60aef86f0cb1b2f6b6ed9df9a4e3ba88efd21

SHA256
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

SHA512
56058e4c927563ca37dec4979af28a415ea3042a389c0ba22738c76d39131317a703a38a95eab9d913f116f7c2d1da62a0a87750f47deca2ddb3447d64303b12

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4ZELX2XC\cdn.consentmanager[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N5B4UCZU\pdf.wondershare[1].xml

Filesize
772B

MD5
cdc5fe16861c34c71b36e6807a628704

SHA1
24a2eadf08ebc97e031013f78c5b9f1d9768eac0

SHA256
620bbc42647e92da9ee6a9260c181e45aa6b0d3ef4f06e84feb26bfe7db236df

SHA512
3a1f98602c54bbbc7703c856dca6cb5db8582d9e27c789a9f7be9b0d365ef293d864cf16922a52578c391cff5471cd4e3d25a2da127ebe72e58276dc7faf95f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N5B4UCZU\pdf.wondershare[1].xml

Filesize
1KB

MD5
6bf6f0a6ff50f9f56ccf0069bd93423e

SHA1
28c559bf970d2ebebb8e37d26179aba1737b3caa

SHA256
57cd44e8f77834978db8ac467af85736f966e57f3df7055e1e3afc5a833bf5ec

SHA512
da8145b185503f9672685ba6f8a33d305d5ffdbe72862ffc5d9dd9b556655176e5285cd55600198c36cc8858ccb5bf3bb0e1daaffd23666ddcdc80a72e77c461

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\UP231XJQ\www.youtube[1].xml

Filesize
229B

MD5
5f6164956f48f3d30d4a287939da358f

SHA1
c44e2c305916c187685d1ff93f98307456757db0

SHA256
d9aebef241b5f2933664e0f64c5eee58a99beccecc8bf6890be89ffe3d581e0c

SHA512
b0aa9a665d2b72624c24f5e6a24d3b9fc3ff892c8141d276f792fc4290ffee9cb56f9f37953e22795a6a378283992b990aa8318d029cf55ce1426ec5436dd79f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\UP231XJQ\www.youtube[1].xml

Filesize
12KB

MD5
90d75048cccc24ceb141e3f6ade00dc6

SHA1
2a5a02db8045066f1534cbab109ecf650f89e60a

SHA256
dc0602b698e5211c7451dfda5909bd93ce915d2b5ef5871146cb8b9cb5097264

SHA512
cb51d83f03df18a5fda11b54934fee653bc7822e294292cf45f590e253e82f6dc04d955f834e01a1bd915b440dfe9455cbc56abb77589b98a5328bca6aa10bef

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\UP231XJQ\www.youtube[1].xml

Filesize
10KB

MD5
034b50a0d32fa25426f0326a7cbc62e9

SHA1
6e679919c1b89b00ae83d78599a98dbd51126190

SHA256
4fee8580c3ca72f835cce3cc5d3c432a8a05b724f3dc374153f4222284b100b2

SHA512
2f885f4f71c0595442abd84535dfb5064a4e5d34b2cdbe66df29ea0435b0a44e7546fc553f33886bd77c77c319cf8924c4fd64077b59a133103477743e3c5076

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ATXXLKKH\favicon[1].ico

Filesize
4KB

MD5
f8152c42b27795b0a992fdae0e9e98b4

SHA1
571bc03c5c68b0596af75eb806407818f1ade049

SHA256
ca2436df1a9f28f874e861a820ca49aa034a076bbba1064d445a042d3c190d88

SHA512
292393859629ff287c073bb00d0de5fd51c516f773e06cd8ecd58c346f1519c215a5436e340221ea6bb35680a043296510922584ca4c5be23fac7a4ac9686098

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\Ldr64.exe

Filesize
73KB

MD5
eb674cd25c8e1c4ee42d09cdb614f580

SHA1
4be17ac8b14649393e17dda0caf36f31e03fc89a

SHA256
05dcb1619c0fa52b544b2b17015c17195aea0f60d7c287e49d9b04c428e8b765

SHA512
beddb522dc83109290357c391a2cd3346a125e55755311e16d3f723765615da418ab464f7574a4b3e2dd30b4c6b1c529841b0b63ad82928fd827a82d16fd2e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp

Filesize
1.5MB

MD5
f65d8be148defb31e1fac001288156dc

SHA1
524b5c2b2cebd42a96ac89df25f976169e9f9217

SHA256
a3a7791221615645abd6ee8119a1a43408536aa8be710f2442a2d49131ef5dff

SHA512
6108b6dbd2ae57b16dc846e77c71abc61a9bd91fee542fee3a0a771a369bb4294b958427177d9a0b07422b9cbaa228770a701d3e2749f4d72f3f9a368a180886

Download Submit
C:\Users\Admin\AppData\Roaming\Wondershare\PDFelement\Config\MessageCenterConfig_New.config

Filesize
15KB

MD5
d5b18e742e3544615770f9d3432b9b04

SHA1
e8c36998a72a56991928f91606c9693429b995f0

SHA256
74eb3963fb00f494de9a3b117a28ee3c7e96ba0e08cd4a8adbdbdd681aab1ac7

SHA512
a6815b99aad977dbed5a3279c365de95df55bf9fdb0688d37146d4fe5857643fb7384615282ee1d61fc706193f25cd0d73a40e0d4d60dc6dd91b00da6b400d54

Download Submit
\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\PEInstallHelper.dll

Filesize
122KB

MD5
650afaaba451c668629dd01248c81264

SHA1
623f583d82aefae7691afedc077a6684d536a545

SHA256
ec3dd19d446eaf62d396d65029c1c627205bd1fd33608e122be7f4d8af7b5ad4

SHA512
3476bfa801e506ae3c9afd6861519b9a3782e70566ef6df49dc01f605f70fc990a7b59dd8e19b99caa937dbd75bbbfd4246b2e4e6a995e70290cef603c995511

Download Submit
\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\WSUtilities.dll

Filesize
188KB

MD5
a0cefe160f504402b5148580c5b912bf

SHA1
3b6c9641a7b2edff1b60bd55b8eeb7c34eab8aee

SHA256
4333dae45b166e2ec59c49a46ff6abe3342d9191ebafda9b53803e639e33f1d1

SHA512
a9e9fff977c3e365caf0a5351b07319502a22f6ddf34267e9d77b171dbdce82d6cfb6bb49b7ba4b5c6966d97c3630ff2944a96f32c26819e43ed85b4f15f862d

Download Submit
memory/1432-9765-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/1432-4607-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/1432-339-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/1432-27-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/1432-21-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/1432-6-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/1432-13129-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/1432-8773-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/3060-9654-0x0000000000E60000-0x0000000000E72000-memory.dmp

Filesize
72KB

Download
memory/3516-9699-0x0000000005F90000-0x0000000006020000-memory.dmp

Filesize
576KB

Download
memory/3516-9689-0x0000000005A90000-0x0000000005B8C000-memory.dmp

Filesize
1008KB

Download
memory/3516-9708-0x00000000061A0000-0x00000000061AA000-memory.dmp

Filesize
40KB

Download
memory/3516-9707-0x0000000006020000-0x0000000006042000-memory.dmp

Filesize
136KB

Download
memory/3516-9679-0x0000000000F80000-0x0000000000F92000-memory.dmp

Filesize
72KB

Download
memory/3516-9703-0x0000000005BC0000-0x0000000005BD0000-memory.dmp

Filesize
64KB

Download
memory/3516-9683-0x0000000005BE0000-0x0000000005E54000-memory.dmp

Filesize
2.5MB

Download
memory/3516-9691-0x0000000006400000-0x00000000068FE000-memory.dmp

Filesize
5.0MB

Download
memory/3516-9695-0x0000000006050000-0x000000000619A000-memory.dmp

Filesize
1.3MB

Download
memory/3516-9690-0x0000000005E60000-0x0000000005EF2000-memory.dmp

Filesize
584KB

Download
memory/3572-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/3572-20-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/3572-0-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/4088-9770-0x0000013F5A500000-0x0000013F5A600000-memory.dmp

Filesize
1024KB

Download
memory/4088-9771-0x0000013F5A500000-0x0000013F5A600000-memory.dmp

Filesize
1024KB

Download
memory/4156-9595-0x0000000000440000-0x0000000000464000-memory.dmp

Filesize
144KB

Download
memory/4176-9716-0x000001D9D1F20000-0x000001D9D206A000-memory.dmp

Filesize
1.3MB

Download
memory/4176-9722-0x000001D9D1AD0000-0x000001D9D1AF2000-memory.dmp

Filesize
136KB

Download
memory/4176-9710-0x000001D9B73A0000-0x000001D9B73B0000-memory.dmp

Filesize
64KB

Download
memory/4176-9712-0x000001D9D1B50000-0x000001D9D1DC4000-memory.dmp

Filesize
2.5MB

Download
memory/4176-9714-0x000001D9D19D0000-0x000001D9D1ACC000-memory.dmp

Filesize
1008KB

Download
memory/4176-9718-0x000001D9D1E60000-0x000001D9D1EF0000-memory.dmp

Filesize
576KB

Download
memory/4176-9720-0x000001D9D1730000-0x000001D9D1740000-memory.dmp

Filesize
64KB

Download
memory/4196-10037-0x000001A2E2020000-0x000001A2E2022000-memory.dmp

Filesize
8KB

Download
memory/4196-9953-0x000001A2E1010000-0x000001A2E1110000-memory.dmp

Filesize
1024KB

Download
memory/4196-9787-0x000001A2CDFF0000-0x000001A2CDFF2000-memory.dmp

Filesize
8KB

Download
memory/4196-9785-0x000001A2CDFD0000-0x000001A2CDFD2000-memory.dmp

Filesize
8KB

Download
memory/4196-9867-0x000001A2E08A0000-0x000001A2E08C0000-memory.dmp

Filesize
128KB

Download
memory/4196-9952-0x000001A2E1010000-0x000001A2E1110000-memory.dmp

Filesize
1024KB

Download
memory/4196-10044-0x000001A2E2060000-0x000001A2E2062000-memory.dmp

Filesize
8KB

Download
memory/4196-10042-0x000001A2E2040000-0x000001A2E2042000-memory.dmp

Filesize
8KB

Download
memory/4196-9782-0x000001A2CDFA0000-0x000001A2CDFA2000-memory.dmp

Filesize
8KB

Download
memory/4196-10035-0x000001A2E06F0000-0x000001A2E06F2000-memory.dmp

Filesize
8KB

Download
memory/4300-9741-0x00000296CBC20000-0x00000296CBC30000-memory.dmp

Filesize
64KB

Download
memory/4300-9725-0x00000296CBB20000-0x00000296CBB30000-memory.dmp

Filesize
64KB

Download
memory/4300-9760-0x00000296C91D0000-0x00000296C91D2000-memory.dmp

Filesize
8KB

Download
memory/6112-13117-0x00000000000D0000-0x0000000000D0C000-memory.dmp

Filesize
12.2MB

Download
memory/6112-13131-0x0000000022570000-0x00000000225E4000-memory.dmp

Filesize
464KB

Download
memory/6112-13155-0x0000000026B20000-0x00000000272C6000-memory.dmp

Filesize
7.6MB

Download