Malware Analysis Report

2024-10-10 12:02

Sample ID 240615-d2tpsaxgke
Target SodaPDFDesktop14.exe
SHA256 60a0ebc38a84ef29081e51951c6c23a4f0dae8db25d6f3da0d3f58f58da3707d
Tags
risepro stealer discovery persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

60a0ebc38a84ef29081e51951c6c23a4f0dae8db25d6f3da0d3f58f58da3707d

Threat Level: Known bad

The file SodaPDFDesktop14.exe was found to be: Known bad.

Malicious Activity Summary

risepro stealer discovery persistence

Risepro family

RisePro

Registers new Print Monitor

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Executes dropped EXE

Drops file in Program Files directory

Loads dropped DLL

Registers COM server for autorun

Checks installed software on the system

Enumerates physical storage devices

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 03:30

Signatures

Risepro family

risepro

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 03:30

Reported

2024-06-15 03:32

Platform

win10v2004-20240508-en

Max time kernel

98s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe"

Signatures

RisePro

stealer risepro

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982} C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\LocalServer32 C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Version\ = "1.0" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Elevation\IconReference = "@C:\\ProgramData\\Soda PDF Desktop 14\\Installation\\SodaPDFDesktop14.exe,-501" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\HELPDIR C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ = "IInstaller" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\ = "Installer Class" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0 C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520} C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}\AccessPermission = 010014804c0000005c000000140000003000000002001c0001000000110014000400000001010000000000100010000002001c0001000000000014000b0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000 C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Programmable C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Version C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Elevation C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\0\win32 C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ProxyStubClsid32 C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}\LaunchPermission = 010014804c0000005c000000140000003000000002001c0001000000110014000400000001010000000000100010000002001c0001000000000014000b0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000 C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\FLAGS\ = "0" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688} C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\LocalServer32\ServerExecutable = "C:\\ProgramData\\Soda PDF Desktop 14\\Installation\\SodaPDFDesktop14.exe" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Elevation\Enabled = "1" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\0\win32\ = "C:\\ProgramData\\Soda PDF Desktop 14\\Installation\\SodaPDFDesktop14.exe" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\HELPDIR\ = "C:\\ProgramData\\Soda PDF Desktop 14\\Installation" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}\LaunchPermission = 010014804c0000005c000000140000003000000002001c0001000000110014000400000001010000000000100010000002001c0001000000000014000b0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}\AccessPermission = 010014804c0000005c000000140000003000000002001c0001000000110014000400000001010000000000100010000002001c0001000000000014000b0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982} C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\LocalServer32\ = "\"C:\\ProgramData\\Soda PDF Desktop 14\\Installation\\SodaPDFDesktop14.exe\"" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\0 C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\Version = "1.0" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\TypeLib C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C} C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\ = "GlamInstallerComLib" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\FLAGS C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\Version = "1.0" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520} C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ = "IInstaller" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ProxyStubClsid32 C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe

"C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe"

C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe

"C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe" /RegServer

Network

Country Destination Domain Proto
US 8.8.8.8:53 wsgeoip.sodapdf.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 wsgeoip.sodapdf.com udp
US 8.8.8.8:53 wsgeoip.sodapdf.com udp
N/A 127.0.0.1:56951 tcp
N/A 127.0.0.1:56958 tcp
US 8.8.8.8:53 analytic.sodapdf.com udp
N/A 127.0.0.1:56960 tcp

Files

C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe

MD5 096bd90aaf32d408e853090e6e614b47
SHA1 b482aa08a610ab24e785f3b56f98486addf137b9
SHA256 60a0ebc38a84ef29081e51951c6c23a4f0dae8db25d6f3da0d3f58f58da3707d
SHA512 fc3420af2cebb6dab4fea585d0c7895afb7f665a34af9643fdccdcce15feed6b70a135c85584151e8270e40a173411d64bb3d5931b9ed3f8cbc216edbede9b0a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 03:30

Reported

2024-06-15 03:32

Platform

win11-20240611-en

Max time kernel

82s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe"

Signatures

RisePro

stealer risepro

Registers new Print Monitor

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\AddTimeStamp = "0" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port: C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\PromptFilename = "0" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\FolderName = "C:\\Program Files\\Soda PDF Desktop 14\\Print" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port C:\Windows\System32\spoolsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\RemoveExtension = "1" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\ExecuteCommand = "1" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\AddUser = "0" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint\OfflinePorts C:\Windows\System32\spoolsv.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\UniqueNames = "1" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\IPP C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\FileName C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\Command = "\"C:\\Program Files\\Soda PDF Desktop 14\\creator-app.exe\" \"%FILE%\"" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\RemovePrefixes = "0" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Ports C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon\Ports C:\Windows\System32\spoolsv.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprn_v.6.23.0.2.dll C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
File created C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.dll C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
File created C:\Windows\system32\spool\DRIVERS\x64\soda_pdfpmon_v.6.23.0.2.dll C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
File created C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.hlp C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
File created C:\Windows\system32\spool\DRIVERS\x64\3\New\soda_pdfprn_v.6.23.0.2.dll C:\Windows\System32\spoolsv.exe N/A
File opened for modification C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.hlp C:\Windows\System32\spoolsv.exe N/A
File opened for modification C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.dll C:\Windows\System32\spoolsv.exe N/A
File created C:\Windows\system32\spool\DRIVERS\x64\3\New\soda_pdfprnui_v.6.23.0.2.dll C:\Windows\System32\spoolsv.exe N/A
File created C:\Windows\system32\spool\DRIVERS\x64\3\New\soda_pdfprnui_v.6.23.0.2.hlp C:\Windows\System32\spoolsv.exe N/A
File opened for modification C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprn_v.6.23.0.2.dll C:\Windows\System32\spoolsv.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Soda PDF Desktop 14\ui-ads.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\ui-document-panel-attachments.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\unrar.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\Click on 'Change' to select default pdf handler.pdf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\creator-ws.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\plugins\plugin_notification.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\plugins\plugin-onboarding-tutorial.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\ui-document-panel-properties.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\win-specific-services.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\uk\info.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\uk\messages.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\boost_iostreams-vc143-mt-x64-1_81.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\zstd.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\resources\Core\Encodings\AdobeStandardEncoding C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\bl.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\plugins\plugin-pdf-converter.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\libcrypto-3-x64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\ui-document-panel-layers.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\ui-user-management.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\v8_libplatform.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\bl-scan.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\crash-handler.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\ru\info.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\libwebp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\es\messages.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\resources\Core\Icons\sticker.normal.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\libprotobuf-lite.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\ja\messages.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\bl-edit.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\ui-dialogs-esign2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\ja\icon.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\sp\ui\ui.csp C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\graphics-service.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\ru\messages.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\abseil_dll.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\resources\Core\Encodings\MSSymbolEncoding C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\resources\Scripts\Common.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\plugins\plugin-googledrive-storage.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\vcruntime140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\pt\messages.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\pdf2pdfconv.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\plugins\plugin-text-markup.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\icuuc74.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\fr\info.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\it\icon.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\ui-service-provider.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\resources\Core\Encodings\AdobeSingleGlyphList C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\pt\info.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\plugins\plugin-sharepoint-storage.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\pugixml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\boost_wserialization-vc143-mt-x64-1_81.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\resources\Core\Icons\file_attachment.pushpin.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\en\icon.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\ui-main-frame.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\localization\de\icon.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\libpng16.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\stats.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\brand.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\resources\Core\Templates\StickerNormal C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\icudtl.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\bl-creator-module.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\resources\Core\Icons\file_attachment.tag.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Soda PDF Desktop 14\creator-app.exe C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF66A20AFC59D06D8C.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\ocr_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\install_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\main_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\create_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\edit_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\insert_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\edit_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\ocr_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\convert_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\forms_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585eb5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585eb5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\uninstall_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\main_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\asian_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\asian_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\asian_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI64B1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\forms_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\insert_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\ocr_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\ocr_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF42EEF9B0C3558427.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\main_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\convert_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\review_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\review_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\insert_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585eb9.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\asian_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\uninstall_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\secure_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\install_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\convert_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\create_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\review_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\edit_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8069.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\edit_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI61B3.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{E9BA91BA-BC87-4941-9483-263CE299F4BD} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\create_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\forms_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFB5A7EC40B34B266D.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\convert_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\review_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\secure_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\secure_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF2D859D9C42F2ACB6.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI64E1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\install_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\forms_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\uninstall_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\create_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\secure_icon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\insert_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\main_icon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\install_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\uninstall_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
N/A N/A C:\Windows\System32\spoolsv.exe N/A
N/A N/A C:\Windows\System32\spoolsv.exe N/A
N/A N/A C:\Windows\System32\spoolsv.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-app.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866}\LocalServer32 C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A134AD52-46E1-4B91-8062-3273EA1973BE}\LocalServer32 C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A134AD52-46E1-4B91-8062-3273EA1973BE}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C78D09CF-BC6C-4FC7-94A9-0C3FF7553DF1}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5632346-C6A0-4C8B-B818-606B54E48991}\InprocServer32\ = "C:\\Program Files\\Soda PDF Desktop 14\\preview-handler.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A4FF52D0-17EB-4C19-AA84-5A9F6D1D6CFE}\LocalServer32 C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda-launcher.exe\" --activate-message-from-notifications-events" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627}\LocalServer32 C:\Program Files\Soda PDF Desktop 14\update-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E46159C-FAA8-4497-B758-1252B9FD82F4}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A134AD52-46E1-4B91-8062-3273EA1973BE}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\update-service.exe\"" C:\Program Files\Soda PDF Desktop 14\update-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E46159C-FAA8-4497-B758-1252B9FD82F4}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E46159C-FAA8-4497-B758-1252B9FD82F4}\InprocServer32\ = "C:\\Program Files\\Soda PDF Desktop 14\\context-menu.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C147EFB-429A-4C84-A3A7-5BF475952C90}\LocalServer32 C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C147EFB-429A-4C84-A3A7-5BF475952C90}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A4FF52D0-17EB-4C19-AA84-5A9F6D1D6CFE}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\stats-com.exe" C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7FDB2B-B78E-4780-AC92-C2954D8D5AB9}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0641536A-7485-4979-BC56-03ED6B74F253}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\creator-ws.exe\"" C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C78D09CF-BC6C-4FC7-94A9-0C3FF7553DF1}\LocalServer32 C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5632346-C6A0-4C8B-B818-606B54E48991}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0641536A-7485-4979-BC56-03ED6B74F253}\LocalServer32 C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7FDB2B-B78E-4780-AC92-C2954D8D5AB9}\InprocServer32\ = "C:\\Program Files\\Soda PDF Desktop 14\\thumbnail-handler.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C147EFB-429A-4C84-A3A7-5BF475952C90}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A4FF52D0-17EB-4C19-AA84-5A9F6D1D6CFE}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\stats-com.exe\"" C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5632346-C6A0-4C8B-B818-606B54E48991}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7FDB2B-B78E-4780-AC92-C2954D8D5AB9}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\update-service.exe" C:\Program Files\Soda PDF Desktop 14\update-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C78D09CF-BC6C-4FC7-94A9-0C3FF7553DF1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD}\LocalServer32 C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\System32\spoolsv.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\System32\spoolsv.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 C:\Windows\System32\spoolsv.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\System32\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 C:\Windows\System32\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 C:\Windows\System32\spoolsv.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 C:\Windows\System32\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 C:\Windows\System32\spoolsv.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\System32\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 C:\Windows\System32\spoolsv.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000007faf6a05fbc582680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800007faf6a050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809007faf6a05000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d7faf6a05000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007faf6a0500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 C:\Windows\System32\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\System32\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\System32\spoolsv.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\System32\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 C:\Windows\System32\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\System32\spoolsv.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Fax = "winspool,Ne02:" C:\Windows\System32\spoolsv.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\PDF Printer\OpenAfterConversion = "1" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Send To OneNote 2016 = "winspool,nul:,15,45" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft XPS Document Writer = "winspool,Ne00:" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Fax = "winspool,Ne02:,15,45" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Soda PDF Desktop 14 = "winspool,Ne03:" C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft XPS Document Writer = "winspool,Ne00:" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft Print to PDF = "winspool,Ne01:,15,45" C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Soda PDF Desktop 14 = "winspool,Ne03:,15,45" C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\PDF Printer\ChooseFile = "1" C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer = "winspool,Ne00:,15,45" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Send To OneNote 2016 = "winspool,nul:" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft Print to PDF = "winspool,Ne01:" C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\PDF Tools AG C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Soda PDF Desktop 14 = "winspool,Ne03:,15,45" C:\Windows\System32\spoolsv.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Send To OneNote 2016 = "winspool,nul:" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Fax = "winspool,Ne02:" C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Devices C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Printers\DevModePerUser C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\PDF Printer C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\Previewers Settings C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft Print to PDF = "winspool,Ne01:,15,45" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Soda PDF Desktop 14 = "winspool,Ne03:" C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14 C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Send To OneNote 2016 = "winspool,nul:,15,45" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft Print to PDF = "winspool,Ne01:" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Fax = "winspool,Ne02:,15,45" C:\Windows\System32\spoolsv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer = "winspool,Ne00:,15,45" C:\Windows\System32\spoolsv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\Previewers Settings\IE = "1" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Soda PDF Desktop 14\shell\print\command C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\shell\open\command\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda.exe\" --file \"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B0572B4-9E4A-4D8B-9622-92A41C68F8AC}\ProxyStubClsid32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1404872B-31CD-4F6A-AD68-FB7A9C667B94}\1.0\0\win64 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\SupportedTypes\.wwf C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6547CDA-C6F5-4C26-987A-D2EADCEC30BA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SodaPDFDesktop12CreatorService.COMCreator.1\CLSID\ = "{0641536A-7485-4979-BC56-03ED6B74F253}" C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD} C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEDABABE-EBBA-A500-0000-00DEDABABAEB}\TypeLib\ = "{6E4424FC-3B66-46B1-A8DB-5EB1F8DD7884}" C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\ProxyStubClsid32 C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Soda PDF Desktop 14\shell\open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Soda PDF Desktop 14 WWF C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\shell\edit\command\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda.exe\" --file \"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60EF2F3F-79CE-457A-9BC3-17989F12BD10}\ = "_ISubscriptionBridgeEvents" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627}\Programmable C:\Program Files\Soda PDF Desktop 14\update-service.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Soda PDF Desktop 14 WWF\shell\open\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4168C2B1-4121-4A67-9BBA-B83986A85AF9} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1404872B-31CD-4F6A-AD68-FB7A9C667B94}\1.0\0\win64\ = "C:\\Program Files\\Soda PDF Desktop 14\\context-menu.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866}\TypeLib C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD}\Programmable C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEDABABE-EBBA-A500-0000-00DEDABABAEB}\ = "ISapeProxy" C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\ProxyStubClsid32 C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0160C292-4F1C-4D83-9A11-875062F8FF3D}\1.0\HELPDIR C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AB19AB9E78CB1494493862C32E994FDB\excel_feature = "\x06msoffice_feature" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\81ED7FE13D9E44B419682E5FB4EA448A\AB19AB9E78CB1494493862C32E994FDB C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627} C:\Program Files\Soda PDF Desktop 14\update-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9AC7F2B3-F19F-4966-9E11-B538E5746AD3}\TypeLib\ = "{6E4424FC-3B66-46B1-A8DB-5EB1F8DD7884}" C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wwf\shell C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9CE1A58E-6AB8-4E6C-9F1B-1D0B524997DE} C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C147EFB-429A-4C84-A3A7-5BF475952C90}\AppID = "{44F11856-4FCE-49B0-B381-B6DCBFD01BF4}" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{80140560-3928-4240-8709-E035ECE685B8}\ = "_IMemberIdBridgeEvents" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1765D73A-805E-41EC-BA65-44CBB8F2AF1B}\1.0\0 C:\Program Files\Soda PDF Desktop 14\update-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A4FF52D0-17EB-4C19-AA84-5A9F6D1D6CFE}\Programmable C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\0 C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.pdf\shell\edit.Soda PDF Desktop 14\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866} C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4FA5D1F-953E-4E29-9C1A-D0BDFEC8E960}\TypeLib\Version = "1.0" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A67C53BE-431B-48DC-8FD6-DDE8FB035B3F}\ProxyStubClsid32 C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6547CDA-C6F5-4C26-987A-D2EADCEC30BA}\TypeLib\ = "{1B8B5DB6-3047-4DC6-B637-F6F639DE68AB}" C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9AC7F2B3-F19F-4966-9E11-B538E5746AD3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\shell\edit C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\soda14\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SodaPDFDesktop12CreatorService.COMCreator C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9CE1A58E-6AB8-4E6C-9F1B-1D0B524997DE}\ = "ICOMCreator" C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda-launcher.exe\" --activate-message-from-notifications-events" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E46159C-FAA8-4497-B758-1252B9FD82F4}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6547CDA-C6F5-4C26-987A-D2EADCEC30BA} C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6547CDA-C6F5-4C26-987A-D2EADCEC30BA}\ProxyStubClsid32 C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A8696C46-7C2A-4562-A20B-1AD1E1569B71} C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1B8B5DB6-3047-4DC6-B637-F6F639DE68AB}\1.0\HELPDIR C:\Program Files\Soda PDF Desktop 14\activation-service.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Soda PDF Desktop 14 WWF\shell\open\command C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Soda PDF Desktop 14 WWF\shell\open\command\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda.exe\"\"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SodaPDFDesktop12CreatorService.COMCreator.1\CLSID C:\Program Files\Soda PDF Desktop 14\creator-ws.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB19AB9E78CB1494493862C32E994FDB\ProductName = "Soda PDF Desktop 14 View Module" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB19AB9E78CB1494493862C32E994FDB\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9AC7F2B3-F19F-4966-9E11-B538E5746AD3}\ = "IStatProxy" C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\TypeLib C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\TypeLib\Version = "1.0" C:\Program Files\Soda PDF Desktop 14\stats-com.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3B0572B4-9E4A-4D8B-9622-92A41C68F8AC}\ProxyStubClsid32 C:\Windows\System32\MsiExec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe N/A
N/A N/A C:\Program Files\Soda PDF Desktop 14\soda.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4888 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe
PID 4888 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe
PID 4888 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe
PID 4960 wrote to memory of 2852 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4960 wrote to memory of 2852 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4960 wrote to memory of 2248 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 2248 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 4968 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 4968 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 1884 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 1884 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 4296 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 4296 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 4292 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe
PID 4960 wrote to memory of 4292 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe
PID 4960 wrote to memory of 2136 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\creator-app.exe
PID 4960 wrote to memory of 2136 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\creator-app.exe
PID 4960 wrote to memory of 4984 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\creator-ws.exe
PID 4960 wrote to memory of 4984 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\creator-ws.exe
PID 4960 wrote to memory of 3628 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\activation-service.exe
PID 4960 wrote to memory of 3628 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\activation-service.exe
PID 4960 wrote to memory of 820 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 820 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4960 wrote to memory of 4416 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\soda.exe
PID 4960 wrote to memory of 4416 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\soda.exe
PID 4960 wrote to memory of 4380 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\update-service.exe
PID 4960 wrote to memory of 4380 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\update-service.exe
PID 4960 wrote to memory of 2816 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\stats-com.exe
PID 4960 wrote to memory of 2816 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\stats-com.exe
PID 4960 wrote to memory of 2784 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe
PID 4960 wrote to memory of 2784 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe
PID 4960 wrote to memory of 2360 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\soda.exe
PID 4960 wrote to memory of 2360 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Soda PDF Desktop 14\soda.exe
PID 4888 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4888 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe

"C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe"

C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe

"C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe" /RegServer

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 9178124D94ECCC40E8DA86AB0EEA825F

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Soda PDF Desktop 14\preview-handler.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Soda PDF Desktop 14\thumbnail-handler.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Soda PDF Desktop 14\context-menu.dll"

C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe

"C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe" -i "C:\Program Files\Soda PDF Desktop 14\"

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Soda PDF Desktop 14\creator-app.exe

"C:\Program Files\Soda PDF Desktop 14\creator-app.exe" -regserver

C:\Program Files\Soda PDF Desktop 14\creator-ws.exe

"C:\Program Files\Soda PDF Desktop 14\creator-ws.exe" -service

C:\Program Files\Soda PDF Desktop 14\activation-service.exe

"C:\Program Files\Soda PDF Desktop 14\activation-service.exe" -service

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 87A90DE248AE4CF1589E473F884857B7 E Global\MSI0000

C:\Program Files\Soda PDF Desktop 14\soda.exe

"C:\Program Files\Soda PDF Desktop 14\soda.exe" --command --add-scheduler

C:\Program Files\Soda PDF Desktop 14\update-service.exe

"C:\Program Files\Soda PDF Desktop 14\update-service.exe" -service

C:\Program Files\Soda PDF Desktop 14\stats-com.exe

"C:\Program Files\Soda PDF Desktop 14\stats-com.exe" -RegServer

C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe

"C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe" --add-scheduler

C:\Program Files\Soda PDF Desktop 14\soda.exe

"C:\Program Files\Soda PDF Desktop 14\soda.exe" --command --associate

C:\Program Files\Soda PDF Desktop 14\activation-service.exe

"C:\Program Files\Soda PDF Desktop 14\activation-service.exe"

C:\Program Files\Soda PDF Desktop 14\soda.exe

"C:\Program Files\Soda PDF Desktop 14\soda.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://paygw.sodapdf.com/redirect/install/soda-pdf-desktop-14/?lang=en&lang=en&qti=42759513-b9ca-311c-6862-58e4eca0011b_2024-06-14&mkey6=42759513-b9ca-311c-6862-58e4eca0011b_2024-06-14&uid=1015225&cmp=spdf_all_direct_all_all_all_all&wid=1400&mkey1=sodapdf.com&mkey2=FD2ED2AF-36ED-483C-B42D-60BB67958B4B&version=14.0.421.22777&configId=C0FA62E2-7699-4276-8772-B3972CECFF73&ii=FD2ED2AF-36ED-483C-B42D-60BB67958B4B&guid=FD2ED2AF-36ED-483C-B42D-60BB67958B4B

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9bf8a3cb8,0x7ff9bf8a3cc8,0x7ff9bf8a3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1792 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe

"C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe" --check-notifications

C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe

"C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe" --show-message-in-notifications "C:\Users\Admin\AppData\Roaming\Soda PDF Desktop 14\mini-messages\m_AA71F4D8-FCC8-469F-9CFF-CD05DA83912F\7d415581-10bb-4e89-9b3d-06a54cfdab36" --channel 0

C:\Program Files\Soda PDF Desktop 14\tray-app.exe

"C:\Program Files\Soda PDF Desktop 14\tray-app.exe" --mode=app-close

C:\Program Files\Soda PDF Desktop 14\soda.exe

"C:\Program Files\Soda PDF Desktop 14\soda.exe" --update --mode auto

C:\Program Files\Soda PDF Desktop 14\stats-com.exe

"C:\Program Files\Soda PDF Desktop 14\stats-com.exe" -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 wsgeoip.sodapdf.com udp
US 104.19.145.4:443 redmtl.sodapdf.com tcp
US 104.18.7.41:443 avqservice.avanquest.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 104.19.146.4:443 www.sodapdf.com tcp
N/A 127.0.0.1:49737 tcp
N/A 127.0.0.1:49740 tcp
CA 64.15.159.230:80 download14-desktop.sodapdf.com tcp
CA 64.15.159.230:443 download14-desktop.sodapdf.com tcp
US 104.19.145.4:443 www.sodapdf.com tcp
N/A 127.0.0.1:49759 tcp
N/A 127.0.0.1:49762 tcp
N/A 127.0.0.1:49765 tcp
CA 64.15.159.230:80 download14-desktop.sodapdf.com tcp
CA 64.15.159.230:443 download14-desktop.sodapdf.com tcp
US 104.19.145.4:443 www.sodapdf.com tcp
N/A 127.0.0.1:49777 tcp
N/A 127.0.0.1:49780 tcp
N/A 127.0.0.1:49783 tcp
CA 64.15.159.230:80 download14-desktop.sodapdf.com tcp
CA 64.15.159.230:443 download14-desktop.sodapdf.com tcp
US 104.19.146.4:443 www.sodapdf.com tcp
US 104.19.145.4:443 www.sodapdf.com tcp
US 104.19.145.4:443 www.sodapdf.com tcp
US 104.19.146.4:443 www.sodapdf.com tcp
US 104.19.145.4:443 www.sodapdf.com tcp
CA 64.15.159.230:80 download14-desktop.sodapdf.com tcp
CA 64.15.159.230:443 download14-desktop.sodapdf.com tcp
US 104.19.145.4:443 www.sodapdf.com tcp
US 8.8.8.8:53 track.sodapdf.com udp
US 104.18.7.41:443 qti.avanquest.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 104.18.7.41:443 avqservice.avanquest.com tcp
US 104.19.145.4:443 inapp.sodapdf.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 104.21.58.187:443 api.retargeted.co tcp
IE 2.18.24.8:80 apps.identrust.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 142.250.187.196:443 www.google.com tcp
US 104.19.145.4:443 inapp.sodapdf.com tcp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 172.67.206.65:443 api.retargeted.co tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 104.19.145.4:443 inapp.sodapdf.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 172.64.155.119:443 privacyportal-eu.onetrust.com tcp
US 172.64.155.119:443 privacyportal-eu.onetrust.com tcp
N/A 224.0.0.251:5353 udp
US 104.19.145.4:443 inapp.sodapdf.com tcp
US 104.19.145.4:443 inapp.sodapdf.com tcp
N/A 127.0.0.1:50202 tcp
N/A 127.0.0.1:50211 tcp
N/A 127.0.0.1:50214 tcp
CA 64.15.159.230:80 download14-desktop.sodapdf.com tcp
CA 64.15.159.230:443 download14-desktop.sodapdf.com tcp
US 104.19.145.4:443 inapp.sodapdf.com tcp
US 104.19.146.4:443 inapp.sodapdf.com tcp
N/A 127.0.0.1:50217 tcp

Files

C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe

MD5 096bd90aaf32d408e853090e6e614b47
SHA1 b482aa08a610ab24e785f3b56f98486addf137b9
SHA256 60a0ebc38a84ef29081e51951c6c23a4f0dae8db25d6f3da0d3f58f58da3707d
SHA512 fc3420af2cebb6dab4fea585d0c7895afb7f665a34af9643fdccdcce15feed6b70a135c85584151e8270e40a173411d64bb3d5931b9ed3f8cbc216edbede9b0a

\??\Volume{056aaf7f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a055e3b6-a0a1-4448-85ce-f884828281e3}_OnDiskSnapshotProp

MD5 aa40208456cb53147aeb938b69d9de2d
SHA1 989a0c22ec3ad0e10f9f807aa61305c1d9608a2e
SHA256 477c3593d3f1e82b0f285ef16886d5b67a26d690f4564ee19b34cd482da72e64
SHA512 c03ab239c2c115f460d1ef9dd2e0983682a8d925699af3c93119a37cd6f1d6500365226931592aa1fccc35a7a3e74dd02fbedcd98b6fbcc4eed2c47eba382162

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 6c0242e2e615e051108808bad3c247eb
SHA1 a2fa444065ad9ee677639341cd196f8fd595b8ab
SHA256 08e1beed5ceecd3f6cb0dd1a4424b4c28554920d78a22bdb90be9a025724f27c
SHA512 69d8aef5a2afa5f7c44686b7ab5eab8eddfc4b4a5c30ca9e7c76178d6b459c48f46f8a181775e8294f65a6c524e3b810110314e7a28572eae85a21754a740786

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_FB2F322741B359ABDC63489C2FBB09D0

MD5 e8575348bc15b2f7473df87580821681
SHA1 594e39bd8e24e65cfd79348e5a9db99a414c0e22
SHA256 c3cb58e075634ca1813f1d6ab31dc5ab893d77ff7da1fa56754e9abd83e7385e
SHA512 e73440b141fe044d7c92f0a9203e7c2ca3ee4ee6f10865cbf3974d9e794a620a1971e4110e21bd9b11956d7403f11a5ce4631739df3387133e111ebe5efc8248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_FB2F322741B359ABDC63489C2FBB09D0

MD5 b462f5a118eca956c03b54f4bc38ec35
SHA1 7f8c1a4657a9b639e401ace3258a90450413d596
SHA256 f15f7e3100ba2a82541af6bef822659d22182f983529cab6f7f4ccb94b041513
SHA512 fbf7df064c5e1ac8d4334f2fc09ab7e35b71267286dff040e96c67e40ba5698392ef402fb1cc7e133f6ad4b4018bf1b0085fb1b2fa60bb0bfed8be83d982376f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

MD5 ec95ba152315371a12b61e59736ef2af
SHA1 5420ca8697ddefc184f61745f4737305a68a4e75
SHA256 55c56ef40fb19a4cf6d03acd5c5232286fe429d79e0f619701f32d51a5428198
SHA512 ecb8c92181c02083b06272b5d92acbbc51abcd3eee7e42e06d8df77fb2e4240d5fd2f5a1a084dc9c4f7945218fadc1f6a4532145c12dbc1887961cee79f19be9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

MD5 31a0712313f50324489f8259c8bb182b
SHA1 3a78738d8e853e17e4cb690941b67afff003f9b2
SHA256 7cc6844f48e95d885827dbef75fbd0e03069fe89ef33024863491883da7c24b4
SHA512 4355a7083e6d9aaeb6e07a24dd9d10ff67eb135c4455208112f2b386404cc5ceb0a8eaab9f6fdecfad3e6fc81131763ec9d47228419746201a91b88090b582df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

MD5 a303dcb0e5a002a31ea21f021b1539a5
SHA1 d289610263dd36a70c2c229a566d8163a9fbedc6
SHA256 81b9bb4faa981d65dc4ab54ef4177bab0f2b562457680d4dcfd88eba445d7d77
SHA512 29c3d5ef9f4573831c229decaa2a286beff93215db5470833cd72e757db29df3ce3a520b20f22b8dc249d5f949974b54289088b7210a47f1d6af679292d541fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

MD5 9d732588e2c42ac29c9af7a033746cb8
SHA1 ab7c5054377508139d200694c12bb20a721c7934
SHA256 2d1f863e46cb54c14cf5abb4ab12481a158ca5ad60d874f421a5d920742d58c5
SHA512 a7f11219963daeb1da2ce18ed375eed290ec6a338d59496227cddca7edfc24017959978b88defc3c7d8efd08c92c089dff1a282ccf958a0d08ff6317259b2d1d

C:\Windows\Installer\MSI61B3.tmp

MD5 1cc393385ee9ee93b296b3f656d7c9ba
SHA1 11ab135dfd9d62545c4b621d32338b5711a0f81d
SHA256 2eaeeee40f94e85daac2efab7e5974ea8e1b5d3ace6b6d39a41971b4218f1e6d
SHA512 6a1848b22120650f5a00925056e2b07249c031a57310a22a856af4a597ef1b587bb5828f8a276faa6374d5103225d8c6b5ee53e81fa72026c7dad6bc1f7bd9a4

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop 14.lnk~RFe586f20.TMP

MD5 eea7aee052148705615a18f4c1ff59a2
SHA1 0761f2b8b29a527f7ce0c8f4ed4c40b1128310c8
SHA256 e224f65304a31e771ce87634d962483fb371c3a96c9ba261421e69868facf365
SHA512 ec088cacfce04ffbbab92ba86f0b916c720ae2afe9fd626d526593eaff3e76ec47098e0497b436d7fe8228644661dc8e8b38b34c622e6085906024fc2a6988f5

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop 14.lnk

MD5 155f75f339350a9e5e9339fedb7044a4
SHA1 8f2a48aa01969e862800a20a2b681755cad39bbf
SHA256 cf136a2867bbc0f4b3b38529232a2feca3a41e38bbc662fe1c2ae75fd7cf14c9
SHA512 53f0fa1b1268e89b710f4ec8a5d36f5de8e2743f0317defca00a30c7fac6f14cfac32d4d4ac64c91d50e80ad06d18416a8ab8a7b48d8b5917b420c593284e804

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop 14.lnk

MD5 c8c2384eab0ddfd92554e0b64e3a2a75
SHA1 f7d2bbe537351bdc80356b0e23969108b16eb6ef
SHA256 4593708d1a78f487cf0a89f30afc83a485d4ea56cafa8e224244f086729db216
SHA512 fdef7df24e32a9e8b5f9f50031a15f96dc3e2ee698eb5518aaa710011b1d10239c1594388a9fc33921bab54eeb10f598e7be1f870296a615a0b426ada4f26c5a

C:\Program Files\Soda PDF Desktop 14\preview-handler.dll

MD5 ec932137ca13459ea8423f2f62c00fa0
SHA1 267f1e56b6ff91aaf2cc17ce9c4ce4f7ee901438
SHA256 abf66aac723f1d067b1a6addd61dea26d07204f17e4244fb44a126f4b1f22406
SHA512 408330d3d3703448d4a0f1969b49bdf5b9c5b9a135ce4bd1471eb22b2f2ece267488dedc09eb76b257c7e61d0b88bbc7b1e811e24e4d8721d07de75cb40395aa

C:\Program Files\Soda PDF Desktop 14\thumbnail-handler.dll

MD5 079b9ddfc59207d1f3d8dfd0599ce17f
SHA1 9ecb5a75333ce254040bd2a0bcf65f450d8d2f2c
SHA256 b40f867b76c544395ad50f7fc9515358384239f74d15ae6629e40cd4b5ee9ee3
SHA512 85117b4664ddbba434cd435ae8866c00d500f163e73036a414967f6cdbe6d64141d2cd38dce6fc8854c123862b36f5b200f3452047378db44dbcf299c0667e12

C:\Program Files\Soda PDF Desktop 14\pdfcore.dll

MD5 53b3135e189e312fdcdd27132dddb1c0
SHA1 6dec38b66e80d9ae86d06ece387d7f6a880c6bba
SHA256 f6a851f84d8b79d4baf5dd001a4ce8a2e879d98a3a90e2e63da55a5d92aa0fad
SHA512 26444b1d7138772b940e552d9327b566e8008abe6081cc89cae323a2919b63f531db22dcc3e0a92ea5dce9ff812d360fc72058dd09b25166d03dbc9151580dfe

C:\Program Files\Soda PDF Desktop 14\context-menu.dll

MD5 99568f5f06ec437e5ebfd94065811c41
SHA1 e4baafafc705a437b43345e267a99f08c85231cf
SHA256 26d84efbb6fe970a949612d7a70836c5dfe05dea0831997d24527b3b9618af12
SHA512 9076ac506816ebb5d887dd720b28d5b2c42b0017009035ccc629edaa55ea3d67e591ffe2d8174142a7f7c29c6c68c5ecd08acb99967199a2412cb4c7fef61089

C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe

MD5 512dd98c3bfd9d63542bbc03f20770f7
SHA1 8093bdef7d73fb099cc504334c85e08e10948ac6
SHA256 ce99f89ccfa57713685c109cb962f7d194adda986b1ff1a2bcef2cbfe5f1c696
SHA512 50e7a34641f6f75fdc1e89626a00e112b2463de1e8698c5152385410ddcd38df6b63dd6b331f1b3ccf32aa347f3e8a6fc8ed0ca0df59339264321f0845176837

C:\Program Files\Soda PDF Desktop 14\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Program Files\Soda PDF Desktop 14\boost_filesystem-vc143-mt-x64-1_81.dll

MD5 bc99ddfe45830f1f972bad1b96186782
SHA1 f737b6b9851c39d0f03e1a035574c4de137028e1
SHA256 3df3a778fdc42113d9813670fdd87328385fbc9d9af00f98b3cf01517bfb2c58
SHA512 3febd97b9ea3763b70351db0c33ec08cdfbc4e06da3f7696039fbca17e84288ffbdd02e3a7cf28d9acb98a2fb3cb44375cd477373a624afc9c08d4699d9457d1

C:\Program Files\Soda PDF Desktop 14\VCRUNTIME140_1.dll

MD5 75e78e4bf561031d39f86143753400ff
SHA1 324c2a99e39f8992459495182677e91656a05206
SHA256 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e
SHA512 ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

C:\Program Files\Soda PDF Desktop 14\logger.dll

MD5 2e5b0b2f974817d980b390240b721931
SHA1 f81ce1d67174b0f1d85d10119ef65afad8a30642
SHA256 8d1cd725c7eaefa565953391d3225eed0192d0b981b294c1eb155b8be8043d62
SHA512 ab90b1be90f06b6bdf812da9d334f8a62f3785575c71aac2f5bb5c638d4960f4c5994d54113983bbba8cf0881b8bd5ab5804ee597036ec483f8989329e5ad08b

C:\Windows\System32\spool\drivers\x64\soda_pdfpmon_v.6.23.0.2.dll

MD5 855499c20dbaa9855bc0b9033a1d9df1
SHA1 fe88dc0f91502be33856379e24619ce63e8e03d2
SHA256 09c33d2bee8bc1cb37247a927aaddf5424d6fbf58f11a6b8a3514530d6137e2b
SHA512 b4d4c7d73b1ed3a604a00064a8b5bfdac28ffd48f8d614b92e1b5e9692bcf4b8bc211758b5d078b4716c7715e59cd5806602d28369488411224ba6c7c4fced35

C:\Program Files\Soda PDF Desktop 14\msvcp140.dll

MD5 7db24201efea565d930b7ec3306f4308
SHA1 880c8034b1655597d0eebe056719a6f79b60e03c
SHA256 72fe4598f0b75d31ce2dc621e8ef161338c6450bb017cd06895745690603729e
SHA512 bac5729a3eb53e9bc7b680671d028cabef5ea102dfaa48a7c453b67f8ecb358db9f8fb16b3b1d9ea5a2dff34f459f6ac87f3a563c736d81d31048766198ff11e

C:\Program Files\Soda PDF Desktop 14\printer-installer.dll

MD5 b59f66a0f7cad67d2425e5ae8d227368
SHA1 a6be6f740df18c328f9c8edae314bc58800af616
SHA256 ee65b72717d85fb018d9e37d5ab75df9e8dcbf93240fd7811541f8dd9869adc4
SHA512 41966c4062f742fce1f8cbff4beb787830ad9f8890b8d9644679455494ca95aa3c610efb70d966359f30d9038485c6eda535331ea3e0d52be97bf63bffcb1ca8

C:\Program Files\Soda PDF Desktop 14\atom.dll

MD5 a14307b7c3cc8320b2caf1257c3661f9
SHA1 70b49326d967794568e3d21b7be3762f7550e93c
SHA256 488928fac874b59e453edd6f0820b7fd64d836d55128608c03ca1ff28136b2ff
SHA512 7b8cd9e12655f26c2974540599607c065b4cae178f9817f059deb2562599f637435ef1468ecb9c3f0952d067e34587c681b663116ac79fa4608a17ed0e190020

C:\Program Files\Soda PDF Desktop 14\encoding-conversion.dll

MD5 e7ab13c11d046db6dc38d54201bb71e8
SHA1 1fbc03d17da43c8510de95576f8b9558838203ae
SHA256 9928e65652a4a50d43af7a93ea556d0581ddc9d6b89275de84a175710b6289cb
SHA512 e966986a5e599711b93a555bb718183769658316cc7ca6ffd99a59f2ba86cab64a39453774008df5e49a0d3e8cead892b71c25b8bbc70cfb00bfe48c0887d6aa

C:\Program Files\Soda PDF Desktop 14\boost_program_options-vc143-mt-x64-1_81.dll

MD5 fc96160fb4d5722f85a18080d25f8bfe
SHA1 d86e2617a9712a1a35c16fa45054fbf7ebe9b4f3
SHA256 f50934064014c75c1f50b26753441e03b06fc2fee56744f743895419301f7726
SHA512 235b4578f683ee139dd6368417e22dfd06b66465836bf7335d51075509e1e10bb57101f199e4bd8f907e6544396fea7401f5a792ed74a657b64f263299ce6f25

C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.hlp

MD5 6821fdcfdf6365c5e795960cadd078d6
SHA1 d443d77b95449fc80f9e723ad2f2e342005ae6f5
SHA256 ca3fff70e7312e7d30f5f308e963e9fd82f8e96201d32d2c071c7189cb0e704a
SHA512 810339f4c644f6e2c70c5885e980eda703258b55b7261b56c5bcf45777a413c53c72b4bfca0ea3567af9ee37c3605ea632108e10200dda24b295dc58849bd31f

C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.dll

MD5 f96d5541986b9d98d799bd064edfa6da
SHA1 052349f773c2c79467ac214284c0b2b6162210b6
SHA256 0751c0e85ca884443e505bb911b212bce9530a4fda907343ec70100aeaf2517a
SHA512 574fa36bd6f74692b79d867286c16546b4c7b288c891b709ddc188b30abc34aed5ef24110c549e34ade65f1a47622b4352f0a4c36d121abc4ed8b13baa07f490

C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprn_v.6.23.0.2.dll

MD5 5074de00aa7efe9924be974693eca873
SHA1 d6adc466a44291083f4e099e6628d256fa8e1607
SHA256 b6f93a6e1be1866dd6216911a37555a33af47d4b2874325878f086fa3894990d
SHA512 c801428cfbc2ac1f75325c6f5cf7bfd0a8936a949bbefd1155ce3ede6c891ed7e12e80d287e463c4f1085586161b941dd84330de5fe9b48da173baaf472f03bb

C:\Program Files\Soda PDF Desktop 14\creator-app.exe

MD5 715836a5f3522984016dfe1b2035f488
SHA1 562f2f09882e9af3a84cf90904fb18119a520edc
SHA256 da02ec092483dc3b0742b68bada9341f557f737c4f1a2a9a93d96b847a17e862
SHA512 b0eaf90a1b3996388b9e369240dddec55f838ee56e2611f3705b43527a9b940247117eaabdb6d6fc44028183ddcf1447ab450f6ddb8471284b04bcaec102d5e4

C:\Program Files\Soda PDF Desktop 14\boost_thread-vc143-mt-x64-1_81.dll

MD5 95a16c2779755b56203159ce84ebc3a1
SHA1 59d3266c2923ca9a9a3961695cb51f53f862bc93
SHA256 c410dc0183dd49b57c63267a79ecd0bf6fdd9c873894d4a838e20667c8ace3a9
SHA512 dad35f8761af23771a02d50cdcdc2660c476bc50bc04903542f09d004e33d29d11575da5a80c455a2c5334aafd4ab1c5f4cb49ed4c211650e789031779c5ab53

C:\Config.Msi\e585eb8.rbs

MD5 cbaab9058687d65527a546077a94f346
SHA1 c750cfd1660af74a7463ef311c6c1bac93b117eb
SHA256 5a1604766f1bc7207ced5573219f9c668beb410481cf2cf8510cdbbe52ac271d
SHA512 6de044c964304ee4c85aee64e638df4b2395af19d57f71dc1d4d4961d1543a51764cd27f7993a4247ff5512e50213c9f1c96694ea46426f0eb6e10c66c46f9b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bbfb66ff6f5e565ac00d12dbb0f4113d
SHA1 8ee31313329123750487278afb3192d106752f17
SHA256 165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754
SHA512 8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9a91b6dd57fc9c4880d34e9e7c6b760f
SHA1 77a09da6ef4343a8b232386e000cd2d6b9fc30a3
SHA256 0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a
SHA512 9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8f7c3fd8-8701-45b7-b0d9-67032ec76b82.tmp

MD5 c7924f8837b64e1040dde2fcc3b9802a
SHA1 574c5371aaf1e8384b154bbb4347d400105ea25b
SHA256 95ac7a18f71d8c6925f6c18cceced29eb36f237dbe2aaea9be7f10b3274f1d67
SHA512 c418e1a66d9aa631ff3783d8fd7f2f87f8e57361538c09e4f694b2254e289e46795d1bcddf4cd932b772aeb6b1beb13a28857a35f57d432c29571b39ade40638

C:\ProgramData\Soda PDF Desktop 14\Installation\soda-desktop14-edit-module-14.0.421.22777-x64.msi

MD5 372b556f025e5b1ee7b78f46c4d31d25
SHA1 f800175d9b9651998c1726202c86d909c1939e51
SHA256 1464ce6e21c3eb3cf399ad160aec8c402b65a2ff3fd3533e8f39b3f78afdd3c9
SHA512 e66390c13fe21263d78592aacf57e84fef6f7bc3d7d304ce224e7482630f57dbd953945669bc4cc380cdced9af0c2451466cd19f021f3078915a519288b96355

C:\Program Files\Soda PDF Desktop 14\ui-document-panel-properties.dll

MD5 5f8ae5eeed65745660831a3fbf7b4492
SHA1 f6d23c0490a3bf3fddbcc28cb784d45535bdf807
SHA256 f905ca9a66d4c2052902549034b89e7452d7529767c9bc066570b9a5b542e3d0
SHA512 ef6d3243592047e549516d9a0e4d1745f7c2cfaada4f57e705dce3b536314463acc9d323a03f5286c8dfd2a6ec82bffdb94016e0346ae766fa342b2d1a6b90d5

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\uninstall_icon

MD5 8f43060e5c15bf3d02c0dde2d6a8ed1c
SHA1 14ee68bdeced59ed4206dc87ea9fa8fbaf9cbade
SHA256 36f191053dff34ca06ea18da30e89d71cfec2b264b5e6842be5d5c6ed9685919
SHA512 88e75f49395a5ab085bef0d74eab2452848537492467734ad7ce037ea7751a22045fb23ef539725378449fa074ee52f4e3aac05fca2f0a93c784d4ddf777f0bd

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\install_icon

MD5 e0ed6068d9c11e0cac47e8b943f2130e
SHA1 04c9d2dac6a8abdc682b71937efaeb30886deba2
SHA256 de109b705a2586974d0dd02fe41f4a815d3661b25eff40b7f3e033452b4f99ba
SHA512 7b8735bc536f8a1a1a954f901733d57e4b8e45b3967b8a5fb147dafa8543175d70841ecda1dd68f0077d2839d45bcd19f0cdb634fb5b8c7cfeeb101b9e099509

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\main_icon

MD5 3a4e2104cab66ad8e7c6c61b9ab776ec
SHA1 3d07f544ae621e7a4bb5d13e2636b63746bc7b1b
SHA256 b8cde71966345f3ead97e725cc16d0c717e7199e8d1b44bac06f7b0dff33988f
SHA512 377b341a70d4a9d51f0eb11c0be014397ccfe736961dc3a3ac1cba8c72fb9ee44a5816ddb4d989338bc04def6f5aaf41ce48bf34eb3bc1a192060334aeb75155

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\convert_icon

MD5 a74e07b1402000f97f664a0086329511
SHA1 d6db855059c9bb2f4b37bf4fad918b517fa95cb8
SHA256 982b9593fcece20adb98a4118f16709fc7f9229c38d86fab9ecd3b56553b661b
SHA512 2e9530e1d128f509e7e251b5db59d8e4d811fc4600378197f8116cade8b4cd729f7dd390e10dc6e075b59f86cff69cb570b9afda9a24ded74760c1956567bf2d

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\create_icon

MD5 2658ee54c9ab25fe450d2aadd931ebd1
SHA1 6cd0670cab62e10f844861cef9a0fb742fe8c038
SHA256 ad77973500e6b46541b2cc0b7d0cd7db14d21a82fb30b2ebba4aa2149dd7eb2f
SHA512 ec248445c4794c117be44cd8cedf098e915e2b9f7d17ffc071b9a3fd8964711434be966c61500a6385e99ad8ae580dd26df561ab74fec92ae0ebac511ed5b4fb

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\forms_icon

MD5 e6454b09396929d8e8f0e835c6a7b69e
SHA1 75f77620ec04322ea5c5b9ab9b71fb147b2ac2ee
SHA256 17132b1aa162107f50e9dcc7ae7030481713a2bd3247bc5c763b116ed539301b
SHA512 3021c2dc226b4ce2078d3571d65f11e4b706191aeba4efaa9910a72bfa08374f5af0bb38ac2035b096cb109c835ba0f57f9898607938865e53138ff47c2e9ff4

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\edit_icon

MD5 608740f8e31cc9e25d3d5a3ca4a550d2
SHA1 c96474af12a9d2ea368b2902a738608d7d93ac9e
SHA256 649a05786a4ed4c096cde4781d548ec69c10feba6284077345574cf8f1885de7
SHA512 b04b44a8e062426e2403de2c0a5fe13a41cb85653ee0e77539ad1c89df64eb875cf51baef82e8afa26c68256b6d447d3f5e580be58e331aab99d73bf6a08440e

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\insert_icon

MD5 25d8050fa99725674c10e3171e459b63
SHA1 3efe077463551677a71645d748f0a97f50bb30c0
SHA256 70574a0f0d6d526ac7f3b66446642b173efa3d0e1ecfbe2ba1c93b0ea8e2bdee
SHA512 0c2841cf145b07bba853102eccc68aefe2eb2fca4e73c56e487f53b4009c85f447da864c8bf8673b7839a5aee1d4ed6343cb2976aa679d93933afbe16b7b6090

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\ocr_icon

MD5 1c395bd4858818165fa19876497b2732
SHA1 efa7da31cd7f08b74031eb3159c3814aae4e2b48
SHA256 594d661c16148373ac49be576258570b51c4d10850baf9aa8509d7dc226177ee
SHA512 bf2c753daab246d34e4e6fe2092000fd657763a530928015982786829cca1001ade0fe2be4d1b4dc2d414ac0200b5a02ab10a74625c6373a4dedcfbeb7a16a8d

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\review_icon

MD5 373b7c15d38e7add3192cb435c953379
SHA1 05fe64532c6b112ff52b12473ae84dd972b4746c
SHA256 8ef7c485c783611e910c25b7752ca96c2264a8f0fa5d3e4ad83ea9e180e3d112
SHA512 24a67e1b9b71bcffc0f27195b92646212bbd08cc83a459c378d7e89d75505ab4cb7c9c2b97408e4d07d4b413555942807fadb2ff7f547057f5490b983ee94fe6

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\secure_icon

MD5 52cfec1fc19b357d99c92a94d9811ee4
SHA1 0e7de527f0479e7172c047f1ce6abcaee6b5cb7c
SHA256 5f320290071e89ee51ff69273b95df8178677a03e6af355d29984b684e4cd3dd
SHA512 6aa526b2b8a04bb5b8208428aac2029ac623dd1861a590efdf4a96355c175a1ae70589d738e315668d1dc45b1032af33b29244aaf80ab7cfbf98a87f704903c9

C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\asian_icon

MD5 f1a1feadc6dc62efd30c9517f91e5a15
SHA1 a148e7f994f0af149fdbcb861030a4b2e93b8c15
SHA256 558298c4a140431da65a5bdc995f75256ef3bf4128030404fe468bdef5906684
SHA512 4971eb6e9dac411354aef65e17fef1c1a7a9887a1bb6a48c332d3ce7902e79b21c29dbfb84e020378dc586af99b52807b7b385b3df547de5aa9de4237cf0d951

C:\Config.Msi\e585ebd.rbs

MD5 7e6354168017ff9a0cf28a4b7795144c
SHA1 9fe06866f8ea6e7a55076f8c7b169c60d05039ed
SHA256 b17c50014ef3a0c48821aadb73d4795cac5ec42216b72883336fa365843b8ad4
SHA512 a0eec45aa3328a0cee8ce7af228633dc3dfbb398701e2812526ef3585cf9c43ba318afbac61b6f666825333389cccfe623bad6cc5b9e3d80075ce764fdf9f6ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a43b3c1130870e7c80a364b8752610eb
SHA1 62191f0ba88a3334fe52db96e28badea3caa1096
SHA256 295efb532ee80ace2ffbaeed8a656aafb3329db27a4485190744345d11e83356
SHA512 8c3902a127bf9c369338b312c87563530f20cf801d7942f270c2e13885f32df801c224cdd430caa84dea69b942cfe2eb468196daf751420f50c751aeddb0308a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 13acfce93f30ff09c70da67c7513bd2b
SHA1 d4c04c24a96d80fd8f295457d161369ea4fde54f
SHA256 8821bf1dbe754967966846f52ef7ef4486202ba52e1a8c935c452c6cb8247e44
SHA512 b7dec017c40df360fdce43c123a4bd3674c7bd3b08148af376cf83544534dab6c0516e66c06a0a8a5f670451d69f2b5c7bc5ad941296f40189c1ef48121dceac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 08c3ce6de7b6d173e00b154263496ef4
SHA1 1c6d46ab5341b8df4e2bc893d9de8d35ff85a011
SHA256 cc933d50a8d4a698b1bed59a413d93c76c9ff54de31610b8c5f1a201fe37b3eb
SHA512 fc44025084472aff55b8d30826fbd3cd11f271368c99e4adf97afc1b5857a98c19c36cede8dd605abc464b0111eba8b3a711ca9a97b7283db346feb5220df910

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab62b5f803c28c5cb2df01ed6126cfdc
SHA1 c7a2dc846549f60dfa1e7a2bbc08520f18caaa7b
SHA256 a0886122cc2f642c61f296ef77ed013b71cbbc15531cf0b4a24fd87069218e7d
SHA512 e52b5ee358741e190a4f3f9736c5cb954168debc881ec9cb1a21c9736505d8cc5a0e6b9ac7abec907dab91861deae3f56ed77007f4a58c377f6be99a286a9f97

C:\Users\Admin\AppData\Roaming\Soda PDF Desktop 14\mini-messages\m_AA71F4D8-FCC8-469F-9CFF-CD05DA83912F\message\index.html

MD5 06b20aa5b2e9b314c69e88774ab0c29b
SHA1 a1a1c860201ca52693b49e8559132e64a0b39add
SHA256 9f61599fe1f02ed91d2852879835fdfae67aad11351bc982135153f4eb1edf60
SHA512 5acef999c71703b141d2b90477cb3dc723574f6c7fb70c4d1065ff82e4110258d419a0620198c5944f672372ead0e46ad721d3cafcd25904e1f599da51a281ae

C:\Config.Msi\e585ec2.rbs

MD5 fb2a4ab7e1de8dd385b69179a892a655
SHA1 807364bf8bbadc4cad33f5657f61827ea8360c70
SHA256 4e1615172055bf797f7a7b34b9310dc23fb8fc2b6aaecb8ef26eb97a375e741d
SHA512 1ee6c316810aa2bf63c7296b7a67dea6b92c73155f5f26cee86f8d45a4a71af17c1d8f6c100ec716bae00408771ec792031c4a1b70865fcd787beed613c4b1cc