Analysis Overview
score
9/10
SHA256
e14274d9724505d314d2025563420b4e5064f5f54e4dc6a22f0d2dc7031f340c
Threat Level: Likely malicious
The file WS.PDFelement.zip was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Possible privilege escalation attempt
Drops file in Drivers directory
Modifies Windows Firewall
Checks BIOS information in registry
Modifies file permissions
Writes to the Master Boot Record (MBR)
Checks whether UAC is enabled
Checks computer location settings
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Checks installed software on the system
Loads dropped DLL
Drops file in Program Files directory
Launches sc.exe
Registers COM server for autorun
Drops file in Windows directory
Executes dropped EXE
Enumerates physical storage devices
Modifies system certificate store
Views/modifies file attributes
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Delays execution with timeout.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-28 09:09
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-28 09:05
Reported
2024-05-28 09:28
Platform
win10-20240404-en
Max time kernel
46s
Max time network
73s
Command Line
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\Host block.bat"
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Windows\system32\cmd.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\Host block.bat"
C:\Windows\system32\reg.exe
REG QUERY "HKU\S-1-5-19"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="PDFelement" dir=in action=block program="C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\PDFelement.exe"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall set rule name="PDFelement" new enable=yes
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\drivers\etc\hosts" /a
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\icacls.exe
icacls C:\Windows\system32\drivers\etc\hosts /c /grant "administrators:F"
C:\Windows\system32\attrib.exe
attrib -h -r -s C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "127.0.0.1 account.wondershare.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\timeout.exe
TIMEOUT /t 2
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s fdPHost
Network
| Country | Destination | Domain | Proto |
| N/A | 239.255.255.250:3702 | udp | |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
Files
C:\Windows\system32\drivers\etc\hosts
| MD5 | 676acd944d70c6fa179d7d62939fee11 |
| SHA1 | 6e657ac2df70a9c3c59ba68920f973f999af8af2 |
| SHA256 | 4014edc60be6c2f6aa3bfb22450634e67feb7975c74358de6511e719380e2a2b |
| SHA512 | 031d0830f0c9597e36135f13ba66628e8299874fd21c56193db5a4e63256b9d5e2d073048fc8ff8559f1b40909b99315bc3307a3acf09283f9239111af586112 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-28 09:05
Reported
2024-05-28 09:35
Platform
win10-20240404-en
Max time kernel
155s
Max time network
297s
Command Line
"C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe"
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2332 wrote to memory of 4824 | N/A | C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe | C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp |
| PID 2332 wrote to memory of 4824 | N/A | C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe | C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp |
| PID 2332 wrote to memory of 4824 | N/A | C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe | C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe
"C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe"
C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp" /SL5="$8022C,406307185,377856,C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
Files
memory/2332-1-0x0000000000400000-0x0000000000466000-memory.dmp
memory/2332-2-0x0000000000401000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp
| MD5 | 7da9e674df69abd9ea37759510b29c99 |
| SHA1 | 0235edc5c1fe57b1a046b33a96b1c3462c158a4c |
| SHA256 | c5e268d3108185eea0e379c5f53c6dde71cb3d3ea5a23ab974a4e8c0110c846b |
| SHA512 | ddc08187733444a7f047ae616afe76bc6b0c8c05d2829f947ad10d3cef820e9c2c2f1322425517124525717de928fe3b85a6d39da52e12f3aec89f034011405f |
memory/4824-7-0x0000000000400000-0x00000000005B1000-memory.dmp
memory/2332-13-0x0000000000400000-0x0000000000466000-memory.dmp
memory/4824-14-0x0000000000400000-0x00000000005B1000-memory.dmp
memory/4824-19-0x0000000000400000-0x00000000005B1000-memory.dmp
memory/2332-20-0x0000000000400000-0x0000000000466000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-28 09:05
Reported
2024-05-28 09:32
Platform
win10-20240404-en
Max time kernel
137s
Max time network
163s
Command Line
"C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\pdfelement-pro_full5239.exe"
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.HLP | C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe | N/A |
| File created | C:\Windows\system32\PEPrinterMonitor.dll | C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe | N/A |
| File opened for modification | C:\Windows\system32\PEPrinterMonitor.dll | C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT5.DLL | C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\PS5UI.DLL | C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\PECRT32.dll | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Windows\SysWOW64\is-FJS6G.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\PDFCREAT.PPD | C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.NTF | C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\Resources\CMap\is-RVNC9.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\WSIDAuth\PricePageStdTabBtn\is-SPUK4.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Components\PageTurnBorder\is-8J701.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\PageMenus\ImageCopy\is-PAEGN.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Product\ProductIco\is-0443D.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Annots\PdfLineEndStyleStartClose\is-EOSQE.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\WSIDAuth\VipGridColumnHeader\is-QAGVH.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Document\IconRotateLeft\is-QM46C.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Product\ProductIco\is-E4NQR.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File opened for modification | C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Zip.dll | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\MainMenu\FileMenu\is-5VCI5.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Annots\BorderStyleDash3\is-ITMTB.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Certificate\AddCertBtn\is-UCAPE.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\PageMenus\ImageBringToFront\is-489MD.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\ToolboxMain\DataExtractGlyph\is-GC2N3.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Uninstall\FormBlackIcon\is-HFKR8.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\is-08CR1.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Annots\AttachmentTypeTag12\is-B16TU.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Portfolio\PortfolioMenu\is-LVK4R.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\MainMenu\FileMenu\is-4328S.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Mobile\MobileBottomContentChs\is-J6N4L.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\PageMenus\ImageExtractImage\is-IHC3N.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Ribbon\RibbonDropDownArrow\is-97VNH.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\is-0EIPU.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File opened for modification | C:\Program Files\Wondershare\PDFelement\Addins\EXP_PDF.DLL | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\CMAP\is-5K5HS.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\FilePanels\ImgTaskStatus\is-6P0V2.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Menu\MenuExportToImageGlyph\is-MUVBM.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Menu\MenuExpandGlyph\is-R02DB.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File opened for modification | C:\Program Files\Wondershare\PDFelement\api-ms-win-crt-locale-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\Resources\CMap\is-VL2SF.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\SkinForm\is-EA5CH.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\is-RAIO2.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Home\RecentItemIconGlyph\is-7E00H.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Portfolio\PortfolioSplitterGlyph\is-FP4BE.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Ribbon\FormAlignRightGlyph\is-1HG4C.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File opened for modification | C:\Program Files\Wondershare\PDFelement\data_api.dll | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\AboutLeftLogoChsBiz\is-V25HC.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Certificate\DeleteCertGlyph\is-RFL3F.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Document\IconAlignRight\is-TSVTI.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\is-PJAVJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\PagesRotation\Rotate0Glyph\is-BSJCT.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Trials\NewVersionNoteImg2\is-MICNA.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Languages\PDFelement\is-96ELE.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Signature\MenuClearSignature\is-D6RC9.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Annots\PdfLineEndStyleStartCircle\is-29U1I.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\Splitter\is-IE1QH.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Product\ProductIco\is-8EVT8.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Feedback\FeedbackTopRightBgk\is-7JQHT.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Menu\MenuInsertBlankPagesGlyph\is-60V33.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Sign\SignEraserBtnGlyph\is-3CRAI.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\AdvancedSearch\IconSearch\is-RNJ63.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Settings\SettingOcrOverTips\is-QEMVO.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\WSIDAuth\VipProductTypeTrialBigGly\is-B4F24.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Components\EyeButton\is-UA6RD.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Menu\MenuZoomOutGlyph\is-SFDT6.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\MessageCenter\MessageRadioButton\is-OBBGU.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\NPS\NPSForm\is-KA4Q1.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\WSIDAuth\VerifyEmailImage\is-U7449.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\CMAP\is-SBJJA.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\Product\ProductBackground\is-84DL5.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\CMAP\is-5OMTG.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Ribbon\RibbonHeaderFooterGlyph\is-G7QS9.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| File created | C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\NoCaptionRectForm\is-B4BFE.tmp | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\Ldr64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\_isetup\_setup64.tmp | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe | N/A |
| N/A | N/A | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\FileAssociation.exe | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\RuntimeVersion = "v4.0.30319" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\ = "mscoree.dll" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\CodeBase = "File:///C:/Program Files/Common Files/Wondershare/PDFelement/AddIns/PEOfficeAddIn_x64.dll" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32 | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\Class = "dmd" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\Class = "dmd" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Shell Extensions/PEShellContextMenu.exe" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\CodeBase = "File:///C:/Program Files/Common Files/Wondershare/PDFelement/AddIns/PEOfficeAddIn_x64.dll" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\ = "mscoree.dll" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Shell Extensions/PEShellContextMenu.exe" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\Class = "PEOfficeAddIn.Connect" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\RuntimeVersion = "v4.0.30319" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\RuntimeVersion = "v2.0.50727" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\Assembly = "PEShellContextMenu, Version=8.0.0.10, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\RuntimeVersion = "v2.0.50727" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Preview/1.0.0.55/PEPreview4.DLL" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}\InprocServer32\ = "C:\\Program Files\\Common Files\\Wondershare\\PDFelement\\Preview\\1.0.0.55\\PDFThumbnailHandler.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\Assembly = "PEOfficeAddIn, Version=1.0.6860.23340, Culture=neutral, PublicKeyToken=null" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\Assembly = "PEOfficeAddIn, Version=1.0.6860.23340, Culture=neutral, PublicKeyToken=null" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Preview/1.0.0.55/PEPreview4.DLL" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\Class = "PE.Preview.PDF.PDFPreview" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\ThreadingModel = "Both" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\ = "mscoree.dll" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\ThreadingModel = "Both" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10 | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\RuntimeVersion = "v4.0.30319" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\Class = "PEOfficeAddIn.Connect" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\Assembly = "PEShellContextMenu, Version=8.0.0.10, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\ThreadingModel = "Both" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32 | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340 | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6860.23340\RuntimeVersion = "v4.0.30319" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\ = "mscoree.dll" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\Class = "PE.Preview.PDF.PDFPreview" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomain = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "799" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\Implemented Categories | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\ThreadingModel = "Both" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}\0 = ".NET Category" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{84E153C2-0254-3298-A4E5-35F5F8220EEC}\1.0.0.55\RuntimeVersion = "v4.0.30319" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "163" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\wspe8\Shell\Open | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PDFelement.AssocFile.PDF\DefaultIcon | C:\Program Files\Wondershare\PDFelement\FileAssociation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Implemented Categories | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "200" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\ProgId | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\8.0.0.10\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Shell Extensions/PEShellContextMenu.exe" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{815baf99-0c5d-4fa8-8ccd-1129ee6d25bb} | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{84E153C2-0254-3298-A4E5-35F5F8220EEC}\1.0.0.55 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\consentmanager.net\NumberOfSu = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PDFelement.AssocFile.PDF\DefaultIcon\ = "C:\\Program Files\\Wondershare\\PDFelement\\projectfile.ico" | C:\Program Files\Wondershare\PDFelement\FileAssociation.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a00d65b5e1b0da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PEOfficeAddIn.Connect | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PE.Preview.PDF.PDFPreview\CLSID\ = "{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\1.0.0.55\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cdn.consentmanager.net | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "717" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\InprocServer32\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0A87A3CC-494E-37FC-863B-18EFFCD7B791}\1.0.0.55\CodeBase = "file:///C:/Program Files/Common Files/Wondershare/PDFelement/Preview/1.0.0.55/PEPreview4.DLL" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\wspe8\ = "Wondershare PDFelement" | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\Class = "PEOfficeAddIn.Connect" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ea6c980d-7823-3752-88ac-d43b3a873d20}\InprocServer32\ = "mscoree.dll" | C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "8158" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}\ = "PDF Thumbnail Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}\ = "{DF83C4E9-D71A-4411-A9CD-1130412C5FC0}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.youtube.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\consentmanager.net\NumberOfSu = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PDFelement.AssocFile.PDF\shell\open\FriendlyAppName = "Wondershare PDFelement" | C:\Program Files\Wondershare\PDFelement\FileAssociation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Icon = "%SystemRoot%\\SysWow64\\fontext.dll,10" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\wondershare.com\Total = "50" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}\Icon = "%SystemRoot%\\system32\\fontext.dll,10" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0A87A3CC-494E-37FC-863B-18EFFCD7B791}\1.0.0.55\Assembly = "PEPreview4, Version=1.0.0.55, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0AB6CE26-ED92-47B3-AC4A-24BCECE80A53}\InprocServer32\1.0.6859.32006\ = "mscoree.dll" | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C | C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95 | C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
| N/A | N/A | C:\Program Files\Wondershare\PDFelement\PDFelement.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\pdfelement-pro_full5239.exe
"C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\pdfelement-pro_full5239.exe"
C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp
"C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp" /SL5="$70214,131334917,477184,C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\pdfelement-pro_full5239.exe"
C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\Ldr64.exe
"C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\Ldr64.exe" set64
C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\_isetup\_setup64.tmp
helper 105 0x294
C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe
"C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe"
C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe
"C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe"
C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe
"C:\Program Files\Common Files\Wondershare\PDFelement\Shell Extensions\PEShellContextMenu.exe"
C:\Program Files\Wondershare\PDFelement\FileAssociation.exe
"C:\Program Files\Wondershare\PDFelement\FileAssociation.exe" /a .pdf "C:\Program Files\Wondershare\PDFelement\PDFelement.exe" "C:\Program Files\Wondershare\PDFelement\projectfile.ico" /FriendlyAppName "Wondershare PDFelement"
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe
"C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe" /log "C:\Users\Admin\AppData\Roaming\Wondershare\PDFelement\log\InstallVirtualPrinter.log" /dvrname "Wondershare PDFelement" /prtname "Wondershare PDFelement" /monname "Wondershare PDFelement Monitor" /monport "Wondershare PDFelement Port" /monfile "PEPrinterMonitor.dll"
C:\Windows\system32\sc.exe
"C:\Windows\system32\sc.exe" start Spooler
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" /codebase "C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PEPreview4.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" /codebase "C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PEPreview4.dll"
C:\Windows\system32\regsvr32.exe
"regsvr32.exe" /s "C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PDFThumbnailHandler.dll"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" C:\Program Files\Wondershare\PDFelement\PDFelement.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Program Files\Wondershare\PDFelement\PDFelement.exe
"C:\Program Files\Wondershare\PDFelement\PDFelement.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\9523d8c2bde04a95b8649768920b2b4f /t 5972 /p 6112
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cbs.wondershare.com | udp |
| DE | 8.209.73.211:80 | cbs.wondershare.com | tcp |
| DE | 8.209.73.211:80 | cbs.wondershare.com | tcp |
| US | 8.8.8.8:53 | pdf.wondershare.com | udp |
| US | 8.8.8.8:53 | 211.73.209.8.in-addr.arpa | udp |
| BE | 23.14.90.75:443 | pdf.wondershare.com | tcp |
| BE | 23.14.90.75:443 | pdf.wondershare.com | tcp |
| US | 8.8.8.8:53 | neveragain.allstatics.com | udp |
| US | 8.8.8.8:53 | www.wondershare.com | udp |
| US | 8.8.8.8:53 | dc-static.wondershare.cc | udp |
| US | 8.8.8.8:53 | 75.90.14.23.in-addr.arpa | udp |
| BE | 23.14.90.91:443 | neveragain.allstatics.com | tcp |
| BE | 23.14.90.91:443 | neveragain.allstatics.com | tcp |
| BE | 23.14.90.91:443 | neveragain.allstatics.com | tcp |
| BE | 23.14.90.91:443 | neveragain.allstatics.com | tcp |
| BE | 23.14.90.91:443 | neveragain.allstatics.com | tcp |
| BE | 23.14.90.91:443 | neveragain.allstatics.com | tcp |
| US | 8.8.8.8:53 | images.wondershare.com | udp |
| BE | 23.14.90.75:443 | images.wondershare.com | tcp |
| BE | 23.14.90.75:443 | images.wondershare.com | tcp |
| BE | 23.14.90.75:443 | images.wondershare.com | tcp |
| BE | 23.14.90.75:443 | images.wondershare.com | tcp |
| BE | 23.14.90.75:443 | images.wondershare.com | tcp |
| BE | 23.14.90.75:443 | images.wondershare.com | tcp |
| BE | 23.14.90.112:443 | images.wondershare.com | tcp |
| BE | 23.14.90.112:443 | images.wondershare.com | tcp |
| BE | 23.14.90.112:443 | images.wondershare.com | tcp |
| BE | 23.14.90.112:443 | images.wondershare.com | tcp |
| BE | 23.14.90.112:443 | images.wondershare.com | tcp |
| BE | 23.14.90.112:443 | images.wondershare.com | tcp |
| US | 163.181.154.238:443 | dc-static.wondershare.cc | tcp |
| US | 163.181.154.238:443 | dc-static.wondershare.cc | tcp |
| US | 163.181.154.238:443 | dc-static.wondershare.cc | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 142.250.74.238:443 | www.youtube.com | tcp |
| FR | 142.250.74.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.crazyegg.com | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| GB | 195.181.164.17:443 | cdn.consentmanager.net | tcp |
| GB | 195.181.164.17:443 | cdn.consentmanager.net | tcp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | 17.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.147.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| DE | 87.230.98.78:443 | delivery.consentmanager.net | tcp |
| DE | 87.230.98.78:443 | delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | z.asbmit.com | udp |
| US | 8.8.8.8:53 | ad.admitad.com | udp |
| US | 8.8.8.8:53 | lenkmio.com | udp |
| US | 8.8.8.8:53 | pafutos.com | udp |
| DE | 185.26.99.58:443 | pafutos.com | tcp |
| DE | 185.26.99.58:443 | pafutos.com | tcp |
| US | 8.8.8.8:53 | tjzuh.com | udp |
| DE | 185.26.99.58:443 | tjzuh.com | tcp |
| DE | 185.26.99.58:443 | tjzuh.com | tcp |
| DE | 185.26.99.247:443 | tjzuh.com | tcp |
| DE | 185.26.99.247:443 | tjzuh.com | tcp |
| US | 8.8.8.8:53 | analytics.webgains.io | udp |
| US | 8.8.8.8:53 | www.dwin1.com | udp |
| US | 8.8.8.8:53 | www.linkconnector.com | udp |
| DE | 185.26.99.58:443 | tjzuh.com | tcp |
| DE | 185.26.99.58:443 | tjzuh.com | tcp |
| US | 8.8.8.8:53 | utt.impactcdn.com | udp |
| US | 8.8.8.8:53 | trk.indoleads.com | udp |
| US | 8.8.8.8:53 | tag.rmp.rakuten.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 185.26.99.247:443 | tjzuh.com | tcp |
| DE | 185.26.99.247:443 | tjzuh.com | tcp |
| GB | 18.165.160.12:443 | analytics.webgains.io | tcp |
| GB | 18.165.160.12:443 | analytics.webgains.io | tcp |
| US | 104.22.49.169:443 | www.linkconnector.com | tcp |
| US | 104.22.49.169:443 | www.linkconnector.com | tcp |
| US | 35.186.249.72:443 | utt.impactcdn.com | tcp |
| US | 35.186.249.72:443 | utt.impactcdn.com | tcp |
| GB | 18.172.89.51:443 | www.dwin1.com | tcp |
| GB | 18.172.89.51:443 | www.dwin1.com | tcp |
| US | 34.102.147.248:443 | tag.rmp.rakuten.com | tcp |
| US | 34.102.147.248:443 | tag.rmp.rakuten.com | tcp |
| SG | 104.248.96.70:443 | trk.indoleads.com | tcp |
| SG | 104.248.96.70:443 | trk.indoleads.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 78.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.99.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.249.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.49.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.147.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.96.248.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.159.165.18.in-addr.arpa | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ut.rd.linksynergy.com | udp |
| US | 34.98.67.3:443 | ut.rd.linksynergy.com | tcp |
| US | 34.98.67.3:443 | ut.rd.linksynergy.com | tcp |
| US | 8.8.8.8:53 | lantern.roeyecdn.com | udp |
| GB | 18.172.89.18:443 | lantern.roeyecdn.com | tcp |
| GB | 18.172.89.18:443 | lantern.roeyecdn.com | tcp |
| US | 8.8.8.8:53 | www.wepowerconnections.com | udp |
| US | 8.8.8.8:53 | lantern.roeye.com | udp |
| BE | 104.68.67.19:443 | www.wepowerconnections.com | tcp |
| BE | 104.68.67.19:443 | www.wepowerconnections.com | tcp |
| IE | 54.75.234.246:443 | lantern.roeye.com | tcp |
| IE | 54.75.234.246:443 | lantern.roeye.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 18.165.156.46:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.67.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.67.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.234.75.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.156.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.201.182:443 | i.ytimg.com | tcp |
| FR | 142.250.201.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | app.partnerboost.com | udp |
| US | 8.8.8.8:53 | dc-static.wondershare.com | udp |
| US | 8.8.8.8:53 | ct.capterra.com | udp |
| US | 2.17.251.40:443 | snap.licdn.com | tcp |
| US | 2.17.251.40:443 | snap.licdn.com | tcp |
| BE | 23.14.90.112:443 | dc-static.wondershare.com | tcp |
| BE | 23.14.90.112:443 | dc-static.wondershare.com | tcp |
| US | 163.181.154.237:443 | app.partnerboost.com | tcp |
| US | 163.181.154.237:443 | app.partnerboost.com | tcp |
| US | 104.18.16.169:443 | ct.capterra.com | tcp |
| US | 104.18.16.169:443 | ct.capterra.com | tcp |
| BE | 23.14.90.75:443 | dc-static.wondershare.com | tcp |
| BE | 23.14.90.75:443 | dc-static.wondershare.com | tcp |
| US | 8.8.8.8:53 | b.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.16.18.104.in-addr.arpa | udp |
| DE | 87.230.98.78:443 | b.delivery.consentmanager.net | tcp |
| DE | 87.230.98.78:443 | b.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | dc.wondershare.cc | udp |
| DE | 8.209.73.211:80 | cbs.wondershare.com | tcp |
| US | 47.251.13.49:443 | dc.wondershare.cc | tcp |
| US | 8.8.8.8:53 | 49.13.251.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dc.wondershare.com | udp |
| US | 47.251.13.49:80 | dc.wondershare.com | tcp |
| US | 8.8.8.8:53 | resource.wondershare.com | udp |
| US | 163.181.154.242:80 | resource.wondershare.com | tcp |
| US | 163.181.154.242:80 | resource.wondershare.com | tcp |
| US | 8.8.8.8:53 | 242.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.wondershare.cc | udp |
| DE | 47.254.158.13:443 | api.wondershare.cc | tcp |
| US | 8.8.8.8:53 | pc-api.wondershare.cc | udp |
| N/A | 127.0.0.1:63026 | tcp | |
| N/A | 127.0.0.1:63028 | tcp | |
| DE | 8.209.72.213:443 | pc-api.wondershare.cc | tcp |
| US | 8.8.8.8:53 | 13.158.254.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.72.209.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.251.17.2.in-addr.arpa | udp |
Files
memory/3572-0-0x0000000000400000-0x000000000047E000-memory.dmp
memory/3572-2-0x0000000000401000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-L84OI.tmp\pdfelement-pro_full5239.tmp
| MD5 | f65d8be148defb31e1fac001288156dc |
| SHA1 | 524b5c2b2cebd42a96ac89df25f976169e9f9217 |
| SHA256 | a3a7791221615645abd6ee8119a1a43408536aa8be710f2442a2d49131ef5dff |
| SHA512 | 6108b6dbd2ae57b16dc846e77c71abc61a9bd91fee542fee3a0a771a369bb4294b958427177d9a0b07422b9cbaa228770a701d3e2749f4d72f3f9a368a180886 |
memory/1432-6-0x0000000000400000-0x0000000000584000-memory.dmp
memory/3572-20-0x0000000000400000-0x000000000047E000-memory.dmp
memory/1432-21-0x0000000000400000-0x0000000000584000-memory.dmp
memory/1432-27-0x0000000000400000-0x0000000000584000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\PEInstallHelper.dll
| MD5 | 650afaaba451c668629dd01248c81264 |
| SHA1 | 623f583d82aefae7691afedc077a6684d536a545 |
| SHA256 | ec3dd19d446eaf62d396d65029c1c627205bd1fd33608e122be7f4d8af7b5ad4 |
| SHA512 | 3476bfa801e506ae3c9afd6861519b9a3782e70566ef6df49dc01f605f70fc990a7b59dd8e19b99caa937dbd75bbbfd4246b2e4e6a995e70290cef603c995511 |
C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\Ldr64.exe
| MD5 | eb674cd25c8e1c4ee42d09cdb614f580 |
| SHA1 | 4be17ac8b14649393e17dda0caf36f31e03fc89a |
| SHA256 | 05dcb1619c0fa52b544b2b17015c17195aea0f60d7c287e49d9b04c428e8b765 |
| SHA512 | beddb522dc83109290357c391a2cd3346a125e55755311e16d3f723765615da418ab464f7574a4b3e2dd30b4c6b1c529841b0b63ad82928fd827a82d16fd2e01 |
C:\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
\Users\Admin\AppData\Local\Temp\is-9P4KF.tmp\WSUtilities.dll
| MD5 | a0cefe160f504402b5148580c5b912bf |
| SHA1 | 3b6c9641a7b2edff1b60bd55b8eeb7c34eab8aee |
| SHA256 | 4333dae45b166e2ec59c49a46ff6abe3342d9191ebafda9b53803e639e33f1d1 |
| SHA512 | a9e9fff977c3e365caf0a5351b07319502a22f6ddf34267e9d77b171dbdce82d6cfb6bb49b7ba4b5c6966d97c3630ff2944a96f32c26819e43ed85b4f15f862d |
C:\Program Files\Wondershare\PDFelement\Customization.xml
| MD5 | 39cb407374b0120604aa033e5cb5024b |
| SHA1 | 1d01096d4e319ab387ea684b7857055da85457f1 |
| SHA256 | 253879c63d3450fdc0d8b4748bf5897d8e0c8d3ba7b111260b45dd931f5d84de |
| SHA512 | 0e825bb7b03e19c9eb22badaa361d10626c82c87c889ad59a9ed78c9bd2fdc4b489d3cb1cd50752d771e8c064793b5361a3ab4d405b460766eee8305db40c454 |
C:\Program Files\Wondershare\PDFelement\is-4IESB.tmp
| MD5 | a70491f336626d0e533cb69ec59c9b63 |
| SHA1 | 9b5a25038699abc1bf207755e38876e256f55821 |
| SHA256 | 7323370e83d9d90e08467153d61c0c023891769051bd6656c15bd8b815ff6a8e |
| SHA512 | 6d31507ad0ab1135742054c631c408ec06d8623451eac70ab5ca6553de472e8a0061ad7c7472fd8d0cdde74e5ef382d6c6e89fd2c425805fd498ff1d4007284d |
C:\Program Files\Wondershare\PDFelement\is-DVLU7.tmp
| MD5 | 5295757d4c69e6a41bba69446e7de1f0 |
| SHA1 | c8d0cd0908b2e8dadbd4c0f5ffc8296cd363bc04 |
| SHA256 | 70aec6dca7932e63e7888675bcc3e6a453372720a8ed5e6042398dfd34657bcb |
| SHA512 | 0e2539e3f7b84ad6eb5ff50ff7267a7f6020b86cab9109d4923feed49650b5c4acb9016960b12e99bcec7c09f73a0e5d11f90da3d20b6c5744c6963201f3cf29 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PDFCore.dll
| MD5 | cef6ecd2cc33eaeb8be20f31c60029a3 |
| SHA1 | 88bdfd23bc113c87c0ac7971764ea9b2b7ac5770 |
| SHA256 | 14f51febe15cb98bc739b774f98363239c063950a57880b37e97d3a169c7ed32 |
| SHA512 | 8023197fca85fbf29a803c6c82834a986727face5ade81d5f5a9f275cc69fd78644a77404908ebef81c835e74ca44b787bfa53f1e81602a2355469b0296fa69d |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PEPreview4.dll
| MD5 | 541ca5524bcd654b6c6e7b07e33bb33d |
| SHA1 | a75a4723e51504a11e8cd4552a337bb039135930 |
| SHA256 | 6e08efdb4ed342144f59bdb88b5d6d051864315e499031dff7075f88e2087a4f |
| SHA512 | 92d0322c0557e2243668326f6474457cba9814797fddac55e9c4d5eb46846fea631a820daefad3a3c16c0debb32a074d4845382c5cdd910078717172b24441e1 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PEPreview.dll
| MD5 | bef98ee44d1b3881454a59e8f2e9d07d |
| SHA1 | e9ab35cf56ab9e3f50cd2e1fa504004b43523e34 |
| SHA256 | 6becaf49b50fefe7bc86a11f947424f9f90e89657e82fc92036b08c02b8517ca |
| SHA512 | f21acd61ce06e9e756e5980d824090a56fa575e6e3b688e3e3b52f78e5602ab7371bda5bdf860cf47d7720ddefd3cfe955a51c9b1593f38225adb85ee605777c |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Newtonsoft.Json.dll
| MD5 | b09dd7bc8db1052267b7b2859448f89b |
| SHA1 | b327bff7ab6354e318a4f0bbb8d4501d13813614 |
| SHA256 | b8571bfb694bc5b849fd43044468f7dbf5384f858e561ff72a3a89fac6d43f75 |
| SHA512 | 313b6f48d3bc8e7ee02e259235f0dafbc4a2553cf6ebf54022946714927876836778ff5cf131cc4b458c29de0a53a14c4fc9fed48487d67f43cbe73dbbd6472d |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Core.dll
| MD5 | 1933eff2930539d057e942545a02da2f |
| SHA1 | 9022420d724bdbbf1180632c5a7c7e5425d96716 |
| SHA256 | b76dc4cc4d844296574c0f0703ef4909b1aee7a6927e61d49ea614d3bbac2079 |
| SHA512 | 3151600b54e120a0589a188661579aa7cde1b7b6abc8ffece20a705b47f5f557accd8a4e17ef7b77905defe5259e0cc3fc5e5a0afdc16028f35a84e043e55ea3 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Ctrls.dll
| MD5 | 83886d6d8a98d9e769ad220f85ef8687 |
| SHA1 | dd206bf8bf8b90d5cf1c571bc8be5d994c6a1886 |
| SHA256 | fec19513bd2908f0c96fbff890d17d4726bac26abded6dea3a67234f1db0ff01 |
| SHA512 | e7e40f2c896c545eb9eb9ee9eb034968bffb83322f5149143ddd176cda36957653c048248197d33fd056a75ee4e378c9f76d5e8e4d5cd93b27e27dfcab3be9c3 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Zip.dll
| MD5 | 69b043cfbb033cfe31b10fb95ff36c6b |
| SHA1 | a2b9425366f6c0460949a7f762d31a2415f95047 |
| SHA256 | 11ef85110aa31d42e5e238ebea05969f476fed23c6f40e41d33a882e7147b986 |
| SHA512 | bc9bf3ade6c7013fa9ac234776c70ebd80df1897ff33997d434b7e0f323650b401898fb310ff03d61c98e050bf5caf821fb286afa7123c3117e8a56f5060fde3 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Localization.dll
| MD5 | 0d02b0745fe9f18e25096a5d7a424084 |
| SHA1 | 811df971f147b005a553f4e7509bd697c56c3b61 |
| SHA256 | 91799d0f760e4acea9609e59a1d8e7730aeec1d076eb2f78676d77278bd7442e |
| SHA512 | bdc3c2aadc4441e212d133e61fa3dfe25e4ce9df89806012bed9f76a32b4ca8eba678ada931b3083604f0dcc34d82c6edbef7e20c8a996c5093d9ae72f7c84eb |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Ctrls.Html.dll
| MD5 | 87a67e76e03d6fd70c0cc44aa2d8b748 |
| SHA1 | 90b13a9c9f8e73eb60df333d0b6254db30b9d453 |
| SHA256 | 40cf055c2e6946b3f122ad9befe78f34b14f132516b765f10dda7972ee143037 |
| SHA512 | 189b414125f30b6b33d6122e4048df9fe1991f8fbe168ca624919e6cbb08943b39cca3c42debb06f11bd446eb1ae957f07a8ace8f87b51c8fe97ef9d56d65091 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WUL.Svg.dll
| MD5 | 0ec20eb3746935deea978ce4f97e9485 |
| SHA1 | 64bd0b6cc5b04c8c6c2b42ec300664df7c4c3b03 |
| SHA256 | 6fb79ce0d7901313898f2830fee8198e8c15cd8bb8729fbdd333fb6c5b846beb |
| SHA512 | cf104ef5259d670b7a6f7203e05131ee6325234ecca464eb7d2a702933a4ff0f9523e4833086365ce9119532c4485daa2ffe2796b418d9d5dd949142a5eb50b6 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\icudt.dll
| MD5 | b31557acc49af7fa82fe5760cf3cc535 |
| SHA1 | bed2c51fa94d3c64e3b1c0ec1ada42f6aee6953f |
| SHA256 | fa2baca478445a68c31d2d735730615e48189aeb73964bbca95fc4b5bc32c4de |
| SHA512 | 45d272f433d71ffd169fe3e230bf1818bf652978da038b97a9ce9069acc88c74a5cf69ba1e51417976b0dd14f729673e0a3c5b15e807edfecf9a52bb795d7dd4 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\libPdfCore.dll
| MD5 | a3a2dfac7c5829542c3f6a6d8e81fed9 |
| SHA1 | ac0bbaaabd970ee264f56de5cea6d11079dccd1f |
| SHA256 | de6f8c77f6e65fbb5cdfbf4493141c75a1e4588dbf41d4247722ff9c2628eee1 |
| SHA512 | 1b731aabf305a34ef4139cde406ecc66fda178f91b17e1b9e9b128a47f36c7678b118e080162a5f64502feaa956d5be861a8d6071e418011d42551bbd8d39333 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\WsAP-PDFelement.dll
| MD5 | 17af6e2cf33d01a7429414b4cd8c08da |
| SHA1 | 0eb8d56d94c85f42618fddff43610fc6739d4027 |
| SHA256 | e81e88fa4adc7dfc18e40958819252c9def3d04a9c10b6ec5cbfaf82c7aa125a |
| SHA512 | 569e5b343876107a398d5a53e9623138ca4907fcd6182a64b6419b661e12e8f09453b8daf58d11fe4ed30a538418dc0cff640f060ac0913904e1eafe51b034f6 |
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\PEPrinterMonitor.dll
| MD5 | 9dcb0351332621c00c7dfafcde6df3ad |
| SHA1 | cf53a36158bca80ec89a8e276f661c6a63831d05 |
| SHA256 | 011f682171bf61ee6000b1f921fa98647701bb11b11c86188c4395f1b955bd12 |
| SHA512 | 0993493d221098ecbe2327eee7a43b1a122f094b467ef0b00476cb49e93c15b4ba7b982ae269203f64c3ca8245951d0b371e03bcaf25762f4bfeda78b602253b |
memory/1432-339-0x0000000000400000-0x0000000000584000-memory.dmp
C:\Program Files\Wondershare\PDFelement\SolidFramework\Win64\Resources\is-K5J28.tmp
| MD5 | c83ac04eb75e390fa0c9465ca66ae0fd |
| SHA1 | 4331410d4a59c1fbd8c46e609bfac5bbaba0f883 |
| SHA256 | 949bfa729dfe77987a0da8d85bd24f272da512ece48b435e702f797f24f9038d |
| SHA512 | 2ad6924bdb903d4ad5c1a60e79fa64901c4c89075aa67e806a23442ab16ba1931e02d90881e4cdd3b9f7eeae1fc68d07d8bc11fb0e35209aa9724fb8071d78ce |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\Edit\is-DSF8T.tmp
| MD5 | 2ee16bf1472ce9c1253899d537588ac4 |
| SHA1 | 2e432b9b4de7dde3cb6be36a190cecb655f73791 |
| SHA256 | 1576511d43700b606ffb5de707898e11d485886a152a1ce6633a87484c0b5c60 |
| SHA512 | 26ec79cfcf7b4ecf77a9b92ec2f1c1e0107f0633b0448d9432575c03c5cd568e18b524c562d454898283c2f7ce6b02ed927346152462996016f09610a22476a0 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\NoCaptionRectForm\is-8JKMR.tmp
| MD5 | 59f52ac368b851795d6a21dc41889d42 |
| SHA1 | f735989728c84b159bc784055b5d9f7ab5643ede |
| SHA256 | 34eec78b34c3eb9b1627c6e0ad5cb738764df40adbfd59969fd998a711ae3ef9 |
| SHA512 | ef118a27ba8007307a693def3237fe9d43b23370e3919b2325c1833d6b8d756d94b8efd68e1693bb7a53f78f248bbe30ddbc48d65c14037c154973222b495fa4 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\NoCaptionRectForm\is-4VUIE.tmp
| MD5 | fcf4a918896fec7d200855b38d35e8d5 |
| SHA1 | f10ff3614091040c6443f5004810927f3e8703f0 |
| SHA256 | 184c8316b4c6d4e61b6c77fcb2ab6362fcb6e39e71f549022775c523c587ec0a |
| SHA512 | 98f17adeb930aeb4f5cda42cda047b4c40f86c94eb2b0f27e1a95c48ab9a3bdb667daec987e91839bff40d1e8398e3789a23aa02b240c84cf808cdfe32c8f43d |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\NoCaptionRectForm\is-MSO5L.tmp
| MD5 | b694479ae142aceb1472822be9a7b058 |
| SHA1 | b085cfc0abe85883c78c86f62ce43129a935a5f3 |
| SHA256 | fdece11232f8a0322aadf12b9b400f45ee08f24f177ac454b37a559c435a41d0 |
| SHA512 | 3191eabb1a65a8e2c9de6008f580cbe95f8669d85464c384afc2b17485c4377f33f6f1bbe0f7aaa765637d4c6156a1dfca243dcd54381d4e0483684ccf9018ec |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\NoCaptionSkinForm\is-0BNNI.tmp
| MD5 | 8d8906c16ca23026059a4e04f7b29b86 |
| SHA1 | b34221447a772118749af8d8bbe96a0678e60804 |
| SHA256 | bd9bc22139791579f1f1ac59896c950c5547f2425e437799386d6ab4de726813 |
| SHA512 | 78502bb9584210fb859295338c8f998b5cae20e06e0ced3ad12d0b39bd072ff9d0e186e8edcd9657b78b04c580ef1a5dccaa9d3f37055f48483d9a1bb856a17c |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Controls\SkinForm\is-GMRFN.tmp
| MD5 | cad87deacc9ba636f7783aec9615c002 |
| SHA1 | 228b0527623dd4821da33c3473f5045d19416d22 |
| SHA256 | 25535e5bd695de49282e286f5ef0480f790f774ca19eb960e5973c13f4d1dd86 |
| SHA512 | f0aee82c065312cc6166a0c9b55fe0e48771610aff62df45e9f43da66cd27f6555b20dea4d2acb1f889ee5fd809fd780a5d47e25ce90bf285d9343f60ac4a625 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\FilePanels\FileItemCheckedNoHot\is-D341I.tmp
| MD5 | b5922581016b1751d29a0d929f32b339 |
| SHA1 | 200aad95c8fbdef26db66aabc11bca607b9f690c |
| SHA256 | e14200823b2c0ef2572ef3f20dbb804680b4e217b3873415a0d90bd74e217085 |
| SHA512 | f2409f134e44d613d929a9caf97107b59daeda0cb52d0ca0a3f69895e3745c80931d02cc15f138e08f6d08130bb8e6bb4b9b137d4a30061262ec0f1f3f023515 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-JM4E5.tmp
| MD5 | a5cbc43b1792c4dfd1340d04cf51a3b4 |
| SHA1 | 165b5c20ce48097d0d85de0be7b1a7b6b0dae06a |
| SHA256 | 34f5bd5e4e24142156e1358c8a33269a259628457940dbdbad615ca48894c002 |
| SHA512 | b878e330583fbef81ec5ae3690e01b8de69be534eaef90c89af9616b2e704d8aa0865694d4a4a7f707e14c4318279797ff6f308f592869e793ee32f3cc3c76da |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-2291D.tmp
| MD5 | 0054139a6b6b074bbb0cb80d8aa093bb |
| SHA1 | 1ddb29a9c4695c82e4e894ca33efb258d21bc59f |
| SHA256 | ad3d5541e38aef8b401d690364ad5922152e271c863df06fce7198598bdf34fa |
| SHA512 | b769848fd5e02f48032a8d8e8d32024503da67d69b168e74e041139096c01eab7c1362a10060c7d3c29540849d1227be2c8c95d710afcc8627c82567ee89b9cb |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-307KV.tmp
| MD5 | 4bcc8de11c9687c3e1858c3e875d3b53 |
| SHA1 | 9a82851bb487bc9af6497f010fce04789b6a277b |
| SHA256 | 48f0b6c1ede931d8af598fdc96ed619cb7ad7ca2fc1062392967d22890dc44c3 |
| SHA512 | c4346b4d3844481c70f6b29828691a89d49ffdd99d35e072d98f370cc428b3b1fa2a62d9390a3a4d7f015af1064712e6edb8dc61fb9512302266f306df642b94 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-JNEMV.tmp
| MD5 | 695c7c51022bd592ec256a9ab29ae1a2 |
| SHA1 | 5b6efccffe8a2cf77acdbfb3cede06da1ca63e4e |
| SHA256 | b80fd79b412cd671d397cd738e94cd24123b56f99c6ccfecbe19a1409393ab17 |
| SHA512 | b69ab8cdd76bc402b8897b52b76df653c5af99dbbfbd24c18a43fb13e9c27572412227d406958f782cdd59548284068189910d24f14f544b0f7a7e7eff020986 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Main\MainForm\is-LR02B.tmp
| MD5 | 12fa328ce5b86a4eb7821bbf042c94ad |
| SHA1 | 4804fee5012cc9011c778d0339778e3c584ae7d9 |
| SHA256 | f913990aee5f2a9d1ef48ad54bc86a3cff645928cdb41a07bfbc4d90c50a6ed7 |
| SHA512 | afeb9341b6c367f5f1386faeb0da4fc3fd2b75184d1a1bc2a7c0b2764f0e493d4ae041c033cdda750eb8d8a8e74a512b5749ffbfb1a15b8eed1d126b9b527245 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\MainMenu\FileMenu\is-S9C5S.tmp
| MD5 | 1db15455fd9110dd0e956c1535e38df5 |
| SHA1 | d4b4fecf997dbd8e9c7b49f39a08c59bb6012e43 |
| SHA256 | 303087c6a25b3e36ba4df28624442d6c967f8bcfa902886843eb35edaf6a44e9 |
| SHA512 | e291d05a657fae6d4ee6216edb228d48af34604dc47a214c4e5b00be09ca6dcd01351cb476ca295b7be1ee4085dcf7b50fa1203c58d0b0039f8e15529077f752 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\MessageBar\MessageBarBtn\is-F9LMQ.tmp
| MD5 | e51927b0b2ddff65ba96d8abcc8e1a8c |
| SHA1 | d34c3877bb37ce0b82a8390b22a283fceed642fb |
| SHA256 | e7d60213e0f519d9e6668a7a1a0465989c0d13d2db1477b7acfd05ba8bdb2a1c |
| SHA512 | afff86c6394ac4434ecfc5e79bf46f53112d7dc64d96a6878a12fa4aa524b35a0c75589e8637395417fa20563029bf742ebca330daf192012673cb45b90fd3c0 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\Portfolio\PortfolioMenu\is-DPP49.tmp
| MD5 | 0a58a0fd6f6f8b8d11fac7c1c4ea065f |
| SHA1 | 4c205036f90f649268f71dcd8ca0a5c8aef92352 |
| SHA256 | ff68c3c7a515c086dcb6e34da5b49e6bd88208f67f50fe74f8a9ee9b309cfe01 |
| SHA512 | d518cfcbef2db817a54e95a2efda887330f94cb98e6ab4945863a378991690f35a5d13c7164158b63085c048dfb4b53239cb3760ccd99b43adb18db8c5b5d075 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\SearchPanel\SearchPanelReplaceCheckBox\is-7F0JK.tmp
| MD5 | 813e3e243744698ffcc3a2b947c8bf65 |
| SHA1 | ba5973e70c81c40a1a29b29b33b98b7a0ab4cdd8 |
| SHA256 | 0022d278ce7bf8f59f401d87e869599d42a6dc485a9df71584c102063077800d |
| SHA512 | 9b5a38e84d014d7feb645ee67cdfe329d0afd02def8751bf3683b6b2e833e69b7cec6d32fbd6716073fbc059f837f1990afccc9241634998b713f09eca07bb66 |
memory/1432-4607-0x0000000000400000-0x0000000000584000-memory.dmp
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement\WSIDAuth\PaySucessedGly\is-379KK.tmp
| MD5 | faf0efa2ea320ccc01078568e54b0e9b |
| SHA1 | 0ede513b5198c16c324584dd8c53d06cc42d801c |
| SHA256 | 8c1e9e6e16e3ac4e0d6da92d4f47ea9a23ef31918796663087d8eb069f2c9c31 |
| SHA512 | dffe1666d11cd55e6bc0f92b95ba0cad4fb0179b8747cdecb6ed6a6c2935f1764d1bed2922f2013b8edddcee801995e09723dfe765219157c0fbb9bde15074ad |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SkinForm\is-3HT2H.tmp
| MD5 | b247c6d902af824c09423b0ffeb3e7df |
| SHA1 | a36cd7a62e519e1576b705c1efd504d01154f69a |
| SHA256 | 11b86c587730f11224dca489b53a74bb588e29bec2a1557bfb9d8ed88e25ec3a |
| SHA512 | af3b2bb59d3274f58938a9d3c6b3639f56bfdb52986e3a5dbf8d37417c0f33514296f1ab6506abe23ea00b951cc3f6ab29b5698d1fa077146917e572d32c3c7b |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SkinForm\is-GJBIB.tmp
| MD5 | 458be888a4996fab5f149b540e206d0f |
| SHA1 | 11ddbe2b721c56eabe2c4bf7fcec596b9d320d70 |
| SHA256 | e699646cf7a6373bc41f1ee73729f1a80cc2a880f49533a9d2062a23294cf475 |
| SHA512 | 1ad34e99cb2306d2d833b34565323a210f878a121d363729c9e97ccdca6bdac941ad41f6c85f9ec1e5cf5b98aa2f395a84ac55388721202a1561be4d08f5ba59 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SkinForm\is-9VP0J.tmp
| MD5 | ddfbb9636d3f44a3b6d3933fa0f4f69a |
| SHA1 | a785c47b15692305c57918146f3123a88c9fcfbb |
| SHA256 | 6fe60ee8142a3322e2b7296c2d1764d774b9e873f47ff9b9d1c8e8e3d476d2d4 |
| SHA512 | b145d889214806335a1ed2e68a63b9af040d910d876bea82297eaddb90b11dcfe87971118cf432200744ae6e2c0b64aebbc6d436e88967ef3392550da8e7770b |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SkinForm\is-PUT46.tmp
| MD5 | db376129b4955dd1d0d138ceb63df78e |
| SHA1 | f8944f26704c1539b70fcac59e147a2615d82804 |
| SHA256 | f0c8f73437359bd639588d6d5aca936de0eac65e691000c81702b0a81b605386 |
| SHA512 | cd01f888dd281ff13b523f1f0130f53bc5fd1ff2609241d1b8bf8b16856196f7bc82742c3dc7481e5a2de0f5bd57d47a0f2f1490b8ff3afe406f0053ab5b7d0e |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Controls\SpinEdit\is-GRVFQ.tmp
| MD5 | 01db6c5f5758c6e6edbc6b3245049140 |
| SHA1 | aa7502fbd772eb5073f17264158a24ceebcc2dbf |
| SHA256 | c02e052b508ebe1948317e45fccc33f651fe5d9c027e4656c268c7d79bb61319 |
| SHA512 | c2007982a5a13c630c2a32d1eec815ae44687b6c3a2b356a6ebe92980ff3bd0902e149c40837c59651d914ef1948463240b34a902df3b6c64190d6d4e7bc7db0 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\FilePanels\FileItemCheckedNoHot\is-R1QPM.tmp
| MD5 | 8fdba27687182449859d61b135ce6785 |
| SHA1 | f74d892e3ef8f5d62e8b6dabe5da8d2acdf86935 |
| SHA256 | a7f5de5f0cf27e8bb5baf28ee4341ba312060d330cb5613be078d24a66964c26 |
| SHA512 | 16c5bfbd1f9b4f4dcb30fea6d2b6ceb7419c1111ab099dd919b53e1b0ac2ed5f60483817430907e7b213b25547e798fb3e279a55c089c0ffdfef4d0e6e09e28d |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Home\RecentItemIconGlyph\is-M6GS9.tmp
| MD5 | 43383636ecb82b8d0062368c73055963 |
| SHA1 | d46df158bb54372abfef5e7b218cb654e50d19b3 |
| SHA256 | d8d097b20c1864b6018ad6b7e2778a3eb2fd9be325fad4ddef04ce96eeccab2a |
| SHA512 | 5f615c79fd881cca7f622ff980d27b3fcfa4b3cf3eb259be1b1367833c21e6dbcb48368e57c0e04188fe61a5ce38a2372edf08dedd8d85566f1b26a097d8e5f9 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\AeroMainForm\is-5SE83.tmp
| MD5 | 97ed3681778e96ac18da5ad2b546f437 |
| SHA1 | 025049f614b3ed25c4d5064850592d8d38e7836b |
| SHA256 | dc65fbce07bdbb47d0d7fc5e6e7b8fb32cb44e351e3211ab90f17ea50288348a |
| SHA512 | 51e0f54db1df3d2f0068d6eb3a32d31c3215a1a942e01f46ceefc651011fac2e3d7e42aa4f90ae2253282e5730f975bd1084ca68a2acfbf825dc80a650e8d3a4 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\AeroMainForm\is-OT2HC.tmp
| MD5 | 97333e9ea6f9079b48142988b166f4b6 |
| SHA1 | 837637a2264f672969b57a9453d24ebbc38565ac |
| SHA256 | 022d256c9971c0b47d4379f5c495468dcb16888707e5f2257cc8bd0de5e0f816 |
| SHA512 | 038f7405fd968854ecf32d7c3425421987a4de6df4c1ae846ab9663809a959e9fea655fe6c742931ee6b85ef7cd15f7ab4df62b73aada99d9d40341b16585bef |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\AeroMainForm\is-R4PC2.tmp
| MD5 | 025b29eb9ad51a33644bb5e9ed10ae72 |
| SHA1 | d7c0f002737be9f12670f2e268b05ce7126075f7 |
| SHA256 | 23d7f2da826e99a51efcdf5bb8c5185c8be9c6694d289c2aeec83f2455fc58bb |
| SHA512 | 0daa656efd7f90752ee4d900c641ae472590814c3d8e5ea515ebe83b10a22ccad58a0cd4f573b2552de55f60706ba7e0dcaec1af3b63398315ea4bbf01f1c2a2 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\DocTabControl\is-KJF6G.tmp
| MD5 | dacc24e102c7d718581e81ebb6b41cb8 |
| SHA1 | 847464e37c7f67b0567807f7bdb3aa2622a2d578 |
| SHA256 | 4542810eb43845a87c0e1ada1e7df8cb8ebe4058755f3d832bc49891f09847ed |
| SHA512 | 87b55264e190db9a60f671b683d407a47b030a8a99c74174f675df54392ef72f8c90a706aaf1eb88d2bc3c78fe9779482c20153380e47566a94fa735b17a1d8c |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Main\MainForm\is-96JKL.tmp
| MD5 | 85f8b42127b421fa7d88bfc1c4668fd9 |
| SHA1 | 79f2b1bf990ccabcbd2b77743b1e6058caa583be |
| SHA256 | e39589f8239c6fd8f703815a79fae72cf5b45ce5df2b34eaae40f3f2859993a9 |
| SHA512 | 40260e69a1eca46a2694907d9a19830b3c93e5e63d7abfa4fffe85eeb77973464abcc1add2b470ad52c2147f539729ca72a7e2c7d805c9b5581156f42127310d |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\MainMenu\FileMenu\is-7NVEG.tmp
| MD5 | b13ab40718810c15bcabe527e4040aac |
| SHA1 | b6578332df7db7f1332fad7c4ea7a6aa2dd7aec2 |
| SHA256 | 09d3f655ca4b448bde388b031f55c47c98e534a5b9f7a02acca98fe124302f7e |
| SHA512 | bd40a5c53215b8126856e8450b8901cca7741c1e32d55412cbc82739a9088587ce645ed75b597aa51aa89a46380bc1ddb62cf689061c817b35187b68d129dbe3 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\MessageBoxes\ErrorIcon\is-V7VTM.tmp
| MD5 | 652a891815f1bc2a536fe66c8c33ae3a |
| SHA1 | 0565af5a62b0b9defb120211e97df5c433594448 |
| SHA256 | 29bbd6f37ececb9230bdb6a6535973b2d161c41fe2cc3f0b08a662c76959237e |
| SHA512 | 5b5053aa6d02a9bb4c4b0283c1654198459e6cdd7dc55719d314989630edb191879eb0cfe08f9c589caf179a073cff7adf26cdf0ebf54973c1f89e7e6f1b7a1a |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Mobile\MobileCheckBox\is-FCEIF.tmp
| MD5 | 3e4691bfb9848223ba99df02c20fddbd |
| SHA1 | 5098b0850c3779f4e557d806f0bdd1c3908bc4bd |
| SHA256 | 70d90be4f4f8772a2c9f16e702a0ccfbb85169e77c427d8e1f552225265288b8 |
| SHA512 | 7d46a691aed6ec00ec365f6b30349d4c94be59a3b381dfcf5f9362d50f25295313894cb5bad61dde806fdec17ed22e81a90dfdaa85788e923c90e810a1a0d34c |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Mobile\MobileCheckBox\is-E21AF.tmp
| MD5 | 10c133ff7ac60a10d69741c8696ca995 |
| SHA1 | ea4b1debc0bb2a895a7d904932abd0bdb1110a45 |
| SHA256 | d34dbd1cbe40996121a415dbc927dfeac64a0efab3c35148b68ecb49a19189ee |
| SHA512 | 98713a8fee5a4c3d7d1fb9b6dc1a94858d2db71b43c0b63fb4567b7ec4aa808732a60244a60dfae32fa00a54a3b267daecf2ecf0482b915fbe8981cddd30cac1 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Portfolio\PortfolioMenu\is-GS8L2.tmp
| MD5 | 8d7191aba73278f1bb89e9c0d38c743a |
| SHA1 | f6fc47f7e5383dfc540f3f5fea3338bd28862d9a |
| SHA256 | f43df0a110575ad6d001d6d89c94adb31f31193a125cf5b75d10e72affe27965 |
| SHA512 | 807edbcebff453aeb760a0663e3002519f2bf49dde883e709f4d3ecffd9d6b47e9053d4f923d6263c4198dbe4df475d76424c2d67f1ecc7265f49f1730ad3959 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\SearchPanel\SearchPanelReplaceCheckBox\is-2J7OI.tmp
| MD5 | 88fc80e4f22b666751f858429c4c6a7d |
| SHA1 | f056875dbd79ca3f0fd86dbf8eef6b8773f7597f |
| SHA256 | 84cbf39fca38f2f027c212fdcbf0e749a2147069a6c638009e425822f2e50863 |
| SHA512 | f95c85882c8085f1eaa6be025bdc3449d29ffc96df8cc24979c3084f5dac9278cb793190dc305f3f553129cda21c2ff566c91e3b55073aeab2a2e21493356c29 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Settings\SettingOcrOverTips\is-DQFDM.tmp
| MD5 | 0927a43e74cc9c9c2431981d467bcc93 |
| SHA1 | a8c63ffd64df48e4ebff5d80a1aca4fa0b1de04e |
| SHA256 | e5f0367c0e944a15ba802ca8c8127705f8abd6e2e779a9196842becd198b95b3 |
| SHA512 | 937d0b205b7fcd985fcfb3d8b2cefd461e7281df11f62c4e8b70522bbf6dc7908da41f42f01e8d9ba1173697a84bb99b37a8bc33a9a986c9b395f07674cef6ea |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Signature\SignNOBigImage\is-U3CU3.tmp
| MD5 | 77f6afb9e650ad69356954663eb09f8b |
| SHA1 | 228ad9bf120fa6a441727b90064eaa95d35cb2f6 |
| SHA256 | 30c63fe7dfb776d168fabd5b1ff78870c5cfa984e485fe424737dbf6bf5ec645 |
| SHA512 | 9c9fcedc14cf3ca95d93d5f5a11ead9dfeebb1e4abc7931f7c48c468c6c1363fc3f31eb270e6a3954e08ce5c9fb660dd58554e4c41f6ce5d781731bedb28c9e2 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\Signature\SignNoSmallImage\is-L5LGT.tmp
| MD5 | bc6b1670e6702aaa7b46ca679121afd6 |
| SHA1 | 168926ae9ee5dc5b3c951949136c54adfbe8af29 |
| SHA256 | beac39f2f76feb9ee8a3fcb2478b1b5fedea692f6f9ff1beef0526f20f6d1c8c |
| SHA512 | 07ab42aa2461fced1bd688cbbcf174f44d0ec918e443ca238e90b3c7e205383ace5037050a9f508e202d7674f317e73b8166edf4f3aa37d7db0ddfdb20a3eee8 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\StatusBar\PageNumberBackground\is-5A7VL.tmp
| MD5 | 57b1a901eeea1357fa2b4a7461947719 |
| SHA1 | 9490d0eeece2bca074b166c91049b359b0391918 |
| SHA256 | cb0d787086e6f404c82aee2bf384db7f2b40eef020fab16de5084594b9254b58 |
| SHA512 | a9d35a49c66f2e55e4298fff9832e04996dfb4f29df4e3b61fae17f28ea34a2ae58029f1a05e78d4805457c48bb42d8d4ebe2437e723cad53a4177c9fce5b7e3 |
C:\Program Files\Wondershare\PDFelement\Skin\PDFelement_dark\WSIDAuth\LoginTextBox\is-S5V4S.tmp
| MD5 | bf3ac3afc247e6141dc733aa5044f722 |
| SHA1 | 25b42d3c3254cd8d4e3a9e8c9028337ff9558569 |
| SHA256 | 7a74c059563836de4e9b2757e34a676456dc324c2a9f4eec0618c9c36001a33e |
| SHA512 | f3596cf48b2075c77bf975a3620029c8e60ecacf5a99ae28fa326251476ddb2a654c03a0e0108193203768777273cff9afd3ad2fb7ab2063a5fc01928d86c642 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\CheckBox\is-31MPC.tmp
| MD5 | f50ed9e5d09a6b6079edb930232db4b1 |
| SHA1 | 16d095b2f7f658d4ed968308b5d31589a521a1ce |
| SHA256 | 458e15295b9056034b52cba1d40f2ec4968bbcb219fc2d5d935eb526e956a2a4 |
| SHA512 | 1760a50129b8f145ff57109aaddd12750e1b5d982fe49762445757c8a94e20ce51c2d1764005697c116de8812f0c56ef4e1cdb8e81bde75b9e0a8c8140d765b9 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ProgressBar\is-6NV45.tmp
| MD5 | e89d8de63957786822e713032b400e4c |
| SHA1 | 55b4be584ca50cb5c5b5a9f3df93cf4769d4d7aa |
| SHA256 | c3326cd6f05121ee9b91894fb5170c4d6b19b1be80a4fa572219ecc8dfd9da7c |
| SHA512 | 3ffd1071e9ee10a08f307ae01c99308f503f8597ca9edca63b32f044f70cc06cfd07c246b55401fe50c29a9bb1ba0cf22fb59583b96622ca09c2b255f86770e1 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\is-M1VGD.tmp
| MD5 | 62cc2bc68c8978e096a58cf330a2ace1 |
| SHA1 | 27741298ef4a80f66430fd85d3412224c03d33a8 |
| SHA256 | 4e6aee0113892460268c920d585aed0b76729807c5be540966bd5f6a5c8e662d |
| SHA512 | ef3357cb75727e69a8f097b3e9fe253f9aadb852689e373ed0c36ba7f9c57ab8ff2ac3be2b7d27e78892a2639f5239e38684d5e6e19c066afc7efd0bba1e75e6 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\is-68LFI.tmp
| MD5 | d9c28630e01bb75c16a8d9ff1f022908 |
| SHA1 | d261f522e767f9a59bdc69c1e50abe09eed1b578 |
| SHA256 | 7fdafd179a23bf9d7e9d886fffc54fbd91d467886eb07ceea49c6810d6af5f22 |
| SHA512 | 4d8cba33574ac3b0bbe328e83c71d2238c72563567b9b265b709a4bfbe85c2f47e5c902acb8cdaff335f907e0d799d9fead22eb94a45ecf4941d2415d25b16bb |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\is-96K7E.tmp
| MD5 | c02593a3d7bc4c2ba798c19bfb4bd8d9 |
| SHA1 | 451ec6b5a62b40d53c7fcd646f4dd9e0fa7efbfc |
| SHA256 | fcda27a4633a60821e0d18fb444945cc3600ce7c41e802d8e681992f795ed25a |
| SHA512 | cb27a9a7f681f6977225ac33d0ded42ec6de1d9309dd4130ae95443f597d5e86e06e059d5b74007804571b37c2391a5cb663b0bde61b3409f2b75ca65f72ab6b |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewFitWidth\is-UPDFS.tmp
| MD5 | 502e2c2b608d8cedebe01b9a754a9d6d |
| SHA1 | 23b40e207c27469d996adeb7019ceedc8022c9c3 |
| SHA256 | c6e32814fd42ccb3217ee42ebd1a83c2c63b76aac22bb37789fd5078361140e8 |
| SHA512 | 30e61215b7b81d9a8b9dfd51e74b8d329ae1c598bb02d32424b63013447d31d450dc44543ff316307d65438bc8a422a59ef1b9d0ee04ab2ff64d9e7f596f40f3 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewSingleGlyph\is-TRCQA.tmp
| MD5 | d228a12379dfb529f9c0b31dc8e37f6b |
| SHA1 | 4ccef3204327fd462f8a4a1484b2f16a728abb30 |
| SHA256 | 3e37d8666772d69095297b0c961877d66387c1cd80bc12529baea62d2f3cab6f |
| SHA512 | 8a21678ecd89a4ec4ca3d8a5a7612834258bb6e8678138ee0afd0d1cd5411cf1d0424186f5ac6ba34044c67e22cad08bc670c41d672440b90eb97d5eebc9d62e |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusButton\is-H7OOQ.tmp
| MD5 | ff3565fe69b2e37977b8210981ed95e6 |
| SHA1 | 8cf48cde5b6442991e01d1530c841cb6d190e9a0 |
| SHA256 | 168aa6a8cac1e4422f8b0a9bffe15b0a16ab5b1d42aaa7b5b7f05ddf9daa5446 |
| SHA512 | 51242ec71f0ec9a6d906075c00da30ae943cb41230f43c7f3ffe5b5508e8615c7d7bef49bf3b776e292b738604598e23bc919a087e266552857cb6986a912f65 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusNextPage\is-FANFQ.tmp
| MD5 | 17a2e8f56f2f8d8a3c81119d9c89a510 |
| SHA1 | 9f88e5b16e7cf9775bf51c98958499329d68ccbb |
| SHA256 | 887cd8b29614fd05b9299fdd5cea9ff0d396f11609f50fafa0dfab71875648a0 |
| SHA512 | b764b9a5e0783353c70c880eb9f2d657d37ecfe1b4ccb2986497483a1f78dfb4a3bdea7a66b0db33f43beef682e500286985b4a79383d2c6bd278d42f0e9dddd |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusPrevPage\is-AI2FE.tmp
| MD5 | ba559f73e766f9d9316aec311e3012aa |
| SHA1 | 7fb4baf18ec17480153392696fa63ad90d8d4f75 |
| SHA256 | 9369c869a261bf6f5abbb65dd0ad11dd41edbf4288f5aa9be1d0f9858d4f5d8b |
| SHA512 | 1000a000d8056fdd4caac99f676c4ba216709505501bc81c90b32f345deaca7be311531cb018ba5c08b819492abc768d17b7506b0cbf491f9f60f422dfb8033b |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomIn\is-F1FEO.tmp
| MD5 | baca8e7fcee3a4c63878f44fc5fe1f8d |
| SHA1 | 3afb6c2697827ee79661a516a8803c95323a80d2 |
| SHA256 | fd02f9f8404ae4a7f7c27e4a12b1e341d93476543cd188ed98db6c3210ff3c14 |
| SHA512 | 0e2831a2c71acc33b7c34456126befd451926c2923011eece2b2a3552b41aec9868a7c1d2ccf3b64d340a53cf973d3b425be818441a8a8edb9296e78ff19dfe0 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Button\Button.wskin
| MD5 | c355258614cf62c2b68ebb3730c31ab4 |
| SHA1 | 17ace59b7e76c6c0432040de94c4324160396d47 |
| SHA256 | 3906eb5907a362b66c1657ac9a40924b67b154031a6c697c9efcfeea391fd397 |
| SHA512 | 28517b9435de85deeb189a3c53036e27c2b6eca68a9c47f5ade08329b202bb0bdcb2d464dd06f3b1b75a698d14d837bbcdad5760fb8b4f57461ee03f4388bdc9 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\CheckBox\CheckBox_Checked.png
| MD5 | 170b516f06c1addcc8a073f9656392df |
| SHA1 | 644da60fb0342c200d5cb12370fcdccc87214857 |
| SHA256 | b2e16e0358921374d57852c31e86534b45a47af8bb21c7ae0a7a6f54ddc694fb |
| SHA512 | a8003fbf46453f345e954a5ea21df450e7eb016460069225943b9504442ea27898235548835be696149bf263240fcd7d1d9d30318113ce9ff76fe6cd22804be2 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Button\Button.svg
| MD5 | 8c590890f360ce56c5c3b61c7902c8b1 |
| SHA1 | 2f59b2e0bd786d8a81f92c8e20895b7d5017ab51 |
| SHA256 | 72c0438f64a47c65970c919e855a7dc9506dbb4b147c25ee3796b13bb5eccb01 |
| SHA512 | a89fed6e2000a911328e3ba3d556717b7243689da985c826497ccafa9510f43f98a29cc0d1eff68ed3cccebd1f660a6ed832c9282e65a201b4c884ed3072366c |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Button\Button.png
| MD5 | ba7c64064ceb4c9ac211b5b281a96d0d |
| SHA1 | 016199a3efa2afe97159ef2b15ba776c589726bf |
| SHA256 | 60a79c6f41416687431b7a68825ece081c320a564cfa0c38b2b316a2ef912492 |
| SHA512 | e0b07cda515f50a4d99b6ae14377df5b92d03345fb2a4fb668ff47031c94c9abffda37e8d8c7c0cbbc68fc0dc1df6fe4c2da4b165bd3176c96a92cb7bf56398f |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Edit\Edit.png
| MD5 | 6d090fb776d2e8a2020d59b9f2e2c74b |
| SHA1 | 9f615739f5ce0add86f45fa4803112c10ddccb60 |
| SHA256 | 369f8970c147c2e3dff6835b379ab3dc7c1c57a60dbb69d3511e10ed6b120cde |
| SHA512 | e460150069821fd710ce661862b1d53c6e5fa797e7e4d69ec4f22462f23d07196a4efedf84426ddfea9edb03f5c4b6bcc92b8756b31f8e11e82d7228d824f799 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\CheckBox\CheckBox_UnChecked.png
| MD5 | 44dbd8d220beb94d4f4ac0369bf12f80 |
| SHA1 | d7ac8f4e5ff0979bd78f8593ed5c673fb9ea1b12 |
| SHA256 | bb70de8ec5b6dd19acc95fdbd3b42ba810e0fca4809482733073021b36d0e8a4 |
| SHA512 | a0fcbbab4e498ad6b2e5a45aa9675c9dd60d09e151c2b24b8b56f1e26bbf19941bf90939ea01726fd150ae17b217cfc1d31586ab160db66b90ee2cf051337589 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomOut\is-KI4I4.tmp
| MD5 | da0860f38460a20b1df68b12db5d709b |
| SHA1 | 59e34a02ebee88a244b00ea26eb346d943e302da |
| SHA256 | c9e1b550bc3b61a76c5f6dafb22143f4b7155de75308a887e220b9d399f426ef |
| SHA512 | 68431816d8db7f5b4b6d4c00d4074f5042c3aed98ab3d2db9fc5ffe9ece269695a4c96d9297bec042bf1adb3f3ba872e56ceb26429cc5b9300132832ece399ec |
memory/1432-8773-0x0000000000400000-0x0000000000584000-memory.dmp
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\Edit\Edit.wskin
| MD5 | f1f835304931d4a937179b9e21f46066 |
| SHA1 | 759e5815768708138ef9c74d24d9e59191bc781b |
| SHA256 | 80bdabcf666cca486a2e799abc7b9fa51696aaa8f8516bb5653042bfc8ac921a |
| SHA512 | f47e94185e4f9757aada2385426f75e745edf3cd54f5049aea9cb7a31a68f08093584462f26b8db3c7daa6b0a0943ecda1d988473efab735b5a5788a5b75fe62 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\MediumButton\MediumButton.png
| MD5 | 6ea31102097fe7cbb13ba56605556671 |
| SHA1 | 87d40bbc639b0e7bf13b7c5716d7894493dae499 |
| SHA256 | 7bf30c184193541480b8ffeaa9659101a39bf2d72338fe6c425e3aaa2679d3d5 |
| SHA512 | a02dc4041f4fa83c266ec2f7b462a0166d48bf8d907d406166b588d4db0493f13e210889abfc45d5ef1bf0ef7ef0ccf7ea90010a942b1ac86260e00e26c9ddb7 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\MediumButton\MediumButton.svg
| MD5 | 9669def171fe650ddabd1530de47f51d |
| SHA1 | 4cdb1e9701b13f6aa75023b6e49c3ed19aa609c0 |
| SHA256 | a8c6c151730fc85d937b2255faae92c5618ddd80ff84a6e8d6a69510d3c0f848 |
| SHA512 | 134e8e78108ebe58e8df46f8a67f193f0f646e21fbcbcafafa8aee225365e9de656aff702ea65f3a2d2c0ee040b7864b36acce79806090229f8a0992c6ebb771 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\MediumButton\MediumButton.wskin
| MD5 | 5b0da6837f359303f690973b393c34d2 |
| SHA1 | da28656914159d4aec3f04fb519d8bb6a0f7db16 |
| SHA256 | 49a45bbc8f23a2cfbca6fe919fe8b5db8bd6c5cbac899ed8957e710f3942f015 |
| SHA512 | 6e32dd2e86dd692a12deff2c1fa6a798a55d1b0eab5e946b10188008f3a5f74401e962b695b4d6743deba836e71be990b5fee37865600066fa897a25b4136b70 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\NoCaptionSkinForm\NoCaptionSkinForm.wskin
| MD5 | 60445f3eb1329b459945a10f8b30d231 |
| SHA1 | 25bc36d77866d1fcc2af8b0f0c2933c32127a3fc |
| SHA256 | 694fcaf578714661f4450dee9de3cffd67aa9a92591f7849e427aa3634802363 |
| SHA512 | 436cd050bfc5b31d73b0a3f62732b1eff9dd8bd57585c27fb02df3b1b35112d2c81c3f97ce2e3071c41c37938e1dc6f3b84c3a9e0b4b1ef7f0f32771040bb723 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\NormalButton\NormalButton.png
| MD5 | 81a5efe9b291d1ea5494662c155fca24 |
| SHA1 | c6b55a746b20220297e233abb5920c6b168cf1c4 |
| SHA256 | a202e1eb5289f8c65935169098a95f3917ec46f6fd1586f47b328d14dee9ab4c |
| SHA512 | 805ca9d416fa2f97c25fc939210a7512023e262e6f9081cb9fb448807766ace9d81ed83c4c442a037aeea56975771683ce516c84caf12b0d1d11c05da25a6364 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\NormalButton\NormalButton.wskin
| MD5 | 89d1b7b15b31b0a69f788422bb08d5d7 |
| SHA1 | d793ad0944e51f8be3089e685f6f3dec4c9062a0 |
| SHA256 | ad30392e1b79a35fbacc5144226ddd1c6a0cdc44786f138a9bea54eace03491d |
| SHA512 | 5e75c953da9f3bb3840df67626d2bad9b1765c61a3a7c6cccbd9d400ed90524dedd0b96fe0d01fece074fd4992eb0aae75b93eba45811d05be121e9e1035b969 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ProgressBar\ProgressBar.png
| MD5 | 7cb6ed874434219d6bdbdc410c203c71 |
| SHA1 | 4048091fb201d7e73604d049261e30c0b1407def |
| SHA256 | 0748728fa125e2b04d50949404b5161bf80bd4dc28468073685ae7b6ce9329ca |
| SHA512 | da64418aa847685550a7cf1c63ea60d09fadc7e9f4757ed14bdc7e695a426b2f553538575bcafc107e2712ca53d444b18b200b88d73599550c9aaebad324e85f |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ProgressBar\ProgressBar.svg
| MD5 | 89c167b175911549ed00f88c9d7abe37 |
| SHA1 | 657e6c877cc38ab23e40f95e2516c95b39971b53 |
| SHA256 | 58b424dd89a3b2551099d3d96fe7f6f2a97cbc4fc07f7859bcd4a519c8b95a9a |
| SHA512 | e9d2eeb6c2cfd547ae4fc96840e3c0f0b13bdbaa7457fec14fe7493520dabee33913989ea5228edbab9bb67b3cc5a25df64289d4b25854c8ee8ce04cbf648861 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\RadioButton_Checked.png
| MD5 | 036f3be175c9c713dbf2dd0eee044f4d |
| SHA1 | 58a0dde4cda725da9abb39b4bf1fee7fcd73fb01 |
| SHA256 | 79af67144aa98692fa1928d7d5c19838ed2db4ceaca83d1615c482a9069ca92c |
| SHA512 | 0e1e61efeb9738b4bd8af190c3d431f069448c5d38835406f6e1ce9b6c9275f00cc8ce7680aab59d1ad8a6156a543d54a52d5f2a0a62c46325b65d2dddb1e608 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\RadioButton_Checked.svg
| MD5 | 10293900935d5967f100d0e778d638a4 |
| SHA1 | 0362490c7003c7a391ef18742ff3a7b52904edbc |
| SHA256 | f1b5c5fe35c952b4ad4ea814441ded0f6c4633e79366e396bfca143f0a77e9cd |
| SHA512 | 2c27fdbc37c28e75a2da44e7aadf7fb9f33e1ee24961b808336f32f9a8969e560acfc19b046ccb54f3e292071cee63c70ea832195f3545e6a061fc73021ab87c |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\RadioButton_UnChecked.png
| MD5 | 8b68a34c8c699adb4fcd6de06b28e97a |
| SHA1 | 690366e716687dfaedb9e69f1deb0d833932b7ab |
| SHA256 | 1bf92b878211cd181a7ad1ee8fc2dce19bef673db5dde1161bdb03400630cdc0 |
| SHA512 | d64e7ca256a1d0d9867ff77625aa34f07e2624259ba6ee9350d48ca1a3454a5f60a2dac21d77664fefbdac88a03a21f20f7bd0bd1ace1e10df7a836143111e03 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\RadioButton\RadioButton_UnChecked.svg
| MD5 | 7b7792eb780d0308d55fc4824a8381f5 |
| SHA1 | 7b2bd8baba1201253f614979984fc1b03902ac96 |
| SHA256 | 9c7c3bf7a219567ad97628691485f8858cab55457706b5fca9339e7632ad9ee3 |
| SHA512 | 246a208ec79fbd8cabb566a4f843dc02622eb5162ecfa342132b0342d6f3efc02f8549680130f1d99b70d920b56044cee91f2819e845476f06429049f24a3cb2 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\ScrollbarHorz.png
| MD5 | dd47bf3b2daf0270bf219fc85b7f8c0a |
| SHA1 | 98fb68b1d086a829deb74f908013d754b376a996 |
| SHA256 | b72bffb8d2894375d052c142f7b0ba401bad232666db2948726e6292b0fe66fa |
| SHA512 | 87bbe1cb3321508ea63e61b9977d63c511cb1a8deb59b5ea939b08881b09d512ffdba2760f51a3284c4957162c2ad0a935ac55e63bdae151b97c470b5b978706 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\ScrollbarHorz.svg
| MD5 | e754688b0a34390a1348ce480afd9a04 |
| SHA1 | fa94cc2b89600c214c177f27aeac0981927845bb |
| SHA256 | 6742a3fcbbbec782f2670d1cc1de61a49219cbb15483ab9bf0a557c2ce307f66 |
| SHA512 | 1d4cd05138f2e64817a02969ec47b459dd4c7d477903861cc8f280b7f6679ca7697351d966582e4149aeb7965ce8e050f29b3c2e6422f4b71e76637e23cfd201 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\ScrollbarVert.png
| MD5 | 39da31d0c71a2f0ed8b18648e5d41249 |
| SHA1 | be077d7b0aad2829d74acad99217f43af39454ea |
| SHA256 | 583a13b80b59ea05fff1617bf126320a4c7f413bb0aff8ff67791729ee3f3626 |
| SHA512 | 87de74f7b52a07dc4ccf5a29624eb95a3688488b6467fc1f0e23c45ea0998797acca8dc27ff0d163c5c348b4e07c38559de72743158af94305b673cb158b6259 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\ScrollBar\ScrollbarVert.svg
| MD5 | c121db36ebb40df32ddb2da1b5ba86c6 |
| SHA1 | 3507f4581464986783acd1fb6f828ad40d2585e0 |
| SHA256 | b882c415ce076d2c53088d6ba4ac9f0988b329a54e0f27c75689915df492f095 |
| SHA512 | 312b7536cdd8db8e87e79a73b6085240f408c86cb1f8fbd355a2d87230c333686e4e5a21d82e6446a4c0d7f3409e9011f8d372e5e549936ec61229608c2f0129 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinForm.png
| MD5 | d3f0d6075e72d7b9ca4451355497c900 |
| SHA1 | e8f476d1e140a1f475638d5a96aecdf1dc728289 |
| SHA256 | 7cf137db7a8b9f791f66ce3b3080748d6c2d44a1fcb7676653330d875d6131b8 |
| SHA512 | 9eca094bb417218a98d86ebbe4eeda26be38355fb0d9405204aae65be8bc62f5e76738500fd9dc02546c8880bb22bbb62c70bde22729987980e52de1d9761a57 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinForm.wskin
| MD5 | 58d5adb315bd16819787d1a572bd78eb |
| SHA1 | 2959306079cdb2a50c7b0f55ddf5535be6ccd074 |
| SHA256 | 25a2f040c7636fb3bb20a3de3923606ef93cae256dad6a967cd7745f990147f2 |
| SHA512 | a356cf2500caa4ccd96c347bfc4660ad774927ab37b05e129c4692eb453c3fab1ee476fdbca3efb91af0d70035666c149b83080e2d068a9899a3a7adeac93ac7 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinFormCloseButton.png
| MD5 | e744313ff8b4364d38e39704eb090881 |
| SHA1 | abe659f72bcae552f36a9c31467a71c8c590db06 |
| SHA256 | 0158f3882ea0f491f362bc246ca5a8fd88ab3cb15389a3e6fce3d9faac585d93 |
| SHA512 | 88caf470daa21ce3f62f600c27c7960f91146bc7ddb22e2b560a1539b0f00f650101075d4dbf41557dfab052ab476ce7b0292fa5c98d3a5001d89d0faa69c394 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinFormMaxButton.png
| MD5 | 88985b69af9b0cd14ba98184b9bc6b21 |
| SHA1 | 20db3ad804a09f73cec7fadede6f1c7ac30b042a |
| SHA256 | 72c258565cbe251cfa8d4a5ec3d44ddecdfa269ede279abb2cb1c48a7bb88ff6 |
| SHA512 | 7f8093e837add62a159313344706b4311a858cf6c59ec96f378df0fa0d6f0d52cdd983a4e68eea52844102954b28e83a041c4cff6301de0a401c9a9b9824fdd8 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinFormMinButton.png
| MD5 | 6e0e9860c072fb5ad4a0ff48b2fb4620 |
| SHA1 | 426056b0f0f186b786d0b9bb4b3c45fb1198ecc2 |
| SHA256 | 2c59c92e53b26674a137dfede5c108316e262762f6142717b4f484fcd5b93de5 |
| SHA512 | 9633dd775d33f07d1db208759e99ca9295d3361b875276d3912fdb192c66ca26bb4489b043f49f4cd97eed70125f135425b86524fd9991538e851f1daae3e457 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SkinForm\SkinFormRestoreButton.png
| MD5 | 4e3e565a6302d18b53224a242ff7f1ba |
| SHA1 | e7041c12df58ee3a84f65e079e55b081db7ceb53 |
| SHA256 | b1f91b0efd5659dd4aea356ea0654397ab7a1ba7de4111b6ffd51942d14e2a2a |
| SHA512 | cace19c14d2ab0ced634deb46c0716b0a533663d229f9551243e70440d8ea304f2e3e557dddeb11e34b13bd793bdfff391890133e067ad1e31e4549295735b24 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit_Button.svg
| MD5 | a0044ba1d97dd4ef0d35c9ebcc338476 |
| SHA1 | fa0880ad64400b6c3109df02d35974b41cbd4574 |
| SHA256 | 5a1b887eb653989cfc52895026b4b7db05a65096a54d473c8c7bbdbe5a81499e |
| SHA512 | 47f8e9a2453ef0bbb530292b111c120f4cfcb38890512f74511132a173beabb44ae3eea3d1ae346a8563078909ec9738ff41a238ae84d5194ca41f1f654211ab |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit_Button.png
| MD5 | ec6c0f8a64d5febd5873b59b55776ec7 |
| SHA1 | 39ea9ba8999edd7c521ac88fadc56b097128c8c6 |
| SHA256 | 632a82957334ab83f08abb6fda3bcedc5ab9e6a69387349bf8969443ab900bae |
| SHA512 | bbd738b57ea1a55fc29f51769d859e485f9d1dc68ba52cbf0f7efd33d1a8d797f3fb552ad1d7507a53aebff922c4aa1b98def7646b7af5bdec1f799a1ad4558b |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit.wskin
| MD5 | a6a7c9d1c8612747bc8a407b3f3fc821 |
| SHA1 | 7651e15ea5cae50c5722aaf802cd7c0436c551a0 |
| SHA256 | 95c4bf6522241e24079b88b6010a288ae0e78fd90dcf9fa8bf0b8581de080e2f |
| SHA512 | e3b18dcd111057385fd3259ce40a2f87c478e9da0ea37aa893879f0df137f1e13265c70c0a7797cbbdc6e6c6d4ba4ae5828730195a7840d0af9bb9fd0ed99a25 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit_DownGlyph.png
| MD5 | ee53eced329d40ac319016dd868c8011 |
| SHA1 | a3ba9a98eba7401930529d52c53c169ccf7a6d5b |
| SHA256 | f8081cebc31784053cc199dd1ced1bf27cf106c127b464586ee82d487289d07d |
| SHA512 | 4bedf790c09dbd152a9617187b50c3b6faadeeb1c7ed34720813417220b0ab2bff8a99256a1fbea714be89910568beb0eaaf2b24fcaf6106db7c5fd851c4343b |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Controls\SpinEdit\SpinEdit_UpGlyph.png
| MD5 | ab6e2db10985e3b4d06e733a686777b6 |
| SHA1 | 6dd84d47107f4fb1254ec3651198936a04783150 |
| SHA256 | 7999a7515e67f5b9c6d50d4469fb46a6a148da9d78e4d7b73c47103228b284e5 |
| SHA512 | 7b88b1bdbe01e138e6a5525d09f2c8ea7db3482d1253d9f46b21c06dbd5e8d3b3c064771214fc96eb2da1105014b252506499eb3430b602df78800aafad51b69 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\RibbonButton\RibbonButton.png
| MD5 | a704c1d6a819e470e62c48f9e2135f02 |
| SHA1 | 05b1fe3077d813ec2badd579b073aba8d0d960c9 |
| SHA256 | 4552e2be55cbc44eec1da8c0eab075bba4de142c4bbef30ad590ac2c47de6513 |
| SHA512 | 43c80ffd9fd9f1a3e1f987766db684087c90c301a18b596084130895492581d3cd7ed74cbcda1b4ee5531a8b03c22a7da6432aafe6dde0152bd6a54a477ad7ad |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\RibbonButton\RibbonButton.svg
| MD5 | 239181d168243ee24b723f3bd74913ef |
| SHA1 | 924e4ab3f10bf603a04848a7d1d2d5ac12db3444 |
| SHA256 | 0873872810f9009911c552349b044028268e1387bc9125fdbb80f936a9018270 |
| SHA512 | 6660c77581907e50fdb70ac27defa368b7f47426e9a2b6f9deb020b1a315c9c250fccde69d4bdda52433b8ae5c2a248a17ee637e768300244cc7750b6dc16fba |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\RibbonButton\RibbonButton.wskin
| MD5 | 9ce7816dadfcc390680c774f322c3243 |
| SHA1 | b6792d664f55e36258aef5e3ec18958f60684918 |
| SHA256 | 66ef5c706e2ee0829f7cc106c2bd01153be7f7c659db0dfc1aeb72b0fc0c13ea |
| SHA512 | 919de43a7207e0493d84c18723e6a475e7a6694939f16654b1da7e69a1fc9e50298fe8a9b57267629d72bdb90fbe45d2041c736f761ead2444f69701151110d7 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewFitWidth\ViewFitWidth.png
| MD5 | c80695147ee86f5d525ab7f402d6b6f4 |
| SHA1 | 5b687560fe7f5a1ae6c897950865899712acdd8b |
| SHA256 | 8c74c4de755d5a890cfae35782bfc4ae5f1c1ae27915b365181a6f2804af8bc6 |
| SHA512 | 6c19bdc77261545f8eacfa8f94ea78af43d19fe7d40de98e93c1b10fea7857b47a9215d0576d5bc1c6d9c4cc15a7e5461343129108076a47bfef6dda07452944 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewFitWidth\ViewFitWidth.svg
| MD5 | 8a0d3f06dc0782e26647f599b9849c90 |
| SHA1 | 51c0bcb04fd368d08d5716bd56a9884c07e666b5 |
| SHA256 | caf94db5b9653c01bcc2b89036974198ced7e9d0802b1ac6fabbce827984e2b0 |
| SHA512 | 24aba91a8baa7972bb8a4335d5e58ecdf3b30889ac41f6007a0f1e3dd2cf2a9d664f68b0098af9642df9d07e8ad389816eea49a4f8b79aaef207955a8256f0ee |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewSingleGlyph\ViewSingleGlyph.png
| MD5 | a4bed43c54afdc2498ae55dbee049f32 |
| SHA1 | 3631be5fccaa149d271daadffb843854fa150f4d |
| SHA256 | 71bbcf36bad3b8363291150d7f8b1496ed9e1522356335f8c85f6543ef92c26f |
| SHA512 | 632bb77ca11d3522372233fb23ab7d86aabcb515461e83f9830fd913c880d6d537411a5540e6991fe53168ad434ec53eb059e9095985845d652e6c8c6f599f4e |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\Ribbon\ViewSingleGlyph\ViewSingleGlyph.svg
| MD5 | 2362989d4a7cf5227bdc0bf30337f2df |
| SHA1 | ee58d97f446b5edc95f933e2cfb8ed5ce054aae5 |
| SHA256 | 7b310094757d62eed58bb1cb62381f5318dcbe4466c1a604143dfc198c149568 |
| SHA512 | ef441963f77f3b073d513980bc742daf9e08b70b65d94431044d23862395f4f5a6d5fd163046fdc6450f5fbe2ff0da82bac32f14e7658eaa84bea3b5221489ee |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusButton\StatusButton.png
| MD5 | 34f4aa8b68d0f30e24375f14217fee4f |
| SHA1 | 09fce08880d88aa101557c0544c97aff3029b911 |
| SHA256 | 356d29e700287f390a0e6187fdcc5e476497beae7f412c8a38fbc7e57dfdf432 |
| SHA512 | 654c0ebf149b4674cae99ac20295f416652be2e8a5019ad06f5246d0542ba615f1c920200b7c2c0bcc579a72ca04909f16a98188396960b3dbd0842b2d796b41 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusButton\StatusButton.svg
| MD5 | cf1be02aa0463d8f5664b03f73a92f5a |
| SHA1 | 73fba8e4867b2caf023c2c4ef2af3d06b95bdf89 |
| SHA256 | 1303f89133aabbbbd8bc50a3eeff9fb3ee0df3517c866ae20f6105f8f3246ef1 |
| SHA512 | c6d71237e14188ab0de8e60db11c4487482abe736be0870667d7eeae38f936b8b2a37160771b405141595da80882a753ee6a42a71206a2fa8adc39b5770d94ab |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusNextPage\StatusNextPage.png
| MD5 | 9f0572be4d62a07729d1185431ccec1e |
| SHA1 | d7742b901e60fb0df5e46ebc9e4d4c934ab61254 |
| SHA256 | 1063cdcc10417a624ccc0a6cc80159954636245e0f2581ab3939e7e4ebcf98b8 |
| SHA512 | c5f9fb9f4b861166f848dd76224eaa2325328c9441e782a7a185b2e9b00c49a833e64fde8f09d31aea880f0be239dab171d56ee13c745a7401eca9b01f39446a |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusNextPage\StatusNextPage.svg
| MD5 | 39a9a94fc06657e7739dc9a387b5ff05 |
| SHA1 | 66c95fe764109dab48b7ddc1286c82c8b95a6b72 |
| SHA256 | 6d4494d3391748800554ceaa39b517211000f4100d93cb3e0c8ea767f7a97c82 |
| SHA512 | a4618d12f27736bebd3ed85bdfb113aa1785fb3106ce5d3df5e1be01a6c85a420fa1a27c13e5d924cad7a7822bbd4e150e4a04504144fb12d4e27274b032f43f |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusPrevPage\StatusPrevPage.png
| MD5 | b6c7c78e839148cd2426f69a87ea90bf |
| SHA1 | 7fa130f82057011e5cb39b17dc2fa21c792d5cba |
| SHA256 | 3f30bacdba57be2db083c8718b6f45f5edf9e477978bb0c9c5d69730ebd10f64 |
| SHA512 | 7670f1938f4519a01c03188894f93dabc991429cefc542a345c7610a7c780a476cb69fcbc58450dad2e2eac31d0d0188949b7da906c4ea0d4b62d47a6cec85f4 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusPrevPage\StatusPrevPage.svg
| MD5 | 527e37170d1580a98f42ff05cd2dbc31 |
| SHA1 | aca77d886cfe754e2f79f2f73325c6f01ff88548 |
| SHA256 | 2deadf23fef1ba098b209b10a2c6925f60db049576ca07c39db8906c3493e1a8 |
| SHA512 | dea7b3622acf72c33671b10ea9d352543ce507fe35eea8bee670ccc9e1fa0a46de230da77dee393ae9d7582de1448641d551254b532548652f15d3cbbae640de |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomIn\StatusZoomIn.png
| MD5 | eed9b6545d0724d7d54be1f4ca5414cf |
| SHA1 | 8e9774a4c5db28387bf15e9cfe1f393dd78dcc73 |
| SHA256 | 8027304cdbee27104c2633e05bf5a28ebef650180ddd412b85b5a9188eca1245 |
| SHA512 | d8a714e8998234c841e80cba62af4f1cc52c276b92ef704a80c4bfe0be34934e84a6b6841daa2324ae2d278013bd78f8fc69f65ff9bf2b2cf8b7b2ab0fb148f9 |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomIn\StatusZoomIn.svg
| MD5 | 37152eb8b181541211befdbf774793f1 |
| SHA1 | d98a63c87532e79f475967d0b004d732f4062387 |
| SHA256 | abf832d3de32a43d484d99d388d63d583455221c8262bcada929d444446d3fcb |
| SHA512 | 688832a50c4f8e48fd418a8dfee36885faf0c495842168b086214e1ae05f2e119f201af8031ff78589131402d31de860bfc03b211bd15177b1587b265fa57c24 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomOut\StatusZoomOut.png
| MD5 | 6ff9e32e601548d6dfbf441fbfeeb8f7 |
| SHA1 | 7aa7463da300fd0c91dc7248295c433712ffb73b |
| SHA256 | 3f0a36969afcbdba012674a6b819bbd75758a0dadb5546ef1c4567d11c179dca |
| SHA512 | 47fcde90a43b9d496b7905fa420a5976fbfe1c6cf01e582696d17eeb1d00f3516b41933165ba042fd632dcc5cc2295daeab1f05801ca01b9ee7c216c0ab2c3bf |
C:\Program Files (x86)\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Skin\Preview\StatusBar\StatusZoomOut\StatusZoomOut.svg
| MD5 | 1205e43a518e0d0337414ca50a3b8f57 |
| SHA1 | 102491a641e5eb1320e6d9e5d8c7e4c75e3a4f39 |
| SHA256 | 986b7947ec7bdefd5eddf19f34d0bfcd2c7745c3dcf54c8ec1364745d39f3539 |
| SHA512 | 460790e2751cb7b518aa0947d5c6d9fea739a5c688883e881dd3730c776f3efe7d6bce81f89f9d10f88e91e29ebea758756317f7b54f9df4a00c04f07bf3222a |
C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\CSS\is-ADT75.tmp
| MD5 | c71de36815d234e886e5eafc376bb514 |
| SHA1 | c1f0c9ea8908525d952cbc0db64a11b79a0b97a0 |
| SHA256 | 0ef44486c08fd5bcfd216fcb2722b938170b5c15563b9131da6d5325d0b1e666 |
| SHA512 | c938226d4953d78a7f53eda4ed5a1846d7f3561f78157951da03aea36eb295f88879f987792327b3c8e085571ee97bda703d5e321d7198d905c7044d01f6e176 |
C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\CSS\is-CL6S6.tmp
| MD5 | 1ce62199ac7ed87d171deaa424df6d69 |
| SHA1 | 2403ec031d41e145bcc55e15bd5900a8e252ce94 |
| SHA256 | d792a897882d97a58ce09ae90be5e53d376977687e091a44289b4a0467ebcf0e |
| SHA512 | 7c18af4b19d0658f432705d576ab8003b3e06797866047193284bc27ed3ef1b58debec50b2ee1e260e1cf46187acf32909a3ae196ac8b80720d606e257371068 |
C:\Program Files\Wondershare\PDFelement\Skin\Uninstall\CSS\is-AQ6JN.tmp
| MD5 | e4ab34ef3af025df85d68067c46e5137 |
| SHA1 | 02722818f09dca6e74188dcf8287877849b1bda1 |
| SHA256 | 4becd8d3bd33385f206d1608d4ad2d5191e033974f73d09989d63e66b92ee214 |
| SHA512 | dbfd62120da401141dd35da8b805e0a7b08776a11f0211c85ab5364d30b3ca0ce8cb77e9e62a8f5a740626d52577fc1b7d99be5a4a77e8cd15d2db00e3a2e7e8 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Chinese.dat
| MD5 | 56c39e309af1a6f9bcc9ffc6c03787ab |
| SHA1 | 03adb1806fb642905168d3cf0c3c7928257ad995 |
| SHA256 | 60744af893268566873e00dfbb71718c25e0ac97fc456d494ed803e75d87c60b |
| SHA512 | 4db422858c0765e5c528f70d46bcc0809bd496a44a7d4b86b35da17888652ab29f93663010144cf9d2dc8123be8c58162cbbb7ee5f8a2b9499c2975235e1f99e |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\ChineseTrad.dat
| MD5 | 706af567453be6c24fd3164ae1bcb256 |
| SHA1 | 638755694ddb2dcfe4bbf6da1fbe7298ddc4bcb5 |
| SHA256 | e9ee5c6b861cdfa443022cc096b174fefc84639d62f61a520da82d98051da3e9 |
| SHA512 | 53f9e5f4bbc4bf609081f33ebb5469e386c3dbd9ec1215bde5488acacbe4c9fd66fda03e9e0c83060464fc3569d96b9f787fc45f64084ad65ae4906113a21cc2 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Dutch.dat
| MD5 | ad74da81dcfecb23cc239cdd1cbc6381 |
| SHA1 | 26b21325493dfe42f58d55fa075e3a772733b640 |
| SHA256 | d9134eff96291502ffde4f4d684ca1f486ca4fdded342e14b2cbdb1463a4a184 |
| SHA512 | 635d09b3529f3d81de51852ce35fe68cdd3a6964136dac4a82c2b0b68001f4b7c8f0873526d965b1970f7aa5a15f5441ea2f29cf47ddb5ba923c1e0f6ddcaeab |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\English.dat
| MD5 | 87b35a58971d43918c25802b198767c3 |
| SHA1 | 3591273b4d085835287037b4df5eb08a812196fa |
| SHA256 | 8449657870b5b04cec29b7369258eb44efcb2ac136a88f0c42bb20d29cb4bdb3 |
| SHA512 | 5f7445a0cb8d1a2bba46982ea6618e999f51dee4f5301b66ab363798e47f92c7cf2fc61d464f8d21b86f4068c9d4ab44c63b8f8ca71cfc00b5ea3a4da5b93ceb |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\French.dat
| MD5 | a44f4ba0372a28e623e63b740b24af53 |
| SHA1 | a3b067cb96a4ab2122ebfa7e1fb695b24317998b |
| SHA256 | 1c5fd0e622d03d80f0903c935cb295bc13f5f5025a7576780570c0f9522a80a3 |
| SHA512 | f02d5beb273135734205220b0d3ac4bb942210c7d6a5b33d5d39d3253bc25d82952307c39e3831cdd8d72984284522c9b65149f6d3b836ad55984318676ba4cb |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\German.dat
| MD5 | 86803d263c970c6ba8092096034b80e3 |
| SHA1 | f1bf5e19fd8c83aec64725777fce44ff2ce92d1b |
| SHA256 | 257d9f9d7ffd4af1dc1cdc17947aadd88454fb83a72aa9febf3e06f170ceaa7f |
| SHA512 | 558be4d72885827613d9ef8322bbe05ba24b5f04e11aa8709c5250aabbb676cf42136165bd3489cc607ef1d75ff0b8032290660bf27393341528e392a0794c24 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Italian.dat
| MD5 | c9893256f33cb1047c01483974c9f034 |
| SHA1 | 73c1bc8621dcf556b85e4a7aacd3066cb9ccf8df |
| SHA256 | 89637178e756d5b847d50132919f56e450f9b53f362a59197382e787c7574f36 |
| SHA512 | 16d012318658a1ddaf7e1d70ae16db9c0a3176fddc5ffb6252f24e9cdc2e156551af3a07cbfc476ffb553f78c255c1729a2fe256ab96cfce3faac2559bcc1afa |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Japanese.dat
| MD5 | 2a5a949092ef0080ed33fe8730b67502 |
| SHA1 | be1a9fd0f8a00aaa85874d6f794dc78fc773d4af |
| SHA256 | ee654d15a978f1a10b0f245cdea5aacf2e64bbd2a46087fe07913edbd204c9ed |
| SHA512 | acf48ed619b4bb52b6f78dc18e83fcf4603a604bdbe963883a240c771b80104d65c533cdb2661c9c8657ec0c30c09ed522362d074736fd27b5bf101777cfdb55 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Korean.dat
| MD5 | 6a2cdb3374539d30e740faee4efc199f |
| SHA1 | 84b5a967f3a36c680ddf793a73ffe7903f5c0f44 |
| SHA256 | ca854fda32b4a7d162551e2a3528e4e05e4ca0cff4b01571b6b2fe24c7523cfa |
| SHA512 | c010d23f34908c7d9793a8522151b57d7a6c6afd76bf9087d9bf6086f006127e69d91e41e2bf27feba9c9b9c1416a5a426261504f4d9d43503cd988fd2e6de60 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Portuguese.dat
| MD5 | e728781bb89a0b7a3ed0e8bd3b69095a |
| SHA1 | fef29889dda8cc0d9b5fcd3e921db1dd30de3e2b |
| SHA256 | 5d2b2ab441654a460d1a6f544355dce35d564cd85422c5a48ba0f5782cac9fc2 |
| SHA512 | 1d1b347bfa9dae9f0ec5e20c93d3da59ed4fdf684e43b0abc0673052b38033d1eaee71a663ce917458215ed7792853a5c65cec2c7d3e7ae35ed12e135cb4dcbe |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Russian.dat
| MD5 | f24df3f1bdffa9bf62e5469baf7b8592 |
| SHA1 | 99cfb37c1c7bffadf67cb270454e55318039eb24 |
| SHA256 | 728f2db1ca5fc65b181e561cc768ef70a752edfcaf65deb39f380af07c6fb3d4 |
| SHA512 | 82f565a2375538093f5dde48e103754765621016c1811917bc6ace6592857a3c70df90df40042d2771de0dcbb1eb36a1bcffc1faeed6523fce2db0517c2f5006 |
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\Languages\Preview\Spanish.dat
| MD5 | 0812951e0c76719e77ac8b198540c51f |
| SHA1 | d78d9cd3cf36bd96952b227ceb22bb1db4aa5d6d |
| SHA256 | 122df514ae77cceddc97ac24d232767347c5ed8303ac27e04a77b485fff6ca69 |
| SHA512 | 4cf9da6cb973c5e3958ed8204305c25b66261bd51f9d0c3cab235498a0549fe711a9f7b7a6b27a4343ef7069e7de1a7debd92fea105e214d81cb47b8fbd76242 |
C:\Program Files\Wondershare\PDFelement\PDFelement.ini
| MD5 | 14a5a81e49194a159fbec4aa47a0a5e1 |
| SHA1 | 7945798487332a9c3b1e9da7cc198f9c64519b1e |
| SHA256 | e1f72de3f138041cfc860c19f2038e4221615f10d2835d816abdb8c96e70b195 |
| SHA512 | 3a04721756ad4fbfbdc551398492e4a455abd0b7041e8a3cda352cefb9b1a326ec3735c5ddb8e24b9dfb14030613303d244d1ca5044cb3c04bedb9ffaaa59d74 |
C:\Program Files\Wondershare\PDFelement\PDFelement.exe
| MD5 | ecc9b72ce3d5a0b7305ae5916d5b0003 |
| SHA1 | d544bb4cd46c78a012c16a351dafd2ae8dab9a7c |
| SHA256 | 5a1c55f8c7bbac15ade4a73b6d3a9578c566a488ca9d4aece3af2ea5009547cd |
| SHA512 | 58e885cca53bed10fabf9e442439d28371b127d4655acb507c9994b1307b6f37cb44fbac7af524dda805fbf71d838260b4edcad89fedf86d64fc75c1ba98ff03 |
C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe
| MD5 | c262c4666e79075184be40b6af3a2b10 |
| SHA1 | 453ef3989c1cf92b8841db01cd9615819dff9764 |
| SHA256 | d7e2cbe220a7bf6d3b313c3d94ee9be48e41a7eca171ebd43e2f5adca2052f5a |
| SHA512 | b6e0688a46347e221fe39bc67048164332e96f1de363476fc5e1df405bc1a062786e9fb08e5cecef51df7bdd2ddaf32bc8709313c0c0aa04f2ad583fadae140f |
C:\Program Files\Wondershare\PDFelement\PEAddInDeployment.exe.config
| MD5 | 76d54a388667208b269aafec6e091bfa |
| SHA1 | c54d5bea5fc945aac10d014fdb6463545413f377 |
| SHA256 | bf5856cf607ff0e85ca64b06997c0de15a8d95b8813dfa1471a680c22aab4c51 |
| SHA512 | be1612b68f52a39ccf75c9d08745547af423bca28c17dc7a258bd175a5271790385060d932adb093fc12c14cab0b8ebf317bf4787bb1ba81463abdb431696c67 |
memory/4156-9595-0x0000000000440000-0x0000000000464000-memory.dmp
C:\Program Files\Wondershare\PDFelement\AddIns\EXP_PDF.DLL
| MD5 | 01b6bab757adb8e800f467f5dd6f20a4 |
| SHA1 | c3a143c1671c91a826460c15401767675dccd6f6 |
| SHA256 | 77b0cf57e08bcf0b4bd2274ada906e19c67ac7a2d04df19ff300a756fe96399d |
| SHA512 | 6f300e5bdb7eb5c9b91a8dc93b4f54f0f9ba23ca6e8c30bf92dba1e39902f85c8a1b7cc1bec1db569fa0f3e5761ef270f34adbc7d6855674a18707dc263003ed |
C:\Program Files\Wondershare\PDFelement\AddIns\PEOfficeAddIn_x86.dll
| MD5 | a3e7adab6154d87b283be745dc43b440 |
| SHA1 | 4a320759a7ea14966e8f39fecc8c3816c21a677b |
| SHA256 | 465f4e2cadd96cc2cec6355b5e2a09e342e9b5bf71647caabc1d61016ad81c0b |
| SHA512 | fd40663b0ca48f0852c598e12c0530a9c8a89d7112bb316ddbe22495c1085a3cf45d308b54b230fd15f912627562a5308537f3280671d44beef78f028cdba41c |
C:\Program Files\Wondershare\PDFelement\AddIns\PEOfficeAddIn_x64.dll
| MD5 | 997399992609992f43daf6ba90a6fe99 |
| SHA1 | aa81216d449fa612626f2949acec51139b1a5773 |
| SHA256 | 0a382dca5ceb70d3c0715728eae4dcddd00b54678d2362656fe3d743530aab20 |
| SHA512 | 182dbaf6dbe5bbd816329cfb47edb5124e1b99825c8385d005265101b7815ca33e6fe4270bd3cc7e631193af8738bfef404b9d3a8e49de2ab2ce5df662cfd9bc |
C:\Program Files\Wondershare\PDFelement\AddIns\EXP_XPS.DLL
| MD5 | ee6e8231bf4a7cc9539eeb457d8acf39 |
| SHA1 | 643956b3bf9aa29a643c47710f8369dd95622d23 |
| SHA256 | 7b4d3b16ea4dc23773911971cde5de6a4125c7e4590c1245d78667e02526e769 |
| SHA512 | c330faf25588fe3420cfe2b38487fcac4ffb5011a2b4e6cb149d7679bd2ac29d4a76cbe804082451b02e83a3bcf80ed70ea351f60175a5e1755b9819bd1a51ce |
C:\Program Files\Wondershare\PDFelement\PEOfficeAddInInstall2405.log
| MD5 | 7dad5fc663c9c3781fe534c12c7dcfb8 |
| SHA1 | 7e06f414a17cfc5489aabf50c2c7bcbfee2c5973 |
| SHA256 | 7600009d2715c1a903f229e82c16370d5028c30e324a21bc45fb546c4228bc64 |
| SHA512 | ea3c2185a3acb4b208bea01a23ed7865396d085c3cb4642535d980934318b325a0554f723c414483c7e94938284aa91092fa464b004d8286fa3d58f1a6209bf6 |
C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe
| MD5 | 59754e3db61e910c41d50d364d86372c |
| SHA1 | 2cd5ceef3727c106f540934190edace69eee9d5e |
| SHA256 | 65eaeae795e79e0948e1a3767c7abb18cf16ee5649f23620e80f878ff9dd7d1b |
| SHA512 | 05a7b94400d9af3cad75f2c2dac33cf22d2be4bf789e24c6fb24fc2081bda0d443ad0c546520e608429b4e76c4a2a08513cbbef702c01763541ddf8b1dbbdad4 |
C:\Program Files\Wondershare\PDFelement\PEShellContextMenu.exe.config
| MD5 | fdad6e56c3813f4021ff8177dc33ef84 |
| SHA1 | 6585426c5d35e23c9acd4c3ed271241fddbf6a8e |
| SHA256 | 581337c905162b25581705895a91f3af7c8a577161c18187485f1bd15692c90d |
| SHA512 | 0b9caa3ed4edfcf4a34ac0e007cf5916f0ed083b092fc285aea0aa2d39d6082507fc41a2878dad89696f3f033307902bb73178846748fbf3e8d9527d4bd70419 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9
| MD5 | 601f12bbac31a55a6b6055d55b470f7f |
| SHA1 | 03ea86c977a05aa6633026988c3f510fdb24bafb |
| SHA256 | 82d288da05d62eb6639ef00f852c4e3983442ac0978fa1cc4a873434a2014c89 |
| SHA512 | 3641111c8c225e310a82baea74e05458830e8bf695069559f1060b518b06754b37e8b23d0ccc53b27f0498707d98eadff27fed6dfecd2d7f7e879a26bfb6aeaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9
| MD5 | 72e4590d6f0031346bed2058b84a1feb |
| SHA1 | 70b124310d398df1a37974942a04d40fb3333d20 |
| SHA256 | 09e30913a3f36658ddfdc75dac6579ee64b2ce013e21a0a1a580d83e2c7f6d0b |
| SHA512 | 98c6b07d62d6acd1937b143846dae8b891487744b4d6652a7413259038faac1aa36c6fba0801a497c0b653bdf7e5acab9ccf4ed5374904161127e96c8ab86776 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA4458E7366E94A3C3A9C1FE548B6D21_4D96F6C14A43BEA1464E6FC42CC823C8
| MD5 | c7eaaf6bde4e6c791251c8d0c486b4f5 |
| SHA1 | 8718a53fae59db884a500a3af40b180162cea671 |
| SHA256 | 7a49f9ad27fb4805b6f9750be0a28eb2987abc7c3fb54db8de3dc5f7a2f96cae |
| SHA512 | 3fe2531e63388b32aef721785fe3f9d413233002c9ad51f6c11327290e0a821d4ea260408c9d12fcffc4d1c4e97ab0d067711a48de552cd77c28f11007e84f7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA4458E7366E94A3C3A9C1FE548B6D21_4D96F6C14A43BEA1464E6FC42CC823C8
| MD5 | 752c28b96fcc562534916739807bb019 |
| SHA1 | 3e7f9d7638260d35744fb4b488da2e9b7abfd690 |
| SHA256 | b74d42d006e590ff249a37f18e126daa6ef449ea67474399c4edaf51d5c010d2 |
| SHA512 | 7fdc5a8bb24f25359953d9b73b4e4eb46ea5098a2d5c3521f8862087ecdd2ff32801285548e51e1e5a83c641d9d65173aab27292fad70f3123d016011960f349 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\PEShellContextMenu.exe.log
| MD5 | 001ba80328a79b5d1306e58020987adf |
| SHA1 | 4ab0414fe63294b2a119cd7cc1de2204a9ee4056 |
| SHA256 | fa3d41370782e1de2c7b7e714aa2d621871003208d5b8e8980fcfc97d5221339 |
| SHA512 | b363e344de829f1e094582f15478dc777d115dac846d79619334d1c5e6db6e1d618ae7f540300a10bc36f8857d1acfd356705669593aa5862a0aebafc100ee84 |
C:\Program Files\Wondershare\PDFelement\FileAssociation.exe
| MD5 | 5b996305083fa4cbeaccd851043d17fb |
| SHA1 | df94872e26c3ede88b69958e77856c6a18cd6b06 |
| SHA256 | 432348082c9dba82ac4061c91fd298a5647e71739580cf0d9ee48f36c23abaeb |
| SHA512 | 2ca67bcf3bf8776504344b98544760c9168b1378066a4f25f9bbdf971384da95c1dd748beabb3a02e07a703c25f69dbd059bdf00cdbb1b536b4237bee1ce867c |
memory/3060-9654-0x0000000000E60000-0x0000000000E72000-memory.dmp
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\WSPrtSetup.exe
| MD5 | 2f95c0f7b5429cad4fef24c37b005014 |
| SHA1 | bfcbf13f4639f3784d630153449fa3ce2048d1d8 |
| SHA256 | ff754b2719b5e08db2bc34aad3e7d1b14f6651e7c4944707eb38de95e461b69a |
| SHA512 | 8868bcad45924eecc443bb3c2ffdd0ad48487de8687edb2c8ccc2b01b64860b8993d7afc70d12cca64ebc563889d6687d242a0f83983f1e621457454049d8421 |
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PDFCREAT.PPD
| MD5 | 7b3694cff54a0f58525abd9cc3e62475 |
| SHA1 | d7fffbb17f7e02ae03b1dca1a808c53dbff67436 |
| SHA256 | 479ded50a99ee0ea2d671cbeb68cabfda049b18ba6729eb81422fcd08d690afd |
| SHA512 | a440dbabf93bb0f5b2e8a37fa1f03e84d29eb8a9eb08558b0f8a57f6200c4e9a4c17174051130ee01cdff299c72280bee78478014d75d4f2316160a0c8f787e5 |
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PSCRIPT.HLP
| MD5 | 02c3f8c32018f3aaf66e7421400f1781 |
| SHA1 | a04f2e40287af78867161fa3f1606045088da212 |
| SHA256 | 6faef4c998e810fff139958f28722c79879ec2fd66c97c7e3e2c5040fd5550d9 |
| SHA512 | c30fee64d74a536117de46c81b6e22ec82634d1284783a317bc15e85cfd561fad7d50a63ca863ea6520b5cbaecf9061f7b52d3d99050484ce8a004f81dab7990 |
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PS5UI.DLL
| MD5 | 34fe8243c4ce5db32b593857a9ab65bc |
| SHA1 | bedd7610b754f6216131a0f509fc9d8813e439f4 |
| SHA256 | 28a1cc523e3708c48fca4095d1ede1a81fdf1954b743eca4d6c8172f0116a3d6 |
| SHA512 | 561503728c5598ce360e85130bef4172fe0e0fc57417e2549d6a15c509244d67cc84ef775450c133170df2e9c258951549fad32c3080a52394078756b60f3376 |
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PSCRIPT5.DLL
| MD5 | fd759f3f3dbda773e410172b8fe9b716 |
| SHA1 | be6553806f25e3c3413064e6fc4a82d01bab3ff5 |
| SHA256 | b5b15b0f92cd60314d45aa2bc3cf06109a050b3c096168fb35d584281fed3507 |
| SHA512 | 789e351e84d409c37c77ce51b82fc63ce22023ad0ab326f7455aca2a8834fe7145293f30ee19a616d4fe1917512a9ce1fdb0856004852d67c0d13b5a737627a4 |
C:\Program Files\Wondershare\PDFelement\WSPrtSetup\x64\PSCRIPT.NTF
| MD5 | e45e03bdfbddcee4b6d62bc922ef24e7 |
| SHA1 | 1873ec050afe6275e95df8b6a1a43098dccb9f25 |
| SHA256 | 3eb48a31bb8bfb34534ff6e251e9b97e29e8b8e3a4eaf6c929b026caced3498c |
| SHA512 | 0dd54c060ca8b2fb676a14488dfeb30de9b0458a23aeb632c1bc4de54fc6b8066c86450a896726f04ca74bcecec03fac15c69a81ed17215b53501da57607f915 |
memory/3516-9679-0x0000000000F80000-0x0000000000F92000-memory.dmp
memory/3516-9683-0x0000000005BE0000-0x0000000005E54000-memory.dmp
memory/3516-9689-0x0000000005A90000-0x0000000005B8C000-memory.dmp
memory/3516-9690-0x0000000005E60000-0x0000000005EF2000-memory.dmp
memory/3516-9691-0x0000000006400000-0x00000000068FE000-memory.dmp
memory/3516-9703-0x0000000005BC0000-0x0000000005BD0000-memory.dmp
memory/3516-9707-0x0000000006020000-0x0000000006042000-memory.dmp
memory/3516-9708-0x00000000061A0000-0x00000000061AA000-memory.dmp
memory/3516-9699-0x0000000005F90000-0x0000000006020000-memory.dmp
memory/3516-9695-0x0000000006050000-0x000000000619A000-memory.dmp
memory/4176-9710-0x000001D9B73A0000-0x000001D9B73B0000-memory.dmp
memory/4176-9712-0x000001D9D1B50000-0x000001D9D1DC4000-memory.dmp
memory/4176-9714-0x000001D9D19D0000-0x000001D9D1ACC000-memory.dmp
memory/4176-9716-0x000001D9D1F20000-0x000001D9D206A000-memory.dmp
memory/4176-9718-0x000001D9D1E60000-0x000001D9D1EF0000-memory.dmp
memory/4176-9720-0x000001D9D1730000-0x000001D9D1740000-memory.dmp
memory/4176-9722-0x000001D9D1AD0000-0x000001D9D1AF2000-memory.dmp
C:\Program Files\Common Files\Wondershare\PDFelement\Preview\1.0.0.55\PDFThumbnailHandler.dll
| MD5 | e0cbd36c28d487f1bd9a1a50cfd96dca |
| SHA1 | d20476dfae233bb1bac76f43fb5fb985e23db0cd |
| SHA256 | 74492088b26f2d437d8a61bd608664a40eb5ecf570a7911bb4a9ee974d8d4804 |
| SHA512 | 6d03c27ca65a94def8ecdaefedd06d642cf3bc0c95c979d7d3f8869d0bc1553662f7a27d9c8b97e17d0ad6d6b25ea2f6af09eb47133da1a622cb0dae5da80d4c |
memory/4300-9741-0x00000296CBC20000-0x00000296CBC30000-memory.dmp
memory/4300-9725-0x00000296CBB20000-0x00000296CBB30000-memory.dmp
memory/4300-9760-0x00000296C91D0000-0x00000296C91D2000-memory.dmp
memory/1432-9765-0x0000000000400000-0x0000000000584000-memory.dmp
memory/4088-9770-0x0000013F5A500000-0x0000013F5A600000-memory.dmp
memory/4088-9771-0x0000013F5A500000-0x0000013F5A600000-memory.dmp
memory/4196-9785-0x000001A2CDFD0000-0x000001A2CDFD2000-memory.dmp
memory/4196-9787-0x000001A2CDFF0000-0x000001A2CDFF2000-memory.dmp
memory/4196-9782-0x000001A2CDFA0000-0x000001A2CDFA2000-memory.dmp
memory/4196-9867-0x000001A2E08A0000-0x000001A2E08C0000-memory.dmp
memory/4196-9952-0x000001A2E1010000-0x000001A2E1110000-memory.dmp
memory/4196-9953-0x000001A2E1010000-0x000001A2E1110000-memory.dmp
memory/4196-10035-0x000001A2E06F0000-0x000001A2E06F2000-memory.dmp
memory/4196-10037-0x000001A2E2020000-0x000001A2E2022000-memory.dmp
memory/4196-10042-0x000001A2E2040000-0x000001A2E2042000-memory.dmp
memory/4196-10044-0x000001A2E2060000-0x000001A2E2062000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UJB2BMT0\bat[1].js
| MD5 | 72bca04fd669eb89fc65d59052d0fc00 |
| SHA1 | 27e60aef86f0cb1b2f6b6ed9df9a4e3ba88efd21 |
| SHA256 | 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721 |
| SHA512 | 56058e4c927563ca37dec4979af28a415ea3042a389c0ba22738c76d39131317a703a38a95eab9d913f116f7c2d1da62a0a87750f47deca2ddb3447d64303b12 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RC7J9QNT\tt[1].png
| MD5 | e714c69ca26dcdabcf9016341f66b5b9 |
| SHA1 | 1c78ace0e38129460966521ecb9f3ce70563a5e8 |
| SHA256 | a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace |
| SHA512 | 14179e1e37d02cd4e31a6997dd06f4af685bec694967adbfdcb341bc50d8558664a884694e670c76ba04795bbaca6e5af756472f9bd18ce2344f936bc15f9943 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\UP231XJQ\www.youtube[1].xml
| MD5 | 5f6164956f48f3d30d4a287939da358f |
| SHA1 | c44e2c305916c187685d1ff93f98307456757db0 |
| SHA256 | d9aebef241b5f2933664e0f64c5eee58a99beccecc8bf6890be89ffe3d581e0c |
| SHA512 | b0aa9a665d2b72624c24f5e6a24d3b9fc3ff892c8141d276f792fc4290ffee9cb56f9f37953e22795a6a378283992b990aa8318d029cf55ce1426ec5436dd79f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N5B4UCZU\pdf.wondershare[1].xml
| MD5 | cdc5fe16861c34c71b36e6807a628704 |
| SHA1 | 24a2eadf08ebc97e031013f78c5b9f1d9768eac0 |
| SHA256 | 620bbc42647e92da9ee6a9260c181e45aa6b0d3ef4f06e84feb26bfe7db236df |
| SHA512 | 3a1f98602c54bbbc7703c856dca6cb5db8582d9e27c789a9f7be9b0d365ef293d864cf16922a52578c391cff5471cd4e3d25a2da127ebe72e58276dc7faf95f6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N5B4UCZU\pdf.wondershare[1].xml
| MD5 | 6bf6f0a6ff50f9f56ccf0069bd93423e |
| SHA1 | 28c559bf970d2ebebb8e37d26179aba1737b3caa |
| SHA256 | 57cd44e8f77834978db8ac467af85736f966e57f3df7055e1e3afc5a833bf5ec |
| SHA512 | da8145b185503f9672685ba6f8a33d305d5ffdbe72862ffc5d9dd9b556655176e5285cd55600198c36cc8858ccb5bf3bb0e1daaffd23666ddcdc80a72e77c461 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4ZELX2XC\cdn.consentmanager[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\UP231XJQ\www.youtube[1].xml
| MD5 | 90d75048cccc24ceb141e3f6ade00dc6 |
| SHA1 | 2a5a02db8045066f1534cbab109ecf650f89e60a |
| SHA256 | dc0602b698e5211c7451dfda5909bd93ce915d2b5ef5871146cb8b9cb5097264 |
| SHA512 | cb51d83f03df18a5fda11b54934fee653bc7822e294292cf45f590e253e82f6dc04d955f834e01a1bd915b440dfe9455cbc56abb77589b98a5328bca6aa10bef |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\UP231XJQ\www.youtube[1].xml
| MD5 | 034b50a0d32fa25426f0326a7cbc62e9 |
| SHA1 | 6e679919c1b89b00ae83d78599a98dbd51126190 |
| SHA256 | 4fee8580c3ca72f835cce3cc5d3c432a8a05b724f3dc374153f4222284b100b2 |
| SHA512 | 2f885f4f71c0595442abd84535dfb5064a4e5d34b2cdbe66df29ea0435b0a44e7546fc553f33886bd77c77c319cf8924c4fd64077b59a133103477743e3c5076 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ATXXLKKH\favicon[1].ico
| MD5 | f8152c42b27795b0a992fdae0e9e98b4 |
| SHA1 | 571bc03c5c68b0596af75eb806407818f1ade049 |
| SHA256 | ca2436df1a9f28f874e861a820ca49aa034a076bbba1064d445a042d3c190d88 |
| SHA512 | 292393859629ff287c073bb00d0de5fd51c516f773e06cd8ecd58c346f1519c215a5436e340221ea6bb35680a043296510922584ca4c5be23fac7a4ac9686098 |
memory/6112-13117-0x00000000000D0000-0x0000000000D0C000-memory.dmp
memory/1432-13129-0x0000000000400000-0x0000000000584000-memory.dmp
memory/6112-13131-0x0000000022570000-0x00000000225E4000-memory.dmp
C:\Users\Admin\AppData\Roaming\Wondershare\PDFelement\Config\MessageCenterConfig_New.config
| MD5 | d5b18e742e3544615770f9d3432b9b04 |
| SHA1 | e8c36998a72a56991928f91606c9693429b995f0 |
| SHA256 | 74eb3963fb00f494de9a3b117a28ee3c7e96ba0e08cd4a8adbdbdd681aab1ac7 |
| SHA512 | a6815b99aad977dbed5a3279c365de95df55bf9fdb0688d37146d4fe5857643fb7384615282ee1d61fc706193f25cd0d73a40e0d4d60dc6dd91b00da6b400d54 |
memory/6112-13155-0x0000000026B20000-0x00000000272C6000-memory.dmp