Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

cd3dbac3df...14.msi

windows7-x64

6

cd3dbac3df...14.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    134s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd3dbac3df5748f3de3c0414d222b4e7d370e77037813541a298646f69513214.msi

  • Size

    42.2MB

  • MD5

    35326185522dc59b07d95394238910b0

  • SHA1

    d27f3b1fb2e2dc6e08cd017a93650fcfb2c40ba0

  • SHA256

    cd3dbac3df5748f3de3c0414d222b4e7d370e77037813541a298646f69513214

  • SHA512

    0bdf4547c8c720553a75f904cd8101a1a5ee82dacbad6d8ce78a9ed7cc35a8897acf63a69fa07a85bf7322cbfa8c94fab2c0063fab49e8094342a5e80506dfa1

  • SSDEEP

    786432:zUL0dCejW+LAkQWu4SNAK7ZyIGziQvobK4QMVwAQ1rnKt0Lbd4TqmOLwUiB8m:zUgdrxskiTkIGzHvojQQXsmqLbRmBB8

Score
6/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 8 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 1 IoCs
    evasion
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\cd3dbac3df5748f3de3c0414d222b4e7d370e77037813541a298646f69513214.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2384
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:388
    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\filmora-idco_setup_full1901.exe
      "C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\filmora-idco_setup_full1901.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Control Panel
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1496
      • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
        C:\Users\Public\Documents\Wondershare\NFWCHK.exe
        3⤵
        • Executes dropped EXE
        PID:7688
    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\ErrorLog.exe
      "C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\ErrorLog.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4444
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 992
        3⤵
        • Program crash
        PID:7816
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:1200
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4444 -ip 4444
    1⤵
      PID:7724

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e57bd27.rbs
      Filesize

      268KB

      MD5

      af4f1e7c3a7f8ef27e7020e1dccae7ed

      SHA1

      1f3f443758fc9d389cc347d40787b621605f2143

      SHA256

      e3fab491f2a0d6cc5783b3fe7f896a5d80da6b91b0938b160575c03b66df3de6

      SHA512

      1c0d9cfa2083d0ab9821d10949357bb8788a7ec1b59030ca8721428fb29034956612dc84b4cbc9d58937628d4025c6575018c43c6c193ccee64cb937bfe50b8a

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\AliyunConfig.ini
      Filesize

      1KB

      MD5

      d3283710a550cb854cd801d18463c3e7

      SHA1

      53fd3641f4459cbac56fdc0a7e155f1337cbc44f

      SHA256

      c898079dd06b5b9db991c9302dabaf00b35158fac7e8ebd9d1aefdec4ff3f6b4

      SHA512

      1ce7ee76e48880d5308ece532b7f43aa065c3f1b2cdf5a59f072c6e1b545c65df860a3c1c462f8d37f45b69d8e77fea5bcd9373aa031ce3046f5aaf8f6f993f7

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\AliyunWrap.dll
      Filesize

      500KB

      MD5

      9b54a05ed9a5d702d550216fb9f31c61

      SHA1

      6cb1123f331b491bd54169bd6fb064fcff8e1a30

      SHA256

      244d7a38941ed3d38926ac1f8f300e8b2621512372dc835d2c8eaebc86bc3402

      SHA512

      b60ceb88fb04ed4cf4ca6deb90da7b17edb3a1d18a2ec5dafbba24b24bf9236e2301ef4475683f114f17a4b124d93db3bbafd70f88a4f1c571a026b3105485c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\ErrorLog.exe
      Filesize

      7.7MB

      MD5

      be7ee08ca56b14960f6a07082674f52d

      SHA1

      35d5eadef68707f4d72de5f9ea30a6ef7ef05437

      SHA256

      756dbe00ad98963ddb2293c62d7ac562ffa588840c079ebcb0751d9944f97e53

      SHA512

      bdf08e29222e9547869d74a1474330b2bf242bc1c6cbc228032e862f79ed53583439bf354d2a7dd60b333f65457b889f506a0aaa374298d47295d7af03c8535d

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\LIBEAY32.dll
      Filesize

      1.2MB

      MD5

      43b7418c1bb56420f06b465d50f0a60a

      SHA1

      b3d60a803a215fbc58809f901d51be60f1d8c52b

      SHA256

      74cfd88ccf933903c31a0942a9949d5404d5a5b32d98ec22fc24ef1edf45fc50

      SHA512

      9f3cc5792945ebbf9f342453b9580d8cedc1355c1b3e90739d6f6afb1c992756f83b7d034649da6d8ce029076c036a162cd8b632756333b5fc939eb1cb2efb0b

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5Core.dll
      Filesize

      5.1MB

      MD5

      b517914bd1779b312611b5a52b0ef24a

      SHA1

      5d7ee138e70eca65d35a76bd2285453a764daaf6

      SHA256

      b967ade09a9338320e0db4e5da11a2ac396950f0eed689b28bd31686b7baf018

      SHA512

      cab8a6a8b4c8eca738348812e530e5b186a88a08f65949753e6bdcc3c7bf1ffa79fa48ae718be4173b14ca4a3b6fbb0af240c800fbd426989d8a0ae7646425f5

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5Gui.dll
      Filesize

      5.7MB

      MD5

      c4a857dee5656921baba1e19d2b099b6

      SHA1

      7e3e634d5b2f101ea2838ec2c13158113ce33e62

      SHA256

      ab160992f30dc69b97feedd2fcaf7528a56fc98a3f30a166c1076589340ac8be

      SHA512

      8456610a8d84606ec5784dca12b1ed34ceee6e7c716871db4165fc0ca9042fae097fe0c37afb645eab860cd09d1d559fe6a8040a980387ef425d9af366441e53

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5Multimedia.dll
      Filesize

      581KB

      MD5

      1564bafb92c96bfc6633519f8b72058d

      SHA1

      e0aafa70805d310fc7bf0c69495b606ccd01e61a

      SHA256

      8b01fc347467a9808a52e8e38d60817512684f361ec8e19f37aefad70ea594ce

      SHA512

      44f958b410d88fb987e4eaaa53918a32d458bd6f92d0d412d8830b0d1ad097714d95e953cb9c8ace9d29f22794f94d40bcbd9b94eece21694e6cabdf810d3b94

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5MultimediaQuick.dll
      Filesize

      105KB

      MD5

      cc6c904fac4c1e5cddb4df67d3d9401c

      SHA1

      170db2ae625c2a7654ef3ca2e7d6067cd884d1ad

      SHA256

      4bc485b4ac6136b62eee6207a497efa46e60b054513976a053483d8ee595c30a

      SHA512

      d02df472463c5f65d765adf539422c2acd5dd3fdb39af8adbcc0bfa55be59cf1602f31ef0fce9bb4c248d3ce9af516c6bb6189998d505f94e2cc7680e21bd531

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5Network.dll
      Filesize

      1.1MB

      MD5

      a00d38af148cc8a6481ef182f86b77ed

      SHA1

      76b401ee60ca094d3da04524401e5d6eb80d3bb6

      SHA256

      ddc9894e36231d749265155ba02f2d70ec5e006cea34010750b220ce49ce391a

      SHA512

      0bfc7d1ad67d8ba837a76f91876ab4cf452712017d0698bdc4e4c6496b084829bd03d93f76ab6a9bc0793b8ba1216fef9de927b849842ed362e135715ef5b9fd

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5Qml.dll
      Filesize

      3.0MB

      MD5

      0d7132a59eb3478c6986c50a4734227a

      SHA1

      33401c0637a2125806ef89e07a5281a2eb205607

      SHA256

      a5d049f69fa54f82f916c0a027727877c339fc06cc3d6b65710aaa447a721877

      SHA512

      0f7b0161900a5c367035276880eba1528a4fbe87fe5b68215b5361fdd9a179ebb6410b28ad78de96bbf13f48dfdd50b9ed07d969226696b387cbe283254432d9

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5QmlModels.dll
      Filesize

      410KB

      MD5

      bd13b4db8e6bf00ad6e848c6302de8c0

      SHA1

      4716e0d3c1f1e04b7e099977079cfd04d82bc005

      SHA256

      590592d3bdbe9c0160e0dec41a3e42d952c391fa9b5c5ce8b12e9074e6435957

      SHA512

      d3c3a9a004c456225039e0a12601d9bd3983537524afd5affcebf16bea0cca042a986dcbe8e96916401b9cbb57092f7fad9e22aa4f8dda494bc50ca9677a5972

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5QmlWorkerScript.dll
      Filesize

      48KB

      MD5

      2b457173184f2979e6b8a8ad7511da22

      SHA1

      2ef1e9015016d85de250f0fbcf48826774828203

      SHA256

      40aa3698def1d9b07bdf2d8909ddbf4f041127ae4bddab53660cca74115b1f3e

      SHA512

      10a8bef41da16bcc357fb2d832363793525e0aa3f4b301b252a5c9f00f1299f99d20e20e086f51a78aff27fae0bf0777a449617319b95d52a13ca3b0726479df

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5Quick.dll
      Filesize

      3.5MB

      MD5

      8f32e9e0250b57c151ae97026360fd93

      SHA1

      f6271f93c5118698349db4fd82c5e3436249d7e7

      SHA256

      1b9604ab2fb017ad9953df6059ae55fe1e08134622a1942be1845295efb2b559

      SHA512

      68109e7b03a92dabfc181a24848ac9d188056d50cd5c4f57d94cf017749cf312927a35ba79adb0c13d899b80ed695459252d9f3226dade6fe7a26a426d957ca2

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5QuickControls2.dll
      Filesize

      146KB

      MD5

      989e09d4c27c3c5e4406abe10eb1453c

      SHA1

      584f83fa664388b8fb22981c4a79a5f324eb8e75

      SHA256

      a23b276dc4fa88ab96eae4ccbb965c6681e2d05100869dc7942c963e885bc55a

      SHA512

      dc34ced1b38e11bfaf6e1e2d4ff8c62ab0f048b81fd1a9c7707c3fd83631d9790668672432adc462a53578571a321053e721f1d753e38c42d403ecda0f3b2536

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5QuickTemplates2.dll
      Filesize

      906KB

      MD5

      c89430b0ebfba50b73d112354759a44b

      SHA1

      e58c184061ee5fb60edc6d413237c1e0612093ff

      SHA256

      54f97a450b283e8a41904197a7639355f011ff9dc0b38b14a052541493063507

      SHA512

      9c1d32b4f1c9a31c671e87a5d3a92baba4a60e3b92b18a3f7cd9d452e7157a7f0675ebaa34e425e8fbeb9fb214f3bfc23c8f19dcb7e0c1f715765e76c0392b99

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\Qt5Widgets.dll
      Filesize

      4.4MB

      MD5

      eb4aea9ff7c75da2a4925e83f8defe3e

      SHA1

      efa4566fb9e7a4de722a177956dff0f43d88638a

      SHA256

      4a12866260ff266eeffe0b4d8eaf27ed064682f00e8907bd53956f446e23c496

      SHA512

      42fb74b3a1e08e2652c8a0459eb04e3b21446f82be4c07736a08d2d20f681781201154c9e48dadd55118c8ed2b53e324ef1708e36e169458ddaa57d21d6a4cd3

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtMultimedia\declarative_multimedia.dll
      Filesize

      229KB

      MD5

      d7f681c949f11fd67956046271b1772d

      SHA1

      ca9fb04a6a750ecc71a722fb03be34bc778687a7

      SHA256

      4bb7f6cb3be30d6f193105249cbbfef016f233e06178dba119ed17b8fac2f4fa

      SHA512

      834050365229b1c3fd860d83a4fce736f93e2383b0becafe2c917b9f48ee865b6e190bb9c8f55b4130689aeae91d7a0adac0f7053672d8a0d7b37074bb4089e8

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtMultimedia\qmldir
      Filesize

      140B

      MD5

      44e34fa143bfaa33f9dd6ebd13ef0466

      SHA1

      df857a43b313c8d531ffc3c7bd33c14625bcd06a

      SHA256

      be3831209463405a965a7c66a178d4fffd0c2f10de168ebf851cc0965d2c20d3

      SHA512

      bb2c2f3c95508bd6326ac3e29a3765fe8c6ed9b88adc54bfad1ea851a957e7575a4e0a254da4b65d30ac82b081e338a9e60b8b62f6a7c7a5073892303beee8de

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtQuick.2\qmldir
      Filesize

      111B

      MD5

      fcedccc4408c301dc6b1fe45721353ac

      SHA1

      1f8e8e590505274d317573ca074aecdb70b3c596

      SHA256

      7e844000c1f61db37173ee953012981d533c950e7fb772c2672ca74dcfdb914b

      SHA512

      4c4fdc7ebaa3da4de15832859d92a7aab19ef7e7b5ed9c7858642c0bfd4145be2962ecd2fc12b150a5f81797e8e47197a076a46afe936eb29e4d2f41f78077d6

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtQuick.2\qtquick2plugin.dll
      Filesize

      20KB

      MD5

      d8f457ad4ef496fc0518e67145c84ed4

      SHA1

      a13d7e76fcc006cfffd10df4ce115532bb376edf

      SHA256

      9c4c530a0a9a48216a6205850b1a9ef4edabb957b543f67e93319cdcaad70020

      SHA512

      cca96b81f78387114829dc1c71b0b076278e993005a727736fa1ef80282e13717b2397c911de150281489b39ede0dbdea16811e07d11d4d8177ec2ea003341e1

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtQuick\Controls.2\qmldir
      Filesize

      140B

      MD5

      659ed029afaeabbe4235968ff5292736

      SHA1

      565ceba5b695eebbf28030965ee5929c2a5a2346

      SHA256

      7b404175bb8e2b0d3822e75320c8d6d09c61bb53f4513c235a7d04ac7d34fd57

      SHA512

      41fcb039c054c7decb9fc7ca198f3218dc0965813758b66c5b8b174b732040a33f2d3f54037aec7a9c48af5cd3bcc798ddd41c7458924b8c9bdd49a38846195b

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtQuick\Controls.2\qtquickcontrols2plugin.dll
      Filesize

      460KB

      MD5

      c348fafa798d804be0c8b4b3a232c739

      SHA1

      0d2bb9e62ab43bd75ce65d055574be2d8de96add

      SHA256

      99335b08005255530245505093eefa4020a2803112ea705760706533ce09b517

      SHA512

      b9122ab1e2018cebe56bdf519870fc342c2415ead85b7f3218d995c6ec9490878f7c492255c8af1b7dc613bea7ff78899bcbaadc938458941ed230141181cc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtQuick\Layouts\qmldir
      Filesize

      130B

      MD5

      e9ca7d1d1f439c9be217759f619bf102

      SHA1

      c8569cb2a6fcb910121afe65cabcea65d28375ff

      SHA256

      cb585c2fc06edca4b95c9ee04017cd384cae70356e8dd468abd7c4fd1e640b59

      SHA512

      a4f1d3d8b825f9b7e9bfd0c7fbafd7cdf379c28bfbfd8c78dec27546ec0ccc3871cb9b69daf12d0a262756593b39e28d47344c075aaab68998545638bcf214f8

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtQuick\Layouts\qquicklayoutsplugin.dll
      Filesize

      78KB

      MD5

      2cd674964148737f554a84db23a0ebd0

      SHA1

      238602b02a4751b688f22f43c297fd4caa5909bc

      SHA256

      23adec56ae764c201a22aed78610f0d2d0d640fe5bb4c76d3851c1f0a4213e6b

      SHA512

      fca8c7cfa235ba4a4792b88a5301ace1c9ffd5c73129a91ab6956210308f1871fa6f87297432a01524dc8debc1bc123de07e23ee1caf46c06a8f60807b72e01c

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtQuick\Window.2\qmldir
      Filesize

      122B

      MD5

      c434589591a9b33cbe88891afbb7c144

      SHA1

      42476fb63f3cf463b4bb03b47048aa0918e588b5

      SHA256

      8d88b81547e1573f8c91df998ea82608e0a79770b014c82f760a67388b41945a

      SHA512

      5a09830970ea37942166c1e5e5ce0fe452290eb9cd662ffaa9858bdb61806caa03b1016d30c98871a7b6c8fdfa369e29e3940a5f9779d967b98ede5901f4d30f

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\QtQuick\Window.2\windowplugin.dll
      Filesize

      20KB

      MD5

      2ffff0140c9d9788c0890d48827d3351

      SHA1

      6fa7a376863042c4e780f4ff6e5a7fe22621b5df

      SHA256

      abe1946b38fe9d92fdbb7a09fa88319934bfdcf0009d41b27237c8d27c385e5d

      SHA512

      ab189270a092559960d1d8acc42451c2ad909f848aa62e820d384af42d9f6f0c6ec5a01a6345ed34660952ae8a962859a09f875a765c00a7569793c351454845

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\filmora-idco_setup_full1901.exe
      Filesize

      1.9MB

      MD5

      4a2cc9a194b872a64790f14f1d102301

      SHA1

      f780d19e26ad14cf64c4f068c3ceb4fb193e364c

      SHA256

      08aedd6d0cb756a6552378823e29e78c8752ac16fc7afb2a610e552ce5aa6935

      SHA512

      655ea9874604e77f739d577713ff5b320aeaa7094adc35a3c1cb8e0b9aadb8b2228a2be4136be09303bb203ea1448bc95e721a139cac4a116677fad1cccfd0ae

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\libcurl.dll
      Filesize

      349KB

      MD5

      766a920fc367f2a3702ca2c01ec3c8c8

      SHA1

      6a61df0c21852b42078a83a983179048d135976b

      SHA256

      7c530ec50f35456e4d95e9fdeea3a6a706936f2de158f856d847c1849075b179

      SHA512

      4bb87f4a4487bf8498b5044b8ef2f056cefaa33f67de208169bfce4337a58e4bd57a8f89df37c7268c0dac2b0646d6236465101a550c7f79dbc020f4bf7c768d

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\msvcp140.dll
      Filesize

      446KB

      MD5

      b33902774ce0eded02b0cf1b54622736

      SHA1

      05c4ffb6b9b9ba8a56b7a3187b7d100ab20fe8d5

      SHA256

      8cabbd2ad374da8e58374c6915592d217966e7ea7e0d4038aa21a2d92a5a0612

      SHA512

      bb7b40d3907ec7d96ed2827067b9b727bf8cc660be21d8aa40267ed25c44bf06b54654af669c5a47dbb321b3d46275780c00fffbc15a7af0c5bee03bdc3d1988

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\observe3.dll
      Filesize

      6.9MB

      MD5

      959d931f58b1fe68c369d519962834ae

      SHA1

      1b9d63e78b8f462fbcf8aadf439b6951827e6044

      SHA256

      632cc15c0a1dff6de6d5a4280236b496b56f98a235cfdae3c49cc8a7bc0258ae

      SHA512

      5ebeb760bc265dfb05ca1633644997df71612da980cda0a7fd4859622bc901d16a445c9b3e3c205b5c21a813f0e0fc9ea328e5a8d655c2dde020eb04b2785e89

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\platforms\qwindows.dll
      Filesize

      1.2MB

      MD5

      85aa93ec804343839e9710de5bc728f1

      SHA1

      3186488ae25d55249898ce968c911dc48bda3950

      SHA256

      2565fe1111bf0ba6b98683030b8da92f77da877d0a981f712184e4ce5018b723

      SHA512

      d54cdc252436b7f71f83bd9af2f9bdacfe2f9d478a4502959498fa3eb7b8cb822cb5caf1d68297cd95c97a64c2706373fe2cbce22e620ada6b731dd9bad199ae

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\styles\qwindowsvistastyle.dll
      Filesize

      125KB

      MD5

      e7ae12f14530a2687c4490817bc01a8e

      SHA1

      4d6d4eecde95b2ca35d59e3f97d28cd1ae9cae03

      SHA256

      424ba260332cf1d7b45813032ecba9150f59fb5c5f966eae63675e376e3d0ed1

      SHA512

      8089b1a059fd885cc18d94a9a80ee9448b24ab4458e568330a365cc8f6b8d23e2c56b56cf83a81a2297c0046c6b0fb88f9e24994d40f51e3825a49d716b2bb8c

      Download Submit

    • C:\Users\Admin\AppData\Local\Programs\Advanced PDF Community\vcruntime140.dll
      Filesize

      85KB

      MD5

      cc5902b7b94f0e213e02225238723aed

      SHA1

      5fff49fc19f8f426ffd360fed3e1a59f0f70feb4

      SHA256

      dacddfb8c14e2532f6418a3f6460e4206dc578a5338c540e340bc208a4e0685f

      SHA512

      6f4aa64e3e0db7d9851a9863b578dd1f07d6cb5277f2cac870b402aeeddc7259ee110acc24b465280ccfc006057756a570395cab319844c751d5913ab0d98d1e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log
      Filesize

      546B

      MD5

      9117459dc10d3e88699484395d872f20

      SHA1

      c46e61e16dcba67c670dcc5cbe8858784d21779b

      SHA256

      99e9aaf8565772a24346756d461b96a86d4fab9917f9b5fb2aabcd714d803f03

      SHA512

      2b1eb501cd34c4cfc42e929e70b2c07ae20cc8293e74c8ade36777e80e19be33cbb55717c0d33ff3df4f169fedb75beb1a52f1dc6b79565ef028943dedae9237

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
      Filesize

      68KB

      MD5

      e2bf93644d8b1c89718b7feb6c6d172a

      SHA1

      7e27797f85bb14531d3b65d918efcaad36e7ddd9

      SHA256

      ee740d9b0b61e87914223bdcefd9fb96ef267df736b516d4c33746c63b7d5632

      SHA512

      31f4cf717fe49fd735fd42c3d094cd42fd0832d9c0ae09e05397c5747d8b71c45e3ec38021a394ee5bae39ca9af71e1b64ca3bfc2fc9a02a66c5975155342e1b

      Download Submit

    • C:\Windows\Installer\e57bd26.msi
      Filesize

      42.2MB

      MD5

      35326185522dc59b07d95394238910b0

      SHA1

      d27f3b1fb2e2dc6e08cd017a93650fcfb2c40ba0

      SHA256

      cd3dbac3df5748f3de3c0414d222b4e7d370e77037813541a298646f69513214

      SHA512

      0bdf4547c8c720553a75f904cd8101a1a5ee82dacbad6d8ce78a9ed7cc35a8897acf63a69fa07a85bf7322cbfa8c94fab2c0063fab49e8094342a5e80506dfa1

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      23.7MB

      MD5

      5b01b87ff50a04e19a8347e4a15a4346

      SHA1

      9041486885ccd651675724abbb7989eb1f758949

      SHA256

      1879ae2decf228e746755fed6185b0a84fb09b415a3b67717f7d9ec572e7f37e

      SHA512

      e5964303b2272653f05d41b6a3a0e552b930d33e5624598c82d9460b480a7d4a59e8b7a28d2e03b4777d8b23478cc7c9cf61d507d2de04d0b578e177f9118a39

      Download Submit

    • \??\Volume{f171a6e7-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{d1880e8f-6cda-4c4a-ba12-d5fe636a4bbd}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      c3a4b1f6facd2ab38251bdfb9dfda20c

      SHA1

      bbb62db0ceb3257345582a1357b77bcdc4856d3f

      SHA256

      c9876c81b4b80d706a8744d6766fa4d7be824b08f69ed18eb2ff83d5f7d4ebfe

      SHA512

      14b06524c857566c6728aedfa87a3f02d51e7da35146a1fe2a5107597a62d9bda84f7c1168e440606b1ade6a0e6b025e7c2ca8ad9c24a8c23aac976c21f67638

      Download Submit

    • memory/4444-1144-0x0000000003A50000-0x0000000003A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1092-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1130-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1129-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1128-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1127-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1125-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1124-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1123-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1122-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1121-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1117-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1116-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1115-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1114-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1113-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1112-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1110-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1109-0x00000000039C0000-0x00000000039C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1108-0x00000000039C0000-0x00000000039C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1107-0x00000000039C0000-0x00000000039C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1106-0x00000000039C0000-0x00000000039C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1105-0x00000000039C0000-0x00000000039C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1104-0x00000000039C0000-0x00000000039C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1102-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1101-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1100-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1099-0x00000000039B0000-0x00000000039B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1098-0x00000000039B0000-0x00000000039B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1097-0x00000000039B0000-0x00000000039B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1095-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1094-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1093-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1131-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1091-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1090-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1089-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1088-0x00000000039A0000-0x00000000039A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1132-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1133-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1134-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1135-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1136-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1137-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1138-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1140-0x0000000003A50000-0x0000000003A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1141-0x0000000003A50000-0x0000000003A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1142-0x0000000003A50000-0x0000000003A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1143-0x0000000003A50000-0x0000000003A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1145-0x0000000003A50000-0x0000000003A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-974-0x00000000042D0000-0x0000000004710000-memory.dmp

      Filesize

      4.2MB

      Download

    • memory/4444-1146-0x0000000003A50000-0x0000000003A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1147-0x0000000003A50000-0x0000000003A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1118-0x00000000039B0000-0x00000000039B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1119-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-1120-0x00000000039F0000-0x00000000039F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-976-0x0000000004710000-0x0000000004910000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/7688-2286-0x000000001B4B0000-0x000000001B4D4000-memory.dmp

      Filesize

      144KB

      Download

    • memory/7688-2287-0x000000001B500000-0x000000001B518000-memory.dmp

      Filesize

      96KB

      Download

    • memory/7688-2288-0x000000001B540000-0x000000001B560000-memory.dmp

      Filesize

      128KB

      Download

    • memory/7688-2289-0x000000001B560000-0x000000001B86E000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/7688-2291-0x000000001BDE0000-0x000000001BE42000-memory.dmp

      Filesize

      392KB

      Download

    • memory/7688-2290-0x000000001BD20000-0x000000001BD69000-memory.dmp

      Filesize

      292KB

      Download

    • memory/7688-2292-0x000000001C320000-0x000000001C7EE000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/7688-2293-0x000000001C890000-0x000000001C92C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/7688-2294-0x000000001BCB0000-0x000000001BCB8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/7688-2295-0x000000001CC60000-0x000000001CC9E000-memory.dmp

      Filesize

      248KB

      Download