Analysis Overview
SHA256
60a0ebc38a84ef29081e51951c6c23a4f0dae8db25d6f3da0d3f58f58da3707d
Threat Level: Known bad
The file SodaPDFDesktop14.exe was found to be: Known bad.
Malicious Activity Summary
Risepro family
RisePro
Registers new Print Monitor
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Executes dropped EXE
Drops file in Program Files directory
Loads dropped DLL
Registers COM server for autorun
Checks installed software on the system
Enumerates physical storage devices
Uses Volume Shadow Copy service COM API
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 03:30
Signatures
Risepro family
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 03:30
Reported
2024-06-15 03:32
Platform
win10v2004-20240508-en
Max time kernel
98s
Max time network
108s
Command Line
Signatures
RisePro
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982} | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\LocalServer32 | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Version\ = "1.0" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Elevation\IconReference = "@C:\\ProgramData\\Soda PDF Desktop 14\\Installation\\SodaPDFDesktop14.exe,-501" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\HELPDIR | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ = "IInstaller" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\ = "Installer Class" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0 | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520} | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}\AccessPermission = 010014804c0000005c000000140000003000000002001c0001000000110014000400000001010000000000100010000002001c0001000000000014000b0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000 | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Programmable | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Version | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Elevation | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\0\win32 | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ProxyStubClsid32 | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}\LaunchPermission = 010014804c0000005c000000140000003000000002001c0001000000110014000400000001010000000000100010000002001c0001000000000014000b0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000 | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\FLAGS\ = "0" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688} | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\LocalServer32\ServerExecutable = "C:\\ProgramData\\Soda PDF Desktop 14\\Installation\\SodaPDFDesktop14.exe" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\Elevation\Enabled = "1" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\0\win32\ = "C:\\ProgramData\\Soda PDF Desktop 14\\Installation\\SodaPDFDesktop14.exe" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\HELPDIR\ = "C:\\ProgramData\\Soda PDF Desktop 14\\Installation" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}\LaunchPermission = 010014804c0000005c000000140000003000000002001c0001000000110014000400000001010000000000100010000002001c0001000000000014000b0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}\AccessPermission = 010014804c0000005c000000140000003000000002001c0001000000110014000400000001010000000000100010000002001c0001000000000014000b0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982} | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\LocalServer32\ = "\"C:\\ProgramData\\Soda PDF Desktop 14\\Installation\\SodaPDFDesktop14.exe\"" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\0 | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\Version = "1.0" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\TypeLib | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C} | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\ = "GlamInstallerComLib" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\FLAGS | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\Version = "1.0" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520} | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ = "IInstaller" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ProxyStubClsid32 | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3996 wrote to memory of 664 | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe |
| PID 3996 wrote to memory of 664 | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe |
| PID 3996 wrote to memory of 664 | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe
"C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe"
C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe
"C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe" /RegServer
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wsgeoip.sodapdf.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wsgeoip.sodapdf.com | udp |
| US | 8.8.8.8:53 | wsgeoip.sodapdf.com | udp |
| N/A | 127.0.0.1:56951 | tcp | |
| N/A | 127.0.0.1:56958 | tcp | |
| US | 8.8.8.8:53 | analytic.sodapdf.com | udp |
| N/A | 127.0.0.1:56960 | tcp |
Files
C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe
| MD5 | 096bd90aaf32d408e853090e6e614b47 |
| SHA1 | b482aa08a610ab24e785f3b56f98486addf137b9 |
| SHA256 | 60a0ebc38a84ef29081e51951c6c23a4f0dae8db25d6f3da0d3f58f58da3707d |
| SHA512 | fc3420af2cebb6dab4fea585d0c7895afb7f665a34af9643fdccdcce15feed6b70a135c85584151e8270e40a173411d64bb3d5931b9ed3f8cbc216edbede9b0a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 03:30
Reported
2024-06-15 03:32
Platform
win11-20240611-en
Max time kernel
82s
Max time network
106s
Command Line
Signatures
RisePro
Registers new Print Monitor
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\AddTimeStamp = "0" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port: | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\PromptFilename = "0" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\FolderName = "C:\\Program Files\\Soda PDF Desktop 14\\Print" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\RemoveExtension = "1" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\ExecuteCommand = "1" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\AddUser = "0" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint\OfflinePorts | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\UniqueNames = "1" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\IPP | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\FileName | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\Command = "\"C:\\Program Files\\Soda PDF Desktop 14\\creator-app.exe\" \"%FILE%\"" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Soda PDF Desktop 14 Monitor\Ports\SodaPDFDesktop14_Port:\RemovePrefixes = "0" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Ports | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon\Ports | C:\Windows\System32\spoolsv.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprn_v.6.23.0.2.dll | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.dll | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\soda_pdfpmon_v.6.23.0.2.dll | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.hlp | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\3\New\soda_pdfprn_v.6.23.0.2.dll | C:\Windows\System32\spoolsv.exe | N/A |
| File opened for modification | C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.hlp | C:\Windows\System32\spoolsv.exe | N/A |
| File opened for modification | C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.dll | C:\Windows\System32\spoolsv.exe | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\3\New\soda_pdfprnui_v.6.23.0.2.dll | C:\Windows\System32\spoolsv.exe | N/A |
| File created | C:\Windows\system32\spool\DRIVERS\x64\3\New\soda_pdfprnui_v.6.23.0.2.hlp | C:\Windows\System32\spoolsv.exe | N/A |
| File opened for modification | C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprn_v.6.23.0.2.dll | C:\Windows\System32\spoolsv.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Soda PDF Desktop 14\ui-ads.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\ui-document-panel-attachments.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\unrar.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\Click on 'Change' to select default pdf handler.pdf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\plugins\plugin_notification.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\plugins\plugin-onboarding-tutorial.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\ui-document-panel-properties.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\win-specific-services.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\uk\info.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\uk\messages.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\boost_iostreams-vc143-mt-x64-1_81.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\zstd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\resources\Core\Encodings\AdobeStandardEncoding | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\bl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\plugins\plugin-pdf-converter.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\libcrypto-3-x64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\ui-document-panel-layers.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\ui-user-management.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\v8_libplatform.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\bl-scan.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\crash-handler.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\ru\info.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\libwebp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\es\messages.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\resources\Core\Icons\sticker.normal.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\libprotobuf-lite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\ja\messages.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\bl-edit.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\ui-dialogs-esign2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\ja\icon.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\sp\ui\ui.csp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\graphics-service.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\ru\messages.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\abseil_dll.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\resources\Core\Encodings\MSSymbolEncoding | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\resources\Scripts\Common.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\plugins\plugin-googledrive-storage.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\pt\messages.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\pdf2pdfconv.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\plugins\plugin-text-markup.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\icuuc74.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\fr\info.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\it\icon.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\ui-service-provider.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\resources\Core\Encodings\AdobeSingleGlyphList | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\pt\info.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\plugins\plugin-sharepoint-storage.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\pugixml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\boost_wserialization-vc143-mt-x64-1_81.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\resources\Core\Icons\file_attachment.pushpin.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\en\icon.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\ui-main-frame.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\localization\de\icon.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\libpng16.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\stats.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\brand.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\resources\Core\Templates\StickerNormal | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\icudtl.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\bl-creator-module.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\resources\Core\Icons\file_attachment.tag.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Soda PDF Desktop 14\creator-app.exe | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF66A20AFC59D06D8C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\ocr_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\install_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\main_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\create_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\edit_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\insert_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\edit_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\ocr_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\convert_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\forms_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585eb5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585eb5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\uninstall_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\main_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\asian_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\asian_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\asian_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI64B1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\forms_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\insert_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\ocr_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\ocr_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF42EEF9B0C3558427.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\main_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\convert_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\review_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\review_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\insert_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585eb9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\asian_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\uninstall_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\secure_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\install_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\convert_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\create_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\review_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\edit_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8069.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\edit_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI61B3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{E9BA91BA-BC87-4941-9483-263CE299F4BD} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\create_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\forms_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB5A7EC40B34B266D.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\convert_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\review_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\secure_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\secure_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF2D859D9C42F2ACB6.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI64E1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\install_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\forms_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\uninstall_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\create_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\secure_icon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\insert_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\main_icon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\install_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E9BA91BA-BC87-4941-9483-263CE299F4BD}\uninstall_icon.5C9BBFCE_F40D_4866_BD03_B64A7523DB29 | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\creator-app.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\soda.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\update-service.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\soda.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\soda.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866}\LocalServer32 | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A134AD52-46E1-4B91-8062-3273EA1973BE}\LocalServer32 | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A134AD52-46E1-4B91-8062-3273EA1973BE}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C78D09CF-BC6C-4FC7-94A9-0C3FF7553DF1}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5632346-C6A0-4C8B-B818-606B54E48991}\InprocServer32\ = "C:\\Program Files\\Soda PDF Desktop 14\\preview-handler.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A4FF52D0-17EB-4C19-AA84-5A9F6D1D6CFE}\LocalServer32 | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda-launcher.exe\" --activate-message-from-notifications-events" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627}\LocalServer32 | C:\Program Files\Soda PDF Desktop 14\update-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E46159C-FAA8-4497-B758-1252B9FD82F4}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A134AD52-46E1-4B91-8062-3273EA1973BE}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\update-service.exe\"" | C:\Program Files\Soda PDF Desktop 14\update-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E46159C-FAA8-4497-B758-1252B9FD82F4}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E46159C-FAA8-4497-B758-1252B9FD82F4}\InprocServer32\ = "C:\\Program Files\\Soda PDF Desktop 14\\context-menu.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C147EFB-429A-4C84-A3A7-5BF475952C90}\LocalServer32 | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C147EFB-429A-4C84-A3A7-5BF475952C90}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A4FF52D0-17EB-4C19-AA84-5A9F6D1D6CFE}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\stats-com.exe" | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7FDB2B-B78E-4780-AC92-C2954D8D5AB9}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0641536A-7485-4979-BC56-03ED6B74F253}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\creator-ws.exe\"" | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C78D09CF-BC6C-4FC7-94A9-0C3FF7553DF1}\LocalServer32 | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5632346-C6A0-4C8B-B818-606B54E48991}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0641536A-7485-4979-BC56-03ED6B74F253}\LocalServer32 | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7FDB2B-B78E-4780-AC92-C2954D8D5AB9}\InprocServer32\ = "C:\\Program Files\\Soda PDF Desktop 14\\thumbnail-handler.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C147EFB-429A-4C84-A3A7-5BF475952C90}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A4FF52D0-17EB-4C19-AA84-5A9F6D1D6CFE}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\stats-com.exe\"" | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5632346-C6A0-4C8B-B818-606B54E48991}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7FDB2B-B78E-4780-AC92-C2954D8D5AB9}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe\"" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\update-service.exe" | C:\Program Files\Soda PDF Desktop 14\update-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C78D09CF-BC6C-4FC7-94A9-0C3FF7553DF1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Soda PDF Desktop 14\\activation-service.exe" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD}\LocalServer32 | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000007faf6a05fbc582680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800007faf6a050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809007faf6a05000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d7faf6a05000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007faf6a0500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\spoolsv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{f01fac5d-e5f6-485f-a8c6-27446425998c}\0002 | C:\Windows\System32\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\spoolsv.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Fax = "winspool,Ne02:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\PDF Printer\OpenAfterConversion = "1" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Send To OneNote 2016 = "winspool,nul:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft XPS Document Writer = "winspool,Ne00:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Fax = "winspool,Ne02:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Soda PDF Desktop 14 = "winspool,Ne03:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft XPS Document Writer = "winspool,Ne00:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft Print to PDF = "winspool,Ne01:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Soda PDF Desktop 14 = "winspool,Ne03:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\PDF Printer\ChooseFile = "1" | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer = "winspool,Ne00:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Send To OneNote 2016 = "winspool,nul:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft Print to PDF = "winspool,Ne01:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\PDF Tools AG | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Soda PDF Desktop 14 = "winspool,Ne03:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Send To OneNote 2016 = "winspool,nul:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Fax = "winspool,Ne02:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Devices | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Printers\DevModePerUser | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\PDF Printer | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\Previewers Settings | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft Print to PDF = "winspool,Ne01:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Soda PDF Desktop 14 = "winspool,Ne03:" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14 | C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Send To OneNote 2016 = "winspool,nul:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft Print to PDF = "winspool,Ne01:" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Fax = "winspool,Ne02:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer = "winspool,Ne00:,15,45" | C:\Windows\System32\spoolsv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Soda PDF Desktop 14\Previewers Settings\IE = "1" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Soda PDF Desktop 14\shell\print\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\shell\open\command\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda.exe\" --file \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B0572B4-9E4A-4D8B-9622-92A41C68F8AC}\ProxyStubClsid32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1404872B-31CD-4F6A-AD68-FB7A9C667B94}\1.0\0\win64 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\SupportedTypes\.wwf | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6547CDA-C6F5-4C26-987A-D2EADCEC30BA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SodaPDFDesktop12CreatorService.COMCreator.1\CLSID\ = "{0641536A-7485-4979-BC56-03ED6B74F253}" | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD} | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEDABABE-EBBA-A500-0000-00DEDABABAEB}\TypeLib\ = "{6E4424FC-3B66-46B1-A8DB-5EB1F8DD7884}" | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\ProxyStubClsid32 | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Soda PDF Desktop 14\shell\open | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Soda PDF Desktop 14 WWF | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\shell\edit\command\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda.exe\" --file \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60EF2F3F-79CE-457A-9BC3-17989F12BD10}\ = "_ISubscriptionBridgeEvents" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627}\Programmable | C:\Program Files\Soda PDF Desktop 14\update-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Soda PDF Desktop 14 WWF\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4168C2B1-4121-4A67-9BBA-B83986A85AF9} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1404872B-31CD-4F6A-AD68-FB7A9C667B94}\1.0\0\win64\ = "C:\\Program Files\\Soda PDF Desktop 14\\context-menu.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866}\TypeLib | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD979A24-BDBF-4DB8-BD68-7764248CC7AD}\Programmable | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\shell | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEDABABE-EBBA-A500-0000-00DEDABABAEB}\ = "ISapeProxy" | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\ProxyStubClsid32 | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0160C292-4F1C-4D83-9A11-875062F8FF3D}\1.0\HELPDIR | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AB19AB9E78CB1494493862C32E994FDB\excel_feature = "\x06msoffice_feature" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\81ED7FE13D9E44B419682E5FB4EA448A\AB19AB9E78CB1494493862C32E994FDB | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{285F17CF-E9C3-4C29-99C6-8CF0BE6F6627} | C:\Program Files\Soda PDF Desktop 14\update-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9AC7F2B3-F19F-4966-9E11-B538E5746AD3}\TypeLib\ = "{6E4424FC-3B66-46B1-A8DB-5EB1F8DD7884}" | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wwf\shell | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9CE1A58E-6AB8-4E6C-9F1B-1D0B524997DE} | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C147EFB-429A-4C84-A3A7-5BF475952C90}\AppID = "{44F11856-4FCE-49B0-B381-B6DCBFD01BF4}" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{80140560-3928-4240-8709-E035ECE685B8}\ = "_IMemberIdBridgeEvents" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1765D73A-805E-41EC-BA65-44CBB8F2AF1B}\1.0\0 | C:\Program Files\Soda PDF Desktop 14\update-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A4FF52D0-17EB-4C19-AA84-5A9F6D1D6CFE}\Programmable | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}\1.0\0 | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.pdf\shell\edit.Soda PDF Desktop 14\command | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AEC129B3-75C2-4CB5-A9ED-05612D89F866} | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4FA5D1F-953E-4E29-9C1A-D0BDFEC8E960}\TypeLib\Version = "1.0" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A67C53BE-431B-48DC-8FD6-DDE8FB035B3F}\ProxyStubClsid32 | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6547CDA-C6F5-4C26-987A-D2EADCEC30BA}\TypeLib\ = "{1B8B5DB6-3047-4DC6-B637-F6F639DE68AB}" | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9AC7F2B3-F19F-4966-9E11-B538E5746AD3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48B27F31-9BA2-49F8-B146-D406C44E8688}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Soda PDF Desktop 14.exe\shell\edit | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\soda14\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SodaPDFDesktop12CreatorService.COMCreator | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9CE1A58E-6AB8-4E6C-9F1B-1D0B524997DE}\ = "ICOMCreator" | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D9283B75-23D5-454E-9584-0885EA2C7ACB}\LocalServer32\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda-launcher.exe\" --activate-message-from-notifications-events" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E46159C-FAA8-4497-B758-1252B9FD82F4}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6547CDA-C6F5-4C26-987A-D2EADCEC30BA} | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6547CDA-C6F5-4C26-987A-D2EADCEC30BA}\ProxyStubClsid32 | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A8696C46-7C2A-4562-A20B-1AD1E1569B71} | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1B8B5DB6-3047-4DC6-B637-F6F639DE68AB}\1.0\HELPDIR | C:\Program Files\Soda PDF Desktop 14\activation-service.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Soda PDF Desktop 14 WWF\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Soda PDF Desktop 14 WWF\shell\open\command\ = "\"C:\\Program Files\\Soda PDF Desktop 14\\soda.exe\"\"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SodaPDFDesktop12CreatorService.COMCreator.1\CLSID | C:\Program Files\Soda PDF Desktop 14\creator-ws.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB19AB9E78CB1494493862C32E994FDB\ProductName = "Soda PDF Desktop 14 View Module" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB19AB9E78CB1494493862C32E994FDB\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9AC7F2B3-F19F-4966-9E11-B538E5746AD3}\ = "IStatProxy" | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\TypeLib | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEDABABE-EBBA-A555-0000-00DEDABABAEB}\TypeLib\Version = "1.0" | C:\Program Files\Soda PDF Desktop 14\stats-com.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B377F344-CAC6-42E6-B284-0117A87B5520}\TypeLib\ = "{49DC3DAF-B07F-425D-A53C-ADD8E180E51C}" | C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3B0572B4-9E4A-4D8B-9622-92A41C68F8AC}\ProxyStubClsid32 | C:\Windows\System32\MsiExec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\soda.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\soda.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe | N/A |
| N/A | N/A | C:\Program Files\Soda PDF Desktop 14\soda.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe
"C:\Users\Admin\AppData\Local\Temp\SodaPDFDesktop14.exe"
C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe
"C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe" /RegServer
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 9178124D94ECCC40E8DA86AB0EEA825F
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Soda PDF Desktop 14\preview-handler.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Soda PDF Desktop 14\thumbnail-handler.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Soda PDF Desktop 14\context-menu.dll"
C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe
"C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe" -i "C:\Program Files\Soda PDF Desktop 14\"
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Soda PDF Desktop 14\creator-app.exe
"C:\Program Files\Soda PDF Desktop 14\creator-app.exe" -regserver
C:\Program Files\Soda PDF Desktop 14\creator-ws.exe
"C:\Program Files\Soda PDF Desktop 14\creator-ws.exe" -service
C:\Program Files\Soda PDF Desktop 14\activation-service.exe
"C:\Program Files\Soda PDF Desktop 14\activation-service.exe" -service
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 87A90DE248AE4CF1589E473F884857B7 E Global\MSI0000
C:\Program Files\Soda PDF Desktop 14\soda.exe
"C:\Program Files\Soda PDF Desktop 14\soda.exe" --command --add-scheduler
C:\Program Files\Soda PDF Desktop 14\update-service.exe
"C:\Program Files\Soda PDF Desktop 14\update-service.exe" -service
C:\Program Files\Soda PDF Desktop 14\stats-com.exe
"C:\Program Files\Soda PDF Desktop 14\stats-com.exe" -RegServer
C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe
"C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe" --add-scheduler
C:\Program Files\Soda PDF Desktop 14\soda.exe
"C:\Program Files\Soda PDF Desktop 14\soda.exe" --command --associate
C:\Program Files\Soda PDF Desktop 14\activation-service.exe
"C:\Program Files\Soda PDF Desktop 14\activation-service.exe"
C:\Program Files\Soda PDF Desktop 14\soda.exe
"C:\Program Files\Soda PDF Desktop 14\soda.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://paygw.sodapdf.com/redirect/install/soda-pdf-desktop-14/?lang=en&lang=en&qti=42759513-b9ca-311c-6862-58e4eca0011b_2024-06-14&mkey6=42759513-b9ca-311c-6862-58e4eca0011b_2024-06-14&uid=1015225&cmp=spdf_all_direct_all_all_all_all&wid=1400&mkey1=sodapdf.com&mkey2=FD2ED2AF-36ED-483C-B42D-60BB67958B4B&version=14.0.421.22777&configId=C0FA62E2-7699-4276-8772-B3972CECFF73&ii=FD2ED2AF-36ED-483C-B42D-60BB67958B4B&guid=FD2ED2AF-36ED-483C-B42D-60BB67958B4B
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9bf8a3cb8,0x7ff9bf8a3cc8,0x7ff9bf8a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1792 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,1205881386947423500,12763094656119324843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe
"C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe" --check-notifications
C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe
"C:\Program Files\Soda PDF Desktop 14\soda-launcher.exe" --show-message-in-notifications "C:\Users\Admin\AppData\Roaming\Soda PDF Desktop 14\mini-messages\m_AA71F4D8-FCC8-469F-9CFF-CD05DA83912F\7d415581-10bb-4e89-9b3d-06a54cfdab36" --channel 0
C:\Program Files\Soda PDF Desktop 14\tray-app.exe
"C:\Program Files\Soda PDF Desktop 14\tray-app.exe" --mode=app-close
C:\Program Files\Soda PDF Desktop 14\soda.exe
"C:\Program Files\Soda PDF Desktop 14\soda.exe" --update --mode auto
C:\Program Files\Soda PDF Desktop 14\stats-com.exe
"C:\Program Files\Soda PDF Desktop 14\stats-com.exe" -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wsgeoip.sodapdf.com | udp |
| US | 104.19.145.4:443 | redmtl.sodapdf.com | tcp |
| US | 104.18.7.41:443 | avqservice.avanquest.com | tcp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 104.19.146.4:443 | www.sodapdf.com | tcp |
| N/A | 127.0.0.1:49737 | tcp | |
| N/A | 127.0.0.1:49740 | tcp | |
| CA | 64.15.159.230:80 | download14-desktop.sodapdf.com | tcp |
| CA | 64.15.159.230:443 | download14-desktop.sodapdf.com | tcp |
| US | 104.19.145.4:443 | www.sodapdf.com | tcp |
| N/A | 127.0.0.1:49759 | tcp | |
| N/A | 127.0.0.1:49762 | tcp | |
| N/A | 127.0.0.1:49765 | tcp | |
| CA | 64.15.159.230:80 | download14-desktop.sodapdf.com | tcp |
| CA | 64.15.159.230:443 | download14-desktop.sodapdf.com | tcp |
| US | 104.19.145.4:443 | www.sodapdf.com | tcp |
| N/A | 127.0.0.1:49777 | tcp | |
| N/A | 127.0.0.1:49780 | tcp | |
| N/A | 127.0.0.1:49783 | tcp | |
| CA | 64.15.159.230:80 | download14-desktop.sodapdf.com | tcp |
| CA | 64.15.159.230:443 | download14-desktop.sodapdf.com | tcp |
| US | 104.19.146.4:443 | www.sodapdf.com | tcp |
| US | 104.19.145.4:443 | www.sodapdf.com | tcp |
| US | 104.19.145.4:443 | www.sodapdf.com | tcp |
| US | 104.19.146.4:443 | www.sodapdf.com | tcp |
| US | 104.19.145.4:443 | www.sodapdf.com | tcp |
| CA | 64.15.159.230:80 | download14-desktop.sodapdf.com | tcp |
| CA | 64.15.159.230:443 | download14-desktop.sodapdf.com | tcp |
| US | 104.19.145.4:443 | www.sodapdf.com | tcp |
| US | 8.8.8.8:53 | track.sodapdf.com | udp |
| US | 104.18.7.41:443 | qti.avanquest.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 104.18.7.41:443 | avqservice.avanquest.com | tcp |
| US | 104.19.145.4:443 | inapp.sodapdf.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.21.58.187:443 | api.retargeted.co | tcp |
| IE | 2.18.24.8:80 | apps.identrust.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.19.145.4:443 | inapp.sodapdf.com | tcp |
| BE | 108.177.15.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 172.67.206.65:443 | api.retargeted.co | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 104.19.145.4:443 | inapp.sodapdf.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 172.64.155.119:443 | privacyportal-eu.onetrust.com | tcp |
| US | 172.64.155.119:443 | privacyportal-eu.onetrust.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.19.145.4:443 | inapp.sodapdf.com | tcp |
| US | 104.19.145.4:443 | inapp.sodapdf.com | tcp |
| N/A | 127.0.0.1:50202 | tcp | |
| N/A | 127.0.0.1:50211 | tcp | |
| N/A | 127.0.0.1:50214 | tcp | |
| CA | 64.15.159.230:80 | download14-desktop.sodapdf.com | tcp |
| CA | 64.15.159.230:443 | download14-desktop.sodapdf.com | tcp |
| US | 104.19.145.4:443 | inapp.sodapdf.com | tcp |
| US | 104.19.146.4:443 | inapp.sodapdf.com | tcp |
| N/A | 127.0.0.1:50217 | tcp |
Files
C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe
| MD5 | 096bd90aaf32d408e853090e6e614b47 |
| SHA1 | b482aa08a610ab24e785f3b56f98486addf137b9 |
| SHA256 | 60a0ebc38a84ef29081e51951c6c23a4f0dae8db25d6f3da0d3f58f58da3707d |
| SHA512 | fc3420af2cebb6dab4fea585d0c7895afb7f665a34af9643fdccdcce15feed6b70a135c85584151e8270e40a173411d64bb3d5931b9ed3f8cbc216edbede9b0a |
\??\Volume{056aaf7f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a055e3b6-a0a1-4448-85ce-f884828281e3}_OnDiskSnapshotProp
| MD5 | aa40208456cb53147aeb938b69d9de2d |
| SHA1 | 989a0c22ec3ad0e10f9f807aa61305c1d9608a2e |
| SHA256 | 477c3593d3f1e82b0f285ef16886d5b67a26d690f4564ee19b34cd482da72e64 |
| SHA512 | c03ab239c2c115f460d1ef9dd2e0983682a8d925699af3c93119a37cd6f1d6500365226931592aa1fccc35a7a3e74dd02fbedcd98b6fbcc4eed2c47eba382162 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 6c0242e2e615e051108808bad3c247eb |
| SHA1 | a2fa444065ad9ee677639341cd196f8fd595b8ab |
| SHA256 | 08e1beed5ceecd3f6cb0dd1a4424b4c28554920d78a22bdb90be9a025724f27c |
| SHA512 | 69d8aef5a2afa5f7c44686b7ab5eab8eddfc4b4a5c30ca9e7c76178d6b459c48f46f8a181775e8294f65a6c524e3b810110314e7a28572eae85a21754a740786 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_FB2F322741B359ABDC63489C2FBB09D0
| MD5 | e8575348bc15b2f7473df87580821681 |
| SHA1 | 594e39bd8e24e65cfd79348e5a9db99a414c0e22 |
| SHA256 | c3cb58e075634ca1813f1d6ab31dc5ab893d77ff7da1fa56754e9abd83e7385e |
| SHA512 | e73440b141fe044d7c92f0a9203e7c2ca3ee4ee6f10865cbf3974d9e794a620a1971e4110e21bd9b11956d7403f11a5ce4631739df3387133e111ebe5efc8248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_FB2F322741B359ABDC63489C2FBB09D0
| MD5 | b462f5a118eca956c03b54f4bc38ec35 |
| SHA1 | 7f8c1a4657a9b639e401ace3258a90450413d596 |
| SHA256 | f15f7e3100ba2a82541af6bef822659d22182f983529cab6f7f4ccb94b041513 |
| SHA512 | fbf7df064c5e1ac8d4334f2fc09ab7e35b71267286dff040e96c67e40ba5698392ef402fb1cc7e133f6ad4b4018bf1b0085fb1b2fa60bb0bfed8be83d982376f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
| MD5 | ec95ba152315371a12b61e59736ef2af |
| SHA1 | 5420ca8697ddefc184f61745f4737305a68a4e75 |
| SHA256 | 55c56ef40fb19a4cf6d03acd5c5232286fe429d79e0f619701f32d51a5428198 |
| SHA512 | ecb8c92181c02083b06272b5d92acbbc51abcd3eee7e42e06d8df77fb2e4240d5fd2f5a1a084dc9c4f7945218fadc1f6a4532145c12dbc1887961cee79f19be9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
| MD5 | 31a0712313f50324489f8259c8bb182b |
| SHA1 | 3a78738d8e853e17e4cb690941b67afff003f9b2 |
| SHA256 | 7cc6844f48e95d885827dbef75fbd0e03069fe89ef33024863491883da7c24b4 |
| SHA512 | 4355a7083e6d9aaeb6e07a24dd9d10ff67eb135c4455208112f2b386404cc5ceb0a8eaab9f6fdecfad3e6fc81131763ec9d47228419746201a91b88090b582df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
| MD5 | a303dcb0e5a002a31ea21f021b1539a5 |
| SHA1 | d289610263dd36a70c2c229a566d8163a9fbedc6 |
| SHA256 | 81b9bb4faa981d65dc4ab54ef4177bab0f2b562457680d4dcfd88eba445d7d77 |
| SHA512 | 29c3d5ef9f4573831c229decaa2a286beff93215db5470833cd72e757db29df3ce3a520b20f22b8dc249d5f949974b54289088b7210a47f1d6af679292d541fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
| MD5 | 9d732588e2c42ac29c9af7a033746cb8 |
| SHA1 | ab7c5054377508139d200694c12bb20a721c7934 |
| SHA256 | 2d1f863e46cb54c14cf5abb4ab12481a158ca5ad60d874f421a5d920742d58c5 |
| SHA512 | a7f11219963daeb1da2ce18ed375eed290ec6a338d59496227cddca7edfc24017959978b88defc3c7d8efd08c92c089dff1a282ccf958a0d08ff6317259b2d1d |
C:\Windows\Installer\MSI61B3.tmp
| MD5 | 1cc393385ee9ee93b296b3f656d7c9ba |
| SHA1 | 11ab135dfd9d62545c4b621d32338b5711a0f81d |
| SHA256 | 2eaeeee40f94e85daac2efab7e5974ea8e1b5d3ace6b6d39a41971b4218f1e6d |
| SHA512 | 6a1848b22120650f5a00925056e2b07249c031a57310a22a856af4a597ef1b587bb5828f8a276faa6374d5103225d8c6b5ee53e81fa72026c7dad6bc1f7bd9a4 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop 14.lnk~RFe586f20.TMP
| MD5 | eea7aee052148705615a18f4c1ff59a2 |
| SHA1 | 0761f2b8b29a527f7ce0c8f4ed4c40b1128310c8 |
| SHA256 | e224f65304a31e771ce87634d962483fb371c3a96c9ba261421e69868facf365 |
| SHA512 | ec088cacfce04ffbbab92ba86f0b916c720ae2afe9fd626d526593eaff3e76ec47098e0497b436d7fe8228644661dc8e8b38b34c622e6085906024fc2a6988f5 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop 14.lnk
| MD5 | 155f75f339350a9e5e9339fedb7044a4 |
| SHA1 | 8f2a48aa01969e862800a20a2b681755cad39bbf |
| SHA256 | cf136a2867bbc0f4b3b38529232a2feca3a41e38bbc662fe1c2ae75fd7cf14c9 |
| SHA512 | 53f0fa1b1268e89b710f4ec8a5d36f5de8e2743f0317defca00a30c7fac6f14cfac32d4d4ac64c91d50e80ad06d18416a8ab8a7b48d8b5917b420c593284e804 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop 14.lnk
| MD5 | c8c2384eab0ddfd92554e0b64e3a2a75 |
| SHA1 | f7d2bbe537351bdc80356b0e23969108b16eb6ef |
| SHA256 | 4593708d1a78f487cf0a89f30afc83a485d4ea56cafa8e224244f086729db216 |
| SHA512 | fdef7df24e32a9e8b5f9f50031a15f96dc3e2ee698eb5518aaa710011b1d10239c1594388a9fc33921bab54eeb10f598e7be1f870296a615a0b426ada4f26c5a |
C:\Program Files\Soda PDF Desktop 14\preview-handler.dll
| MD5 | ec932137ca13459ea8423f2f62c00fa0 |
| SHA1 | 267f1e56b6ff91aaf2cc17ce9c4ce4f7ee901438 |
| SHA256 | abf66aac723f1d067b1a6addd61dea26d07204f17e4244fb44a126f4b1f22406 |
| SHA512 | 408330d3d3703448d4a0f1969b49bdf5b9c5b9a135ce4bd1471eb22b2f2ece267488dedc09eb76b257c7e61d0b88bbc7b1e811e24e4d8721d07de75cb40395aa |
C:\Program Files\Soda PDF Desktop 14\thumbnail-handler.dll
| MD5 | 079b9ddfc59207d1f3d8dfd0599ce17f |
| SHA1 | 9ecb5a75333ce254040bd2a0bcf65f450d8d2f2c |
| SHA256 | b40f867b76c544395ad50f7fc9515358384239f74d15ae6629e40cd4b5ee9ee3 |
| SHA512 | 85117b4664ddbba434cd435ae8866c00d500f163e73036a414967f6cdbe6d64141d2cd38dce6fc8854c123862b36f5b200f3452047378db44dbcf299c0667e12 |
C:\Program Files\Soda PDF Desktop 14\pdfcore.dll
| MD5 | 53b3135e189e312fdcdd27132dddb1c0 |
| SHA1 | 6dec38b66e80d9ae86d06ece387d7f6a880c6bba |
| SHA256 | f6a851f84d8b79d4baf5dd001a4ce8a2e879d98a3a90e2e63da55a5d92aa0fad |
| SHA512 | 26444b1d7138772b940e552d9327b566e8008abe6081cc89cae323a2919b63f531db22dcc3e0a92ea5dce9ff812d360fc72058dd09b25166d03dbc9151580dfe |
C:\Program Files\Soda PDF Desktop 14\context-menu.dll
| MD5 | 99568f5f06ec437e5ebfd94065811c41 |
| SHA1 | e4baafafc705a437b43345e267a99f08c85231cf |
| SHA256 | 26d84efbb6fe970a949612d7a70836c5dfe05dea0831997d24527b3b9618af12 |
| SHA512 | 9076ac506816ebb5d887dd720b28d5b2c42b0017009035ccc629edaa55ea3d67e591ffe2d8174142a7f7c29c6c68c5ecd08acb99967199a2412cb4c7fef61089 |
C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe
| MD5 | 512dd98c3bfd9d63542bbc03f20770f7 |
| SHA1 | 8093bdef7d73fb099cc504334c85e08e10948ac6 |
| SHA256 | ce99f89ccfa57713685c109cb962f7d194adda986b1ff1a2bcef2cbfe5f1c696 |
| SHA512 | 50e7a34641f6f75fdc1e89626a00e112b2463de1e8698c5152385410ddcd38df6b63dd6b331f1b3ccf32aa347f3e8a6fc8ed0ca0df59339264321f0845176837 |
C:\Program Files\Soda PDF Desktop 14\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
C:\Program Files\Soda PDF Desktop 14\boost_filesystem-vc143-mt-x64-1_81.dll
| MD5 | bc99ddfe45830f1f972bad1b96186782 |
| SHA1 | f737b6b9851c39d0f03e1a035574c4de137028e1 |
| SHA256 | 3df3a778fdc42113d9813670fdd87328385fbc9d9af00f98b3cf01517bfb2c58 |
| SHA512 | 3febd97b9ea3763b70351db0c33ec08cdfbc4e06da3f7696039fbca17e84288ffbdd02e3a7cf28d9acb98a2fb3cb44375cd477373a624afc9c08d4699d9457d1 |
C:\Program Files\Soda PDF Desktop 14\VCRUNTIME140_1.dll
| MD5 | 75e78e4bf561031d39f86143753400ff |
| SHA1 | 324c2a99e39f8992459495182677e91656a05206 |
| SHA256 | 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e |
| SHA512 | ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756 |
C:\Program Files\Soda PDF Desktop 14\logger.dll
| MD5 | 2e5b0b2f974817d980b390240b721931 |
| SHA1 | f81ce1d67174b0f1d85d10119ef65afad8a30642 |
| SHA256 | 8d1cd725c7eaefa565953391d3225eed0192d0b981b294c1eb155b8be8043d62 |
| SHA512 | ab90b1be90f06b6bdf812da9d334f8a62f3785575c71aac2f5bb5c638d4960f4c5994d54113983bbba8cf0881b8bd5ab5804ee597036ec483f8989329e5ad08b |
C:\Windows\System32\spool\drivers\x64\soda_pdfpmon_v.6.23.0.2.dll
| MD5 | 855499c20dbaa9855bc0b9033a1d9df1 |
| SHA1 | fe88dc0f91502be33856379e24619ce63e8e03d2 |
| SHA256 | 09c33d2bee8bc1cb37247a927aaddf5424d6fbf58f11a6b8a3514530d6137e2b |
| SHA512 | b4d4c7d73b1ed3a604a00064a8b5bfdac28ffd48f8d614b92e1b5e9692bcf4b8bc211758b5d078b4716c7715e59cd5806602d28369488411224ba6c7c4fced35 |
C:\Program Files\Soda PDF Desktop 14\msvcp140.dll
| MD5 | 7db24201efea565d930b7ec3306f4308 |
| SHA1 | 880c8034b1655597d0eebe056719a6f79b60e03c |
| SHA256 | 72fe4598f0b75d31ce2dc621e8ef161338c6450bb017cd06895745690603729e |
| SHA512 | bac5729a3eb53e9bc7b680671d028cabef5ea102dfaa48a7c453b67f8ecb358db9f8fb16b3b1d9ea5a2dff34f459f6ac87f3a563c736d81d31048766198ff11e |
C:\Program Files\Soda PDF Desktop 14\printer-installer.dll
| MD5 | b59f66a0f7cad67d2425e5ae8d227368 |
| SHA1 | a6be6f740df18c328f9c8edae314bc58800af616 |
| SHA256 | ee65b72717d85fb018d9e37d5ab75df9e8dcbf93240fd7811541f8dd9869adc4 |
| SHA512 | 41966c4062f742fce1f8cbff4beb787830ad9f8890b8d9644679455494ca95aa3c610efb70d966359f30d9038485c6eda535331ea3e0d52be97bf63bffcb1ca8 |
C:\Program Files\Soda PDF Desktop 14\atom.dll
| MD5 | a14307b7c3cc8320b2caf1257c3661f9 |
| SHA1 | 70b49326d967794568e3d21b7be3762f7550e93c |
| SHA256 | 488928fac874b59e453edd6f0820b7fd64d836d55128608c03ca1ff28136b2ff |
| SHA512 | 7b8cd9e12655f26c2974540599607c065b4cae178f9817f059deb2562599f637435ef1468ecb9c3f0952d067e34587c681b663116ac79fa4608a17ed0e190020 |
C:\Program Files\Soda PDF Desktop 14\encoding-conversion.dll
| MD5 | e7ab13c11d046db6dc38d54201bb71e8 |
| SHA1 | 1fbc03d17da43c8510de95576f8b9558838203ae |
| SHA256 | 9928e65652a4a50d43af7a93ea556d0581ddc9d6b89275de84a175710b6289cb |
| SHA512 | e966986a5e599711b93a555bb718183769658316cc7ca6ffd99a59f2ba86cab64a39453774008df5e49a0d3e8cead892b71c25b8bbc70cfb00bfe48c0887d6aa |
C:\Program Files\Soda PDF Desktop 14\boost_program_options-vc143-mt-x64-1_81.dll
| MD5 | fc96160fb4d5722f85a18080d25f8bfe |
| SHA1 | d86e2617a9712a1a35c16fa45054fbf7ebe9b4f3 |
| SHA256 | f50934064014c75c1f50b26753441e03b06fc2fee56744f743895419301f7726 |
| SHA512 | 235b4578f683ee139dd6368417e22dfd06b66465836bf7335d51075509e1e10bb57101f199e4bd8f907e6544396fea7401f5a792ed74a657b64f263299ce6f25 |
C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.hlp
| MD5 | 6821fdcfdf6365c5e795960cadd078d6 |
| SHA1 | d443d77b95449fc80f9e723ad2f2e342005ae6f5 |
| SHA256 | ca3fff70e7312e7d30f5f308e963e9fd82f8e96201d32d2c071c7189cb0e704a |
| SHA512 | 810339f4c644f6e2c70c5885e980eda703258b55b7261b56c5bcf45777a413c53c72b4bfca0ea3567af9ee37c3605ea632108e10200dda24b295dc58849bd31f |
C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprnui_v.6.23.0.2.dll
| MD5 | f96d5541986b9d98d799bd064edfa6da |
| SHA1 | 052349f773c2c79467ac214284c0b2b6162210b6 |
| SHA256 | 0751c0e85ca884443e505bb911b212bce9530a4fda907343ec70100aeaf2517a |
| SHA512 | 574fa36bd6f74692b79d867286c16546b4c7b288c891b709ddc188b30abc34aed5ef24110c549e34ade65f1a47622b4352f0a4c36d121abc4ed8b13baa07f490 |
C:\Windows\system32\spool\DRIVERS\x64\soda_pdfprn_v.6.23.0.2.dll
| MD5 | 5074de00aa7efe9924be974693eca873 |
| SHA1 | d6adc466a44291083f4e099e6628d256fa8e1607 |
| SHA256 | b6f93a6e1be1866dd6216911a37555a33af47d4b2874325878f086fa3894990d |
| SHA512 | c801428cfbc2ac1f75325c6f5cf7bfd0a8936a949bbefd1155ce3ede6c891ed7e12e80d287e463c4f1085586161b941dd84330de5fe9b48da173baaf472f03bb |
C:\Program Files\Soda PDF Desktop 14\creator-app.exe
| MD5 | 715836a5f3522984016dfe1b2035f488 |
| SHA1 | 562f2f09882e9af3a84cf90904fb18119a520edc |
| SHA256 | da02ec092483dc3b0742b68bada9341f557f737c4f1a2a9a93d96b847a17e862 |
| SHA512 | b0eaf90a1b3996388b9e369240dddec55f838ee56e2611f3705b43527a9b940247117eaabdb6d6fc44028183ddcf1447ab450f6ddb8471284b04bcaec102d5e4 |
C:\Program Files\Soda PDF Desktop 14\boost_thread-vc143-mt-x64-1_81.dll
| MD5 | 95a16c2779755b56203159ce84ebc3a1 |
| SHA1 | 59d3266c2923ca9a9a3961695cb51f53f862bc93 |
| SHA256 | c410dc0183dd49b57c63267a79ecd0bf6fdd9c873894d4a838e20667c8ace3a9 |
| SHA512 | dad35f8761af23771a02d50cdcdc2660c476bc50bc04903542f09d004e33d29d11575da5a80c455a2c5334aafd4ab1c5f4cb49ed4c211650e789031779c5ab53 |
C:\Config.Msi\e585eb8.rbs
| MD5 | cbaab9058687d65527a546077a94f346 |
| SHA1 | c750cfd1660af74a7463ef311c6c1bac93b117eb |
| SHA256 | 5a1604766f1bc7207ced5573219f9c668beb410481cf2cf8510cdbbe52ac271d |
| SHA512 | 6de044c964304ee4c85aee64e638df4b2395af19d57f71dc1d4d4961d1543a51764cd27f7993a4247ff5512e50213c9f1c96694ea46426f0eb6e10c66c46f9b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bbfb66ff6f5e565ac00d12dbb0f4113d |
| SHA1 | 8ee31313329123750487278afb3192d106752f17 |
| SHA256 | 165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754 |
| SHA512 | 8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9a91b6dd57fc9c4880d34e9e7c6b760f |
| SHA1 | 77a09da6ef4343a8b232386e000cd2d6b9fc30a3 |
| SHA256 | 0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a |
| SHA512 | 9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8f7c3fd8-8701-45b7-b0d9-67032ec76b82.tmp
| MD5 | c7924f8837b64e1040dde2fcc3b9802a |
| SHA1 | 574c5371aaf1e8384b154bbb4347d400105ea25b |
| SHA256 | 95ac7a18f71d8c6925f6c18cceced29eb36f237dbe2aaea9be7f10b3274f1d67 |
| SHA512 | c418e1a66d9aa631ff3783d8fd7f2f87f8e57361538c09e4f694b2254e289e46795d1bcddf4cd932b772aeb6b1beb13a28857a35f57d432c29571b39ade40638 |
C:\ProgramData\Soda PDF Desktop 14\Installation\soda-desktop14-edit-module-14.0.421.22777-x64.msi
| MD5 | 372b556f025e5b1ee7b78f46c4d31d25 |
| SHA1 | f800175d9b9651998c1726202c86d909c1939e51 |
| SHA256 | 1464ce6e21c3eb3cf399ad160aec8c402b65a2ff3fd3533e8f39b3f78afdd3c9 |
| SHA512 | e66390c13fe21263d78592aacf57e84fef6f7bc3d7d304ce224e7482630f57dbd953945669bc4cc380cdced9af0c2451466cd19f021f3078915a519288b96355 |
C:\Program Files\Soda PDF Desktop 14\ui-document-panel-properties.dll
| MD5 | 5f8ae5eeed65745660831a3fbf7b4492 |
| SHA1 | f6d23c0490a3bf3fddbcc28cb784d45535bdf807 |
| SHA256 | f905ca9a66d4c2052902549034b89e7452d7529767c9bc066570b9a5b542e3d0 |
| SHA512 | ef6d3243592047e549516d9a0e4d1745f7c2cfaada4f57e705dce3b536314463acc9d323a03f5286c8dfd2a6ec82bffdb94016e0346ae766fa342b2d1a6b90d5 |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\uninstall_icon
| MD5 | 8f43060e5c15bf3d02c0dde2d6a8ed1c |
| SHA1 | 14ee68bdeced59ed4206dc87ea9fa8fbaf9cbade |
| SHA256 | 36f191053dff34ca06ea18da30e89d71cfec2b264b5e6842be5d5c6ed9685919 |
| SHA512 | 88e75f49395a5ab085bef0d74eab2452848537492467734ad7ce037ea7751a22045fb23ef539725378449fa074ee52f4e3aac05fca2f0a93c784d4ddf777f0bd |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\install_icon
| MD5 | e0ed6068d9c11e0cac47e8b943f2130e |
| SHA1 | 04c9d2dac6a8abdc682b71937efaeb30886deba2 |
| SHA256 | de109b705a2586974d0dd02fe41f4a815d3661b25eff40b7f3e033452b4f99ba |
| SHA512 | 7b8735bc536f8a1a1a954f901733d57e4b8e45b3967b8a5fb147dafa8543175d70841ecda1dd68f0077d2839d45bcd19f0cdb634fb5b8c7cfeeb101b9e099509 |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\main_icon
| MD5 | 3a4e2104cab66ad8e7c6c61b9ab776ec |
| SHA1 | 3d07f544ae621e7a4bb5d13e2636b63746bc7b1b |
| SHA256 | b8cde71966345f3ead97e725cc16d0c717e7199e8d1b44bac06f7b0dff33988f |
| SHA512 | 377b341a70d4a9d51f0eb11c0be014397ccfe736961dc3a3ac1cba8c72fb9ee44a5816ddb4d989338bc04def6f5aaf41ce48bf34eb3bc1a192060334aeb75155 |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\convert_icon
| MD5 | a74e07b1402000f97f664a0086329511 |
| SHA1 | d6db855059c9bb2f4b37bf4fad918b517fa95cb8 |
| SHA256 | 982b9593fcece20adb98a4118f16709fc7f9229c38d86fab9ecd3b56553b661b |
| SHA512 | 2e9530e1d128f509e7e251b5db59d8e4d811fc4600378197f8116cade8b4cd729f7dd390e10dc6e075b59f86cff69cb570b9afda9a24ded74760c1956567bf2d |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\create_icon
| MD5 | 2658ee54c9ab25fe450d2aadd931ebd1 |
| SHA1 | 6cd0670cab62e10f844861cef9a0fb742fe8c038 |
| SHA256 | ad77973500e6b46541b2cc0b7d0cd7db14d21a82fb30b2ebba4aa2149dd7eb2f |
| SHA512 | ec248445c4794c117be44cd8cedf098e915e2b9f7d17ffc071b9a3fd8964711434be966c61500a6385e99ad8ae580dd26df561ab74fec92ae0ebac511ed5b4fb |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\forms_icon
| MD5 | e6454b09396929d8e8f0e835c6a7b69e |
| SHA1 | 75f77620ec04322ea5c5b9ab9b71fb147b2ac2ee |
| SHA256 | 17132b1aa162107f50e9dcc7ae7030481713a2bd3247bc5c763b116ed539301b |
| SHA512 | 3021c2dc226b4ce2078d3571d65f11e4b706191aeba4efaa9910a72bfa08374f5af0bb38ac2035b096cb109c835ba0f57f9898607938865e53138ff47c2e9ff4 |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\edit_icon
| MD5 | 608740f8e31cc9e25d3d5a3ca4a550d2 |
| SHA1 | c96474af12a9d2ea368b2902a738608d7d93ac9e |
| SHA256 | 649a05786a4ed4c096cde4781d548ec69c10feba6284077345574cf8f1885de7 |
| SHA512 | b04b44a8e062426e2403de2c0a5fe13a41cb85653ee0e77539ad1c89df64eb875cf51baef82e8afa26c68256b6d447d3f5e580be58e331aab99d73bf6a08440e |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\insert_icon
| MD5 | 25d8050fa99725674c10e3171e459b63 |
| SHA1 | 3efe077463551677a71645d748f0a97f50bb30c0 |
| SHA256 | 70574a0f0d6d526ac7f3b66446642b173efa3d0e1ecfbe2ba1c93b0ea8e2bdee |
| SHA512 | 0c2841cf145b07bba853102eccc68aefe2eb2fca4e73c56e487f53b4009c85f447da864c8bf8673b7839a5aee1d4ed6343cb2976aa679d93933afbe16b7b6090 |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\ocr_icon
| MD5 | 1c395bd4858818165fa19876497b2732 |
| SHA1 | efa7da31cd7f08b74031eb3159c3814aae4e2b48 |
| SHA256 | 594d661c16148373ac49be576258570b51c4d10850baf9aa8509d7dc226177ee |
| SHA512 | bf2c753daab246d34e4e6fe2092000fd657763a530928015982786829cca1001ade0fe2be4d1b4dc2d414ac0200b5a02ab10a74625c6373a4dedcfbeb7a16a8d |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\review_icon
| MD5 | 373b7c15d38e7add3192cb435c953379 |
| SHA1 | 05fe64532c6b112ff52b12473ae84dd972b4746c |
| SHA256 | 8ef7c485c783611e910c25b7752ca96c2264a8f0fa5d3e4ad83ea9e180e3d112 |
| SHA512 | 24a67e1b9b71bcffc0f27195b92646212bbd08cc83a459c378d7e89d75505ab4cb7c9c2b97408e4d07d4b413555942807fadb2ff7f547057f5490b983ee94fe6 |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\secure_icon
| MD5 | 52cfec1fc19b357d99c92a94d9811ee4 |
| SHA1 | 0e7de527f0479e7172c047f1ce6abcaee6b5cb7c |
| SHA256 | 5f320290071e89ee51ff69273b95df8178677a03e6af355d29984b684e4cd3dd |
| SHA512 | 6aa526b2b8a04bb5b8208428aac2029ac623dd1861a590efdf4a96355c175a1ae70589d738e315668d1dc45b1032af33b29244aaf80ab7cfbf98a87f704903c9 |
C:\Windows\Installer\{1F930AB3-C09B-4A8E-AE3D-7A991AD520AC}\asian_icon
| MD5 | f1a1feadc6dc62efd30c9517f91e5a15 |
| SHA1 | a148e7f994f0af149fdbcb861030a4b2e93b8c15 |
| SHA256 | 558298c4a140431da65a5bdc995f75256ef3bf4128030404fe468bdef5906684 |
| SHA512 | 4971eb6e9dac411354aef65e17fef1c1a7a9887a1bb6a48c332d3ce7902e79b21c29dbfb84e020378dc586af99b52807b7b385b3df547de5aa9de4237cf0d951 |
C:\Config.Msi\e585ebd.rbs
| MD5 | 7e6354168017ff9a0cf28a4b7795144c |
| SHA1 | 9fe06866f8ea6e7a55076f8c7b169c60d05039ed |
| SHA256 | b17c50014ef3a0c48821aadb73d4795cac5ec42216b72883336fa365843b8ad4 |
| SHA512 | a0eec45aa3328a0cee8ce7af228633dc3dfbb398701e2812526ef3585cf9c43ba318afbac61b6f666825333389cccfe623bad6cc5b9e3d80075ce764fdf9f6ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a43b3c1130870e7c80a364b8752610eb |
| SHA1 | 62191f0ba88a3334fe52db96e28badea3caa1096 |
| SHA256 | 295efb532ee80ace2ffbaeed8a656aafb3329db27a4485190744345d11e83356 |
| SHA512 | 8c3902a127bf9c369338b312c87563530f20cf801d7942f270c2e13885f32df801c224cdd430caa84dea69b942cfe2eb468196daf751420f50c751aeddb0308a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 13acfce93f30ff09c70da67c7513bd2b |
| SHA1 | d4c04c24a96d80fd8f295457d161369ea4fde54f |
| SHA256 | 8821bf1dbe754967966846f52ef7ef4486202ba52e1a8c935c452c6cb8247e44 |
| SHA512 | b7dec017c40df360fdce43c123a4bd3674c7bd3b08148af376cf83544534dab6c0516e66c06a0a8a5f670451d69f2b5c7bc5ad941296f40189c1ef48121dceac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 08c3ce6de7b6d173e00b154263496ef4 |
| SHA1 | 1c6d46ab5341b8df4e2bc893d9de8d35ff85a011 |
| SHA256 | cc933d50a8d4a698b1bed59a413d93c76c9ff54de31610b8c5f1a201fe37b3eb |
| SHA512 | fc44025084472aff55b8d30826fbd3cd11f271368c99e4adf97afc1b5857a98c19c36cede8dd605abc464b0111eba8b3a711ca9a97b7283db346feb5220df910 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab62b5f803c28c5cb2df01ed6126cfdc |
| SHA1 | c7a2dc846549f60dfa1e7a2bbc08520f18caaa7b |
| SHA256 | a0886122cc2f642c61f296ef77ed013b71cbbc15531cf0b4a24fd87069218e7d |
| SHA512 | e52b5ee358741e190a4f3f9736c5cb954168debc881ec9cb1a21c9736505d8cc5a0e6b9ac7abec907dab91861deae3f56ed77007f4a58c377f6be99a286a9f97 |
C:\Users\Admin\AppData\Roaming\Soda PDF Desktop 14\mini-messages\m_AA71F4D8-FCC8-469F-9CFF-CD05DA83912F\message\index.html
| MD5 | 06b20aa5b2e9b314c69e88774ab0c29b |
| SHA1 | a1a1c860201ca52693b49e8559132e64a0b39add |
| SHA256 | 9f61599fe1f02ed91d2852879835fdfae67aad11351bc982135153f4eb1edf60 |
| SHA512 | 5acef999c71703b141d2b90477cb3dc723574f6c7fb70c4d1065ff82e4110258d419a0620198c5944f672372ead0e46ad721d3cafcd25904e1f599da51a281ae |
C:\Config.Msi\e585ec2.rbs
| MD5 | fb2a4ab7e1de8dd385b69179a892a655 |
| SHA1 | 807364bf8bbadc4cad33f5657f61827ea8360c70 |
| SHA256 | 4e1615172055bf797f7a7b34b9310dc23fb8fc2b6aaecb8ef26eb97a375e741d |
| SHA512 | 1ee6c316810aa2bf63c7296b7a67dea6b92c73155f5f26cee86f8d45a4a71af17c1d8f6c100ec716bae00408771ec792031c4a1b70865fcd787beed613c4b1cc |