cb9f9ee5546079c0b341871c5e4a6dddfe3a155c0c92f62a9865c9761d32410d

Analysis

max time kernel
1801s
max time network
1675s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wondershare_UniConverter_15.0.10.8/uniconverter15_64bit_full14204.exe
Size

251.0MB
MD5

a82aef6cc605b1854a54d8a5e142957c
SHA1

f0613a7f3de506d074190a1382e232d414e39ff4
SHA256

5fdc7fe68965ab56e5be55a5edb718dd93791e75eb6b856274a3e7cf947d9090
SHA512

fc67641e2216aa5bb05b56a7a8b7703427b8689e633185d4c01a71736e79565aff2e14c5639dac59023fdcbaee5e2a23a10bc46105b2b4534020a7e178b9030d
SSDEEP

6291456:YEkYRSNlO1EOM1n5jv8OgVef1seM5yKBj:lNSNlOWOM1nNfeefo8KZ

Score

6^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wondershare Helper Compact.exe = "C:\\Program Files\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"	uniconverter15_64bit_full14204.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UniConverterUpdateHelper = "C:\\Program Files\\Wondershare\\UniConverter 15\\WSVCUUpdateHelper.exe"	uniconverter15_64bit_full14204.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wondershare Helper Compact.exe = "C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"	Wondershare Helper Compact.tmp

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
5088	netsh.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	uniconverter15_64bit_full14204.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	VideoConverterUltimate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\Crypto\Hash\is-PA24R.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-F4N4E.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\UploadRes\is-IIJJ1.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\UploadRes\facebookads\is-RUT61.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\fftw3f.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\is-8FNR7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\control\is-ARCRL.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\trial\is-QKK3K.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\home\is-OKJ1R.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\svg\is-OQKTR.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-C94A8.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\UploadRes\requests\packages\chardet\is-K489F.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\UploadRes\apiclient\is-I8RF5.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\EffectPlug\Thumbnail\is-9L5CM.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\is-56NNL.tmp	Wondershare Helper Compact.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\DRMConverter\PlugIns\wp_avi.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Uninstall\is-1KG2C.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\icon\icon_basic\icon16\is-UUEE5.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\svg\is-GGU45.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon24\is-I8BR7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-7KKK7.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\api-ms-win-core-file-l2-1-0.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\is-JU0SG.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\button\is-6LFF2.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\svg\is-V2UN2.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\is-OGGNP.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\EffectPlug\Thumbnail\is-TSULD.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\wccCom\Skin\Default\wccCom\is-9NB5E.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\WUL.Core.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\home\is-IQ9AG.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\home\is-0996F.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-FFD6O.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DRMConverter\PlugIns\is-79H82.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DRMConverter\PlugIns\is-9CEB4.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\EffectPlug\Shader\texture\is-55FF4.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\DecPlugins\vdpIntelMediaSdkEx.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\is-1FQE4.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\illustration\is-P9MMP.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Uninstaller\is-J9C3M.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\WS_Extractor\is-HLN8C.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\button\is-VIFAO.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\icon\icon_state\icon24\is-IFU08.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\button\is-90D2A.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\is-4O53O.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\EffectPlug\Shader\is-JSJJB.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\VideoDownloader.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon\is-NVPJS.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-J43E3.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\UploadRes\requests\packages\chardet\is-3OE8B.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-HVJCC.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\EffectPlug\Thumbnail\is-9LPL7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-MUB9N.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\EffectPlug\Thumbnail\is-2587I.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\log\TransferProcess.log	TransferProcess.exe
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\PlugIns\wp_h264.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon32\is-AQ95Q.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\svg\is-3Q31P.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\svg\is-K1O4T.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\VCPlayer.exe	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\control\is-A2UMS.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-MTTJV.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\WS_Extractor\is-53JDT.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\EffectPlug\Merge\is-QRMUK.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\DRMConverter\PlugIns\wp_mkv.dll	uniconverter15_64bit_full14204.tmp

Drops file in Windows directory 47 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\is-RV28S.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-272LU.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-U73DQ.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-VVMVL.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-7L8RT.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-ATGRV.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-4I54Q.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-15SE1.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-74M9U.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-F9004.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-4RV4B.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-76G94.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-V791J.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-6R4JL.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-PGBM7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-QRR68.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-VH8F8.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-FQSUH.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-O3BFE.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-1B7SU.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-GUPF7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-MR73I.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-KPHH2.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-67FNV.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-GQ7K3.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-VFIHT.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-QC081.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-3PRE0.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-32SDO.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-GFGBH.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-VCIPM.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-Q06AR.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-QTH9R.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-FH6OS.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-2PHOL.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-THM8H.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-85ECK.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-B8POC.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-IK4AG.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-VQ53R.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-HKKLB.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-2EIML.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-S50TR.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-8JSN5.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-7VR8S.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-7J9E7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-U1SR8.tmp	uniconverter15_64bit_full14204.tmp

Executes dropped EXE 31 IoCs

pid	Process
4036	uniconverter15_64bit_full14204.tmp
1804	_setup64.tmp
3728	Wondershare NativePush_14416_64bit.exe
3628	Wondershare NativePush_14416_64bit.tmp
4048	_setup64.tmp
4896	WsNativePushService.exe
2012	WsNativePushService.exe
2160	WsNativePushService.exe
4424	Wondershare Helper Compact.exe
2216	WsToastNotification.exe
4288	Wondershare Helper Compact.tmp
1140	WSHelper.exe
4692	URLReqService.exe
4908	GraphicAccelerateCheck.exe
3180	2Dto3D.exe
3748	FileAssociation.exe
664	FileAssociation.exe
4228	FileAssociation.exe
4860	cmdCheckMFForVCE.exe
4424	VideoConverterUltimate.exe
5924	WsCloudHelper.exe
6028	TransferProcess.exe
3320	Wondershare Uniconverter Update(x64).exe
3704	sniffer.exe
508	Wondershare Uniconverter Update(x64).tmp
5460	GetMediaInfo.exe
3280	_setup64.tmp
5552	WSVCUUpdateHelper.exe
5628	WsMsgPush.exe
32	DVDTemplateInstall.exe
4284	DVDTemplateInstall.tmp

Loads dropped DLL 64 IoCs

pid	Process
4036	uniconverter15_64bit_full14204.tmp
4036	uniconverter15_64bit_full14204.tmp
4036	uniconverter15_64bit_full14204.tmp
4036	uniconverter15_64bit_full14204.tmp
4036	uniconverter15_64bit_full14204.tmp
2216	WsToastNotification.exe
2216	WsToastNotification.exe
4288	Wondershare Helper Compact.tmp
4288	Wondershare Helper Compact.tmp
4288	Wondershare Helper Compact.tmp
1140	WSHelper.exe
1140	WSHelper.exe
1140	WSHelper.exe
1140	WSHelper.exe
1140	WSHelper.exe
1140	WSHelper.exe
1688	regsvr32.exe
1276	regsvr32.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
2944	RegAsm.exe
4692	URLReqService.exe
4908	GraphicAccelerateCheck.exe
4908	GraphicAccelerateCheck.exe
4908	GraphicAccelerateCheck.exe
4908	GraphicAccelerateCheck.exe
4908	GraphicAccelerateCheck.exe
4860	cmdCheckMFForVCE.exe
4860	cmdCheckMFForVCE.exe
4860	cmdCheckMFForVCE.exe
4860	cmdCheckMFForVCE.exe
4860	cmdCheckMFForVCE.exe
4860	cmdCheckMFForVCE.exe
4860	cmdCheckMFForVCE.exe
4860	cmdCheckMFForVCE.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 38 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wondershare NativePush_14416_64bit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wondershare Helper Compact.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uniconverter15_64bit_full14204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wondershare NativePush_14416_64bit.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wondershare Uniconverter Update(x64).tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileAssociation.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TransferProcess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DVDTemplateInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wondershare Helper Compact.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WSHelper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileAssociation.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uniconverter15_64bit_full14204.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2Dto3D.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wondershare Uniconverter Update(x64).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TASKKILL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileAssociation.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DVDTemplateInstall.tmp

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GetMediaInfo.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GraphicAccelerateCheck.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GraphicAccelerateCheck.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	cmdCheckMFForVCE.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	cmdCheckMFForVCE.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	VideoConverterUltimate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	VideoConverterUltimate.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GetMediaInfo.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 21 IoCs

evasion

pid	Process
1600	TASKKILL.exe
64	TASKKILL.exe
4992	TASKKILL.exe
5060	TASKKILL.exe
4032	TASKKILL.exe
2064	TASKKILL.exe
1992	TASKKILL.exe
3244	TASKKILL.exe
2072	TASKKILL.exe
3464	TASKKILL.exe
3308	TASKKILL.exe
4452	TASKKILL.exe
3520	TASKKILL.exe
3708	TASKKILL.exe
4868	TASKKILL.exe
3476	TASKKILL.exe
4856	TASKKILL.exe
3732	TASKKILL.exe
1732	TASKKILL.exe
2364	TASKKILL.exe
220	TASKKILL.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Desktop\MuiCached	WsMsgPush.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main	uniconverter15_64bit_full14204.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\TabShutdownDelay = "0"	uniconverter15_64bit_full14204.tmp

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E54CA057-1A4E-361F-9F3F-6C2635C81396}\TypeLib\ = "{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.WMA\shell\open\ = "Play with UniConverter Player"	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C91DBF93-5FEB-4761-8E72-936C6118C6F6}\3.0\ = "Utilities"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.AIFF\DefaultIcon\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\skin\\common\\player.ico"	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B76550E2-048B-4D8C-B432-4668A54EDEA3}\ = "IRegister"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.DV\DefaultIcon\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\skin\\common\\player.ico"	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1CB5C1BD-2E68-3CD5-AD84-93D626300220}\InprocServer32\ThreadingModel = "Both"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{05C2CB2D-A42E-3709-81D5-67C9E7E1C1CF}\1.0.0.0\CodeBase = "file:///C:/Program Files/Wondershare/UniConverter 15/WsBurner.EXE"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E64FE52B-0795-316E-832D-85BFBCD430DB}\ = "_DiscFormat2Erase_EventHandler"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCB-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Program Files/Wondershare/UniConverter 15/WsBurner.EXE"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.3GP\shell\open\command\ = "\"C:\\Program Files\\Wondershare\\UniConverter 15\\VCPlayer.exe\" \"-openfile\" \"%1\""	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5610D1A9-5B54-4E77-9190-94FF9E59AFBA}\ = "IUploadVideoFile"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC7-975B-59BE-A960-9A2A262853A5}\InprocServer32\CodeBase = "file:///C:/Program Files/Wondershare/UniConverter 15/WsBurner.EXE"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.M2T\DefaultIcon	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.OGG\shell\open\command\ = "\"C:\\Program Files\\Wondershare\\UniConverter 15\\VCPlayer.exe\" \"-openfile\" \"%1\""	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4D3609D2-1D8A-4E9F-884B-438AFDDECB86}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B171F5B4-0B1D-3EAC-ACB7-665F326E3652}\1.0.0.0\RuntimeVersion = "v2.0.50727"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB8469C0-0259-32CE-8E1D-CB2B359E7899}\TypeLib	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.TRP\DefaultIcon\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\skin\\common\\player.ico"	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.FLAC\DefaultIcon\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\skin\\common\\player.ico"	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4D3609D2-1D8A-4E9F-884B-438AFDDECB86}\TypeLib\ = "{D85C6069-D628-4276-93C3-9A94E5338D8B}"	WSHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{853B0356-7C37-4A8B-84C2-93B8B749E2D2}\ProxyStubClsid32	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5780986-BD01-3162-AD65-AC021060471C}\TypeLib\ = "{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.MTS\DefaultIcon\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\skin\\common\\player.ico"	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.F4V\shell\open\ = "Play with UniConverter Player"	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0477E5C9-0877-499A-8A7C-154C777293DC}\TypeLib\ = "{D85C6069-D628-4276-93C3-9A94E5338D8B}"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E54CA057-1A4E-361F-9F3F-6C2635C81396}\ = "_BurnProgressData"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3CFFB169-4E23-35EC-9469-E901AEAF11C9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5C2374F4-BAFB-48C1-B447-26ECDC3AD6C9}\ProxyStubClsid32	2Dto3D.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.3G2	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.TRP\shell\open\command	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.DV	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{45698A01-851C-3937-B3FA-54E6EF05C89A}\1.0.0.0	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wondershare.Burner.BurnProgressData\CLSID	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.MPA\DefaultIcon\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\skin\\common\\player.ico"	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0FA988D3-BA51-48AD-A518-6462CD5FF547}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2838466-9EF7-3135-AFCD-A8D7E41AD0E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46884330-13BA-4AC9-BEDC-3A2E955EB8DA}\ProxyStubClsid32	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55DB3C89-37B9-41E8-87CC-7C578D2F5374}\ = "ICheckUpdate"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E5780986-BD01-3162-AD65-AC021060471C}\TypeLib\ = "{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.USE\DefaultIcon\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\skin\\common\\TypeIcon.ico"	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0477E5C9-0877-499A-8A7C-154C777293DC}\TypeLib	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1839CDE-A191-4DA4-9FCE-178A88318DF4}\ = "IAuthorized"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDE9985D-A983-4F79-8880-906C69BDF204}\TypeLib\Version = "1.0"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5C2374F4-BAFB-48C1-B447-26ECDC3AD6C9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	2Dto3D.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A6E61D83-DC0F-3F2E-9AA1-BACC7CD056CF}\1.0.0.0\Class = "IMAPI2.Interop.IMAPI_FORMAT2_DATA_MEDIA_STATE"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC9-975B-59BE-A960-9A2A262853A5}\InprocServer32\RuntimeVersion = "v2.0.50727"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{905BFB89-B8E7-4697-9D69-1E1550413A30}\ = "IComFileProvider"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3218B063-5DAF-4668-AE5E-C77BC421F92A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0FA988D3-BA51-48AD-A518-6462CD5FF547}\ = "IExceptionLog"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC9-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\Assembly = "WsBurner, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.amr	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC8-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\Assembly = "WsBurner, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E54CA057-1A4E-361F-9F3F-6C2635C81396}\TypeLib\ = "{4171D4F1-18BA-4CF9-AFDA-AAC12C91BB44}"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C2Dto3D.math.1\CLSID	2Dto3D.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1839CDE-A191-4DA4-9FCE-178A88318DF4}\ProxyStubClsid32	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F0ABE7E0-32E3-472E-924C-162B1996DC23}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	WSHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7C57A97-4CC2-439C-8D0B-D4700309225D}	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E962A61-DFC4-49B1-B7AE-91FBAFB7191C}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{BD0A682A-3D52-3CBC-BC08-5F253F5A4CCE}\1.0.0.0\RuntimeVersion = "v2.0.50727"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCB-975B-59BE-A960-9A2A262853A5}\InprocServer32\Assembly = "WsBurner, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A8299CF1-2427-302E-9FC2-CF921D2216FE}\1.0.0.0\RuntimeVersion = "v2.0.50727"	RegAsm.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4036	uniconverter15_64bit_full14204.tmp
4036	uniconverter15_64bit_full14204.tmp
3628	Wondershare NativePush_14416_64bit.tmp
3628	Wondershare NativePush_14416_64bit.tmp
2160	WsNativePushService.exe
2160	WsNativePushService.exe
2160	WsNativePushService.exe
2160	WsNativePushService.exe
4288	Wondershare Helper Compact.tmp
4288	Wondershare Helper Compact.tmp
4288	Wondershare Helper Compact.tmp
4288	Wondershare Helper Compact.tmp
4288	Wondershare Helper Compact.tmp
4288	Wondershare Helper Compact.tmp
2128	msedge.exe
2128	msedge.exe
2364	msedge.exe
2364	msedge.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
508	Wondershare Uniconverter Update(x64).tmp
508	Wondershare Uniconverter Update(x64).tmp
5924	WsCloudHelper.exe
5924	WsCloudHelper.exe
5924	WsCloudHelper.exe
5924	WsCloudHelper.exe
5460	GetMediaInfo.exe
5460	GetMediaInfo.exe
5924	WsCloudHelper.exe
5924	WsCloudHelper.exe
5460	GetMediaInfo.exe
5460	GetMediaInfo.exe
5924	WsCloudHelper.exe
5924	WsCloudHelper.exe
5460	GetMediaInfo.exe
5460	GetMediaInfo.exe
5924	WsCloudHelper.exe
5924	WsCloudHelper.exe
5460	GetMediaInfo.exe
5460	GetMediaInfo.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe
5924	WsCloudHelper.exe
5924	WsCloudHelper.exe
5460	GetMediaInfo.exe
5460	GetMediaInfo.exe
5924	WsCloudHelper.exe
5924	WsCloudHelper.exe
5460	GetMediaInfo.exe
5460	GetMediaInfo.exe
5628	WsMsgPush.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

description	pid	Process
Token: SeDebugPrivilege	220	TASKKILL.exe
Token: SeDebugPrivilege	3708	TASKKILL.exe
Token: SeDebugPrivilege	5060	TASKKILL.exe
Token: SeDebugPrivilege	3520	TASKKILL.exe
Token: SeDebugPrivilege	1600	TASKKILL.exe
Token: SeDebugPrivilege	1992	TASKKILL.exe
Token: SeDebugPrivilege	4868	TASKKILL.exe
Token: SeDebugPrivilege	3244	TASKKILL.exe
Token: SeDebugPrivilege	3476	TASKKILL.exe
Token: SeDebugPrivilege	2072	TASKKILL.exe
Token: SeDebugPrivilege	3464	TASKKILL.exe
Token: SeDebugPrivilege	4856	TASKKILL.exe
Token: SeDebugPrivilege	64	TASKKILL.exe
Token: SeDebugPrivilege	2064	TASKKILL.exe
Token: SeDebugPrivilege	4992	TASKKILL.exe
Token: SeDebugPrivilege	3732	TASKKILL.exe
Token: SeDebugPrivilege	3308	TASKKILL.exe
Token: SeDebugPrivilege	4032	TASKKILL.exe
Token: SeDebugPrivilege	4452	TASKKILL.exe
Token: SeDebugPrivilege	1732	TASKKILL.exe
Token: SeDebugPrivilege	2364	TASKKILL.exe
Token: SeDebugPrivilege	4424	VideoConverterUltimate.exe
Token: 35	4424	VideoConverterUltimate.exe
Token: SeDebugPrivilege	5924	WsCloudHelper.exe
Token: 35	3704	sniffer.exe
Token: SeDebugPrivilege	5552	WSVCUUpdateHelper.exe
Token: SeDebugPrivilege	5628	WsMsgPush.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4036	uniconverter15_64bit_full14204.tmp
3628	Wondershare NativePush_14416_64bit.tmp
1140	WSHelper.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
508	Wondershare Uniconverter Update(x64).tmp
4284	DVDTemplateInstall.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1140	WSHelper.exe
4424	VideoConverterUltimate.exe
4424	VideoConverterUltimate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 4036	920	uniconverter15_64bit_full14204.exe	83
PID 920 wrote to memory of 4036	920	uniconverter15_64bit_full14204.exe	83
PID 920 wrote to memory of 4036	920	uniconverter15_64bit_full14204.exe	83
PID 4036 wrote to memory of 220	4036	uniconverter15_64bit_full14204.tmp	101
PID 4036 wrote to memory of 220	4036	uniconverter15_64bit_full14204.tmp	101
PID 4036 wrote to memory of 220	4036	uniconverter15_64bit_full14204.tmp	101
PID 4036 wrote to memory of 3708	4036	uniconverter15_64bit_full14204.tmp	104
PID 4036 wrote to memory of 3708	4036	uniconverter15_64bit_full14204.tmp	104
PID 4036 wrote to memory of 3708	4036	uniconverter15_64bit_full14204.tmp	104
PID 4036 wrote to memory of 5060	4036	uniconverter15_64bit_full14204.tmp	106
PID 4036 wrote to memory of 5060	4036	uniconverter15_64bit_full14204.tmp	106
PID 4036 wrote to memory of 5060	4036	uniconverter15_64bit_full14204.tmp	106
PID 4036 wrote to memory of 3520	4036	uniconverter15_64bit_full14204.tmp	108
PID 4036 wrote to memory of 3520	4036	uniconverter15_64bit_full14204.tmp	108
PID 4036 wrote to memory of 3520	4036	uniconverter15_64bit_full14204.tmp	108
PID 4036 wrote to memory of 1600	4036	uniconverter15_64bit_full14204.tmp	110
PID 4036 wrote to memory of 1600	4036	uniconverter15_64bit_full14204.tmp	110
PID 4036 wrote to memory of 1600	4036	uniconverter15_64bit_full14204.tmp	110
PID 4036 wrote to memory of 1992	4036	uniconverter15_64bit_full14204.tmp	112
PID 4036 wrote to memory of 1992	4036	uniconverter15_64bit_full14204.tmp	112
PID 4036 wrote to memory of 1992	4036	uniconverter15_64bit_full14204.tmp	112
PID 4036 wrote to memory of 4868	4036	uniconverter15_64bit_full14204.tmp	114
PID 4036 wrote to memory of 4868	4036	uniconverter15_64bit_full14204.tmp	114
PID 4036 wrote to memory of 4868	4036	uniconverter15_64bit_full14204.tmp	114
PID 4036 wrote to memory of 3244	4036	uniconverter15_64bit_full14204.tmp	116
PID 4036 wrote to memory of 3244	4036	uniconverter15_64bit_full14204.tmp	116
PID 4036 wrote to memory of 3244	4036	uniconverter15_64bit_full14204.tmp	116
PID 4036 wrote to memory of 3476	4036	uniconverter15_64bit_full14204.tmp	118
PID 4036 wrote to memory of 3476	4036	uniconverter15_64bit_full14204.tmp	118
PID 4036 wrote to memory of 3476	4036	uniconverter15_64bit_full14204.tmp	118
PID 4036 wrote to memory of 2072	4036	uniconverter15_64bit_full14204.tmp	120
PID 4036 wrote to memory of 2072	4036	uniconverter15_64bit_full14204.tmp	120
PID 4036 wrote to memory of 2072	4036	uniconverter15_64bit_full14204.tmp	120
PID 4036 wrote to memory of 3464	4036	uniconverter15_64bit_full14204.tmp	122
PID 4036 wrote to memory of 3464	4036	uniconverter15_64bit_full14204.tmp	122
PID 4036 wrote to memory of 3464	4036	uniconverter15_64bit_full14204.tmp	122
PID 4036 wrote to memory of 4856	4036	uniconverter15_64bit_full14204.tmp	124
PID 4036 wrote to memory of 4856	4036	uniconverter15_64bit_full14204.tmp	124
PID 4036 wrote to memory of 4856	4036	uniconverter15_64bit_full14204.tmp	124
PID 4036 wrote to memory of 64	4036	uniconverter15_64bit_full14204.tmp	126
PID 4036 wrote to memory of 64	4036	uniconverter15_64bit_full14204.tmp	126
PID 4036 wrote to memory of 64	4036	uniconverter15_64bit_full14204.tmp	126
PID 4036 wrote to memory of 2064	4036	uniconverter15_64bit_full14204.tmp	128
PID 4036 wrote to memory of 2064	4036	uniconverter15_64bit_full14204.tmp	128
PID 4036 wrote to memory of 2064	4036	uniconverter15_64bit_full14204.tmp	128
PID 4036 wrote to memory of 4992	4036	uniconverter15_64bit_full14204.tmp	130
PID 4036 wrote to memory of 4992	4036	uniconverter15_64bit_full14204.tmp	130
PID 4036 wrote to memory of 4992	4036	uniconverter15_64bit_full14204.tmp	130
PID 4036 wrote to memory of 3732	4036	uniconverter15_64bit_full14204.tmp	132
PID 4036 wrote to memory of 3732	4036	uniconverter15_64bit_full14204.tmp	132
PID 4036 wrote to memory of 3732	4036	uniconverter15_64bit_full14204.tmp	132
PID 4036 wrote to memory of 3308	4036	uniconverter15_64bit_full14204.tmp	134
PID 4036 wrote to memory of 3308	4036	uniconverter15_64bit_full14204.tmp	134
PID 4036 wrote to memory of 3308	4036	uniconverter15_64bit_full14204.tmp	134
PID 4036 wrote to memory of 4032	4036	uniconverter15_64bit_full14204.tmp	136
PID 4036 wrote to memory of 4032	4036	uniconverter15_64bit_full14204.tmp	136
PID 4036 wrote to memory of 4032	4036	uniconverter15_64bit_full14204.tmp	136
PID 4036 wrote to memory of 4452	4036	uniconverter15_64bit_full14204.tmp	138
PID 4036 wrote to memory of 4452	4036	uniconverter15_64bit_full14204.tmp	138
PID 4036 wrote to memory of 4452	4036	uniconverter15_64bit_full14204.tmp	138
PID 4036 wrote to memory of 1732	4036	uniconverter15_64bit_full14204.tmp	140
PID 4036 wrote to memory of 1732	4036	uniconverter15_64bit_full14204.tmp	140
PID 4036 wrote to memory of 1732	4036	uniconverter15_64bit_full14204.tmp	140
PID 4036 wrote to memory of 2364	4036	uniconverter15_64bit_full14204.tmp	142

C:\Users\Admin\AppData\Local\Temp\Wondershare_UniConverter_15.0.10.8\uniconverter15_64bit_full14204.exe
"C:\Users\Admin\AppData\Local\Temp\Wondershare_UniConverter_15.0.10.8\uniconverter15_64bit_full14204.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:920
- C:\Users\Admin\AppData\Local\Temp\is-DUTCF.tmp\uniconverter15_64bit_full14204.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-DUTCF.tmp\uniconverter15_64bit_full14204.tmp" /SL5="$D003A,261923366,172032,C:\Users\Admin\AppData\Local\Temp\Wondershare_UniConverter_15.0.10.8\uniconverter15_64bit_full14204.exe"
  2⤵
  - Adds Run key to start application
  - Checks computer location settings
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4036
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM iTunesConverter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:220
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM GraphicAccelerateCheck.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3708
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM TransferProcess.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5060
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM CmdConverter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3520
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM kv_dr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1600
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM DVDMaker.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1992
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM ScreenCapture.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4868
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM sniffer.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3244
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM StartRecorder.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3476
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM VideoConverterUltimate.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2072
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM WsTaskLoad.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3464
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM VideoToImages.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4856
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM WSVCUUpdateHelper.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:64
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM FeedBackHelper.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2064
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM WsPushHelper.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4992
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM WsMsgPush.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3732
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM ProductUpdate.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3308
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM ElevationService.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4032
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM AppleMobileService.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4452
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM addCloudDrive.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1732
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM fileUploadUi.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2364
- - C:\Users\Admin\AppData\Local\Temp\is-6PG3D.tmp\_isetup\_setup64.tmp
    helper 105 0x5F8
    3⤵
    - Executes dropped EXE
    PID:1804
- - C:\Program Files\Wondershare\UniConverter 15\Wondershare NativePush_14416_64bit.exe
    "C:\Program Files\Wondershare\UniConverter 15\Wondershare NativePush_14416_64bit.exe" /VERYSILENT /BINDINSTALL
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\is-DJKGL.tmp\Wondershare NativePush_14416_64bit.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-DJKGL.tmp\Wondershare NativePush_14416_64bit.tmp" /SL5="$20206,2821410,938496,C:\Program Files\Wondershare\UniConverter 15\Wondershare NativePush_14416_64bit.exe" /VERYSILENT /BINDINSTALL
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\is-TSR02.tmp\_isetup\_setup64.tmp
        
        helper 105 0x454
        5⤵
        Executes dropped EXE
        
        PID:4048
    - - C:\Windows\system32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="WsToastNotification" dir=in security=authnoencap action=allow program="C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe"
        5⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
        
        "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" install
        5⤵
        Executes dropped EXE
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
        
        "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" start
        5⤵
        Executes dropped EXE
        
        PID:2012
- - C:\Program Files\Wondershare\UniConverter 15\Wondershare Helper Compact.exe
    "C:\Program Files\Wondershare\UniConverter 15\Wondershare Helper Compact.exe" /VERYSILENT
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\is-LR1G1.tmp\Wondershare Helper Compact.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-LR1G1.tmp\Wondershare Helper Compact.tmp" /SL5="$40210,2101139,54272,C:\Program Files\Wondershare\UniConverter 15\Wondershare Helper Compact.exe" /VERYSILENT
      4⤵
      Adds Run key to start application
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4288
    - - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
        
        "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:1140
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s LAVSplitter.ax
    3⤵
    - Loads dropped DLL
    PID:1688
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s CFDecode64.ax
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:1276
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s ScreenCaptureFilter.ax
    3⤵
    PID:2192
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s C:\Windows\system32\WS_ATLMovie.dll
    3⤵
    PID:2064
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Program Files\Wondershare\UniConverter 15\WsBurner.exe" /codebase /tlb
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2944
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe" "C:\Program Files\Wondershare\UniConverter 15\VideoToImages.exe" /codebase /tlb
    3⤵
    - Modifies registry class
    PID:3544
- - C:\Windows\system32\CertUtil.exe
    "CertUtil.exe" -addstore TrustedPublisher "C:\Program Files\Wondershare\UniConverter 15\WsInfoTech.cer"
    3⤵
    PID:5056
- - C:\Windows\system32\CertUtil.exe
    "CertUtil.exe" -addstore TrustedPublisher "C:\Program Files\Wondershare\UniConverter 15\WsInfoTech2018.cer"
    3⤵
    PID:2560
- - C:\Program Files\Wondershare\UniConverter 15\DownloadRes\URLReqService.exe
    "C:\Program Files\Wondershare\UniConverter 15\DownloadRes\URLReqService.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4692
- - C:\Program Files\Wondershare\UniConverter 15\GraphicAccelerateCheck.exe
    "C:\Program Files\Wondershare\UniConverter 15\GraphicAccelerateCheck.exe" "Wondershare UniConverter 15" "C:\Program Files\Wondershare\UniConverter 15"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:4908
  - - C:\Program Files\Wondershare\UniConverter 15\cmdCheckMFForVCE.exe
      "C:\Program Files\Wondershare\UniConverter 15\cmdCheckMFForVCE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:4860
- - C:\Program Files\Wondershare\UniConverter 15\2Dto3D.exe
    "C:\Program Files\Wondershare\UniConverter 15\2Dto3D.exe" /regserver
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:3180
- - C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe
    "C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe" /C ".wmv;.asf;.avi;.mts;.ts;.m2ts;.m2t;.tp;.trp;.tod;.mod;.mp4;.mpg;.mpeg;.vob;.3g2;.3gp;.mov;.m4v;.f4v;.flv;.mkv;.wtv;.ogv;.mxf;.vro;.webm;.divx;.rm;.rmvb;.dat;.dv;.nsv;.ts4;.mp3;.wav;.m4a;.mka;.wma;.aac;.ac3;.ape;.ogg;.aiff;.aif;.opus;.amr;.au;.flac;.mp2;.mpa;.ra;.ram;.m4b;.m4p;.m4r;.caf" "C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate.exe" "C:\Program Files\Wondershare\UniConverter 15\skin\common\player.ico" "Play with UniConverter Player"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:3748
- - C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe
    "C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe" /A ".wmv;.asf;.avi;.mts;.ts;.m2ts;.m2t;.tp;.trp;.tod;.mod;.mp4;.mpg;.mpeg;.vob;.3g2;.3gp;.mov;.m4v;.f4v;.flv;.mkv;.wtv;.ogv;.mxf;.vro;.webm;.divx;.rm;.rmvb;.dv;.nsv;.ts4;.mp3;.wav;.m4a;.mka;.wma;.aac;.ac3;.ape;.ogg;.aiff;.aif;.opus;.amr;.au;.flac;.mp2;.mpa;.ra;.ram;.m4b;.m4p;.m4r;.caf" "C:\Program Files\Wondershare\UniConverter 15\VCPlayer.exe" "C:\Program Files\Wondershare\UniConverter 15\skin\common\player.ico" "Play with UniConverter Player"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:664
- - C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe
    "C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe" /A ".use" "C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate.exe" "C:\Program Files\Wondershare\UniConverter 15\skin\common\TypeIcon.ico" "Open"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cbs.wondershare.cc/go.php?pid=14204&m=i&product_version=15.0.10&client_sign=&is_silent_install=2
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1f9246f8,0x7ffa1f924708,0x7ffa1f924718
      4⤵
      PID:1844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15661845688730965010,3190740918155437004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
      4⤵
      PID:4484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15661845688730965010,3190740918155437004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15661845688730965010,3190740918155437004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
      4⤵
      PID:4048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15661845688730965010,3190740918155437004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
      4⤵
      PID:2944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15661845688730965010,3190740918155437004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
      4⤵
      PID:3732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15661845688730965010,3190740918155437004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
      4⤵
      PID:3476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15661845688730965010,3190740918155437004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
      4⤵
      PID:5752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15661845688730965010,3190740918155437004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
      4⤵
      PID:5768
- - C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate.exe
    "C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate" 1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4424
  - - C:\Program Files\Wondershare\UniConverter 15\WsCloudHelper.exe
      "C:\Program Files\Wondershare\UniConverter 15\WsCloudHelper.exe" /lang "en-us" /msgHanle "328220" /procId "4424" /uid "" /skin "2"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5924
  - - C:\Program Files\Wondershare\UniConverter 15\Transfer\TransferProcess.exe
      "C:\Program Files\Wondershare\UniConverter 15\Transfer\TransferProcess.exe" "MessageHanle=524352"
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6028
  - - C:\Program Files\Wondershare\UniConverter 15\Wondershare Uniconverter Update(x64).exe
      "C:\Program Files\Wondershare\UniConverter 15\Wondershare Uniconverter Update(x64).exe" /VERYSILENT /SP- /DIR="C:\ProgramData\Wondershare\UniConverter 15\UpdateHelper"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\is-46TBH.tmp\Wondershare Uniconverter Update(x64).tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-46TBH.tmp\Wondershare Uniconverter Update(x64).tmp" /SL5="$9006E,8238291,172032,C:\Program Files\Wondershare\UniConverter 15\Wondershare Uniconverter Update(x64).exe" /VERYSILENT /SP- /DIR="C:\ProgramData\Wondershare\UniConverter 15\UpdateHelper"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:508
      - C:\Users\Admin\AppData\Local\Temp\is-FHG5V.tmp\_isetup\_setup64.tmp
        
        helper 105 0x460
        6⤵
        Executes dropped EXE
        
        PID:3280
  - - C:\Program Files\Wondershare\UniConverter 15\sniffer.exe
      "C:\Program Files\Wondershare\UniConverter 15\sniffer.exe" 590270 "" "" "C:\Program Files\Wondershare\UniConverter 15\log\DownloadRes\sniffer.log"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:3704
  - - C:\Program Files\Wondershare\UniConverter 15\GetMediaInfo.exe
      "C:\Program Files\Wondershare\UniConverter 15\GetMediaInfo.exe" msgHandle 262772 AppID 0 ThumbWidh 214 ThumbHeight 120 SupportDRM 1 ParentPID 4424 FastGetMediaInfo 0 ThumbPath "C:\ProgramData\Wondershare\UniConverter 15\TempThumbDir\
      4⤵
      Executes dropped EXE
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:5460
  - - C:\Program Files\Wondershare\UniConverter 15\WSVCUUpdateHelper.exe
      "C:\Program Files\Wondershare\UniConverter 15\WSVCUUpdateHelper.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:5552
  - - C:\Program Files\Wondershare\UniConverter 15\WsMsgPush.exe
      "C:\Program Files\Wondershare\UniConverter 15\WsMsgPush.exe" brand:Wondershare/prodName:UniConverter/pid:14204/lang_3:ENG/lang:en-us/wsid:/prodVer:15.0.10.8/appKey:676f9818cdf18355794ea8a310576940/appSecret:3a274eb29fa128027d58b9146ceafde7/token:/msgHanle:393718/clientSign:{2c39b7c9-a33f-454b-b003-f19153d0abebG}/procId:4424/theme:Light
      4⤵
      Executes dropped EXE
      Modifies Control Panel
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5628
  - - C:\ProgramData\Wondershare\UniConverter 15\DVDTemplateInstall.exe
      "C:\ProgramData\Wondershare\UniConverter 15\DVDTemplateInstall.exe" /SP- /VERYSILENT /norestart installpath "C:\ProgramData\Wondershare\UniConverter 15\MenuRes"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:32
    - - C:\Users\Admin\AppData\Local\Temp\is-3B8Q9.tmp\DVDTemplateInstall.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-3B8Q9.tmp\DVDTemplateInstall.tmp" /SL5="$60068,37203895,119296,C:\ProgramData\Wondershare\UniConverter 15\DVDTemplateInstall.exe" /SP- /VERYSILENT /norestart installpath "C:\ProgramData\Wondershare\UniConverter 15\MenuRes"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        
        PID:4284

C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
"C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2160
- C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\d27d455143c448ce966d70251f099d9c /t 624 /p 4424
1⤵
PID:3192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.ini

Filesize
4KB

MD5
e5132ade6ce22582c21316dc95de728f

SHA1
433e3a79e24b1b515ce2681c9cc283ce19c9a6ca

SHA256
d8bb2d6f25e2fd901f4f8a5e2535539ac9b8bbf087f3f147aa9175433958eddb

SHA512
de6e61c5680f6fdce975dcbb35a7d4f0f5b27d840807bb5b91857b05124ca587aa7589ef5940ca3a85236e54881cc99710f8f324e15a64c4bae77131eea8f93f

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\is-KEFV0.tmp

Filesize
48KB

MD5
2d8ef1f86c38696abef55d64942a2c4a

SHA1
f6710bdda76a1cdb2669f49796f6c3161a895973

SHA256
e6be04c390cee6b4955c8af0c78221fdea3907ca5d0fb5f4f256fe7b05e8a332

SHA512
f668c37d9f722ce8217b87fe6cf2183ecc16451a1402a9d8d143ceac914e7b0056cf8d6aca8f81889cb954c85f12af304efe6d5d9121d4287e47aec2b6732da7

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\is-LU3B0.tmp

Filesize
35KB

MD5
4ef13e267ebbf804dd4157b447aa7059

SHA1
b9507c5b02bbae456ae5de7132ebafd27206b944

SHA256
2476d897a6d20653578fcb98737c85ccd96a42e57f67843ffbc431c0d05909a7

SHA512
81df3f309b6a734fae2e824a4535d9a7251d94885593c7c37ee70853f7c721062023d0d22ba1c92845c6fd14356048478b83c132aa9cec9360690a65b74bf360

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Customization.xml

Filesize
181KB

MD5
0b256dc89146c33becba420c2020770c

SHA1
0cbc1b8e07c7ae59bc5623c6c4ae2830a5de2608

SHA256
bc16f9435b86d05ac52b217568e2f5b8b9c5795d54e2f6626cec35941244d5c9

SHA512
5001234a1a7a3a4abb6539ad556288ff9e54c7dde1493128e8d2de46fff586e05f77a48f5c4340dee02efe87c358114ee7bd2a9ad60ba54442811e376d48bc8b

Download Submit
C:\Program Files\Wondershare\UniConverter 15\DRMConverter\WUL.Core.dll

Filesize
705KB

MD5
335f42c8190c4cc9883a49d0e98e3961

SHA1
26a2e1df26420ba68139b2ce2c94f88fc4093e2e

SHA256
c35ab5048862768fc245fe95c63ad87303f2c2bd80dcc060314fabb8cd10bc4e

SHA512
4d9ec56e0e71010be0620ebddbac877a65f17ffda95b8c28b458f5b3e622463f76150bff1b9a47303bfc03377dd901343349630f0f37a1bd95bd1f6389ef65f2

Download Submit
C:\Program Files\Wondershare\UniConverter 15\DRMConverter\WUL.Ctrls.dll

Filesize
1.6MB

MD5
32ea38f6458c43020f34f235ad489cfe

SHA1
03f5eea8146d4068e1c49361ec7c2d46293c8ba4

SHA256
acfb46b6ed197e760a2d436284a8f9de20a62284a977fef1b516814659e77e18

SHA512
0feecbd3874f3a8abe1be734492718e523c420d024684525435bb68e35586115e7bd98063495694f99dbf408dbaa7d45863474715c518da7a1626a4cfe9caf1a

Download Submit
C:\Program Files\Wondershare\UniConverter 15\DRMConverter\WUL.Localization.dll

Filesize
64KB

MD5
f150af3943816319946c4fe0fe94c828

SHA1
a63467f22c3be58916ef039d28021a1d8c9f5b96

SHA256
b5fc35f2533deff99ffb18a007f4628e0185f20d1992bae127139f70d69bf961

SHA512
fc45e8cda1b3ac0b8bb1f4fcd4b172c004cf31cd2fecedfdb216163b6c0483fdcffb494c7a667cd592a7fdc658b35545cc7aa0b510a3218dd88db1c58a5bbfcd

Download Submit
C:\Program Files\Wondershare\UniConverter 15\DeviceConnection.dll

Filesize
51KB

MD5
98720085c0e9adc9a74e62233b91f6df

SHA1
4b45a0f50f161f4d0bec1fbdfcd03c1b589f2acf

SHA256
8f4ae071fa4484dcd09fea7f71939a71b643bcb44a3b816190c4f56ab7eb4d31

SHA512
adc4d97057ae6f22887e97f8446c03c01cb9184a2c88efc1ee0efbd3935295dd81673606730a8a68bfb189c6e214ac1f6a0ce622240f2661c83191d5e2796bd0

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Default\control\tag_beta\is-MTMQL.tmp

Filesize
1KB

MD5
cbbfdbee1d6bd8528748ce3e2c20ab8f

SHA1
1def5a48f4e6bde9aaa9d4764cbf28e3f6b7320b

SHA256
fab9379dca8276433cb74d00c9b02dd97f28c5afa7f14a7fe5c656b15ad07e6d

SHA512
1479e771f11c197f4a8065bc36872225a5d295fb5acd33209ff882cf0fa09427916ec8a3b7166179d9c9163a9e39ffb3c23f66d61572627db5af04bea2ab61f8

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Default\control\tag_beta\is-UM5I5.tmp

Filesize
2KB

MD5
098e5fdb3f1001e475b9ce8dda3a152c

SHA1
220d22e0c8638dd6947e23c26d3a20f0cf3a4fd7

SHA256
393a9f6c47838ade58de761d17ceefe4a8bc464ada7e36a38af9489cee003467

SHA512
31e81b1f3eb6d832a3dd03940f27381c95130c1170742460067041ce1d1c14c559651a417bacc56e44c5744e4ec29392fd07fbbff9dc1fe143f2883e229f6ccb

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Default\svg\is-MHS74.tmp

Filesize
1KB

MD5
9cbf21825fe26869b3dc476dcb02566e

SHA1
06544fca19338c51374249e1fab3762e025c2b42

SHA256
ad865d2ed5043601211f1e0e2085142483aaa0b8a98f15d0f425075894678dcf

SHA512
9285e2476fcfc0b946cc5e42a1711dfdf9017cc32c600e956de3e3f7ea5296f807bae20627dd2ea0625e6bfbcd3937e2baa0707e0bfef70d99a4ea1f8dadb23a

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\basic\is-KJDC8.tmp

Filesize
999B

MD5
4b3f740cf4a7a0106540a1c78fd8fe70

SHA1
b09172c3b0d08375e313068203497b32df725a6d

SHA256
41ecfb9c8b49aa61a1bd214b138c9532a41e80710b083b3e08b0b7959fd3b499

SHA512
110f3a10899b68cbd9a430fec91b48e0da959ce878097a7538f1c32e82a8117602c3fd831741d1b23e8fbf1843d01966952a3ad7a682892be95fd5c3e96aab0c

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\control\tag_beta\is-1R253.tmp

Filesize
1KB

MD5
f33d79238e0b13cd5c9289c501837563

SHA1
43d182ed04a83379be3a5c137b026117b2407bb8

SHA256
f00c76580b5c97e82a1d36d3f5b249486452382a1ff30260312a9e06a4b54641

SHA512
663f0d7934a4a27bdee4f7334179b2b71115e2e73f34e37e0ccc4aa1a1d49f430147af359d4d89ea51ca5c77ab1cd72f8fe32f6cb999175256618ac27b568f75

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\control\tag_beta\is-HCOOB.tmp

Filesize
1KB

MD5
c9e7e5d8de2d8a216a3684c85c634f00

SHA1
859c9d94e9a39067b1df6bb6e76b477cda92fd48

SHA256
c04d15e8f5ea740c51ab7ef14d75c506b4b7fb160205aa2f1b23447bf971e662

SHA512
fb6ca62ed0826668af366d26b65a06fc7652b0fc946f197b942e064476d4fe7acd059861f694a069cab6e642678c02314f0d5406d0c4f499192dbdd09ee250f0

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_basic\icon16\is-0IOCU.tmp

Filesize
787B

MD5
237d048b497a21e3024575b2f93c5835

SHA1
d35aaef8d13dc802060300f1c7e8b636bd85e878

SHA256
184c83dcb4bde47b70d4f797ce5fdc0a1b3216bfb8e430d277b590d3ba5f0436

SHA512
ec72344e948bd71eb6a877f966ed3477fcc3de4483d59cd5666da6f4a21ee1e782c3d969eeb572661c18543acf1d552a9e105d5b86a8138b8d5e0d7e8bcad92e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_basic\icon16\is-7QIPM.tmp

Filesize
413B

MD5
10f9224755f3e1d536ccc5544db091e8

SHA1
404c6e149361ad04b9f966eb173c92dd16c3b2b6

SHA256
40497bd1a21af08670487bea09a2ccf06e86c58c04f478434058d19cf0587500

SHA512
114d2324ffd2d4697ce86d33f6a30c2de58c3e6288e6691e37c48bd5528a9a945586c172b17c9456f85c0c86a3177ae8af1640446a6855e1b662a3c961e8b21e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_basic\icon16\is-H5GEP.tmp

Filesize
457B

MD5
90a926af2d93322e1c963b4bf9efa0bf

SHA1
bc7e4d9b28299b00f5956bacb2712bc64f3c2c3e

SHA256
208509d60ef021830fe55fb50bd731f1592a7f79c95ad61920d2d78fd51eb1a0

SHA512
fdaee36fea5be674f96a60207c2e222788acae2c64eb4cc9b1f3629f66d9324668f175ac28b6027fcb3945f31b5d56da822db5485a1f7190f2908ffbad0be18e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_basic\icon16\is-HVI7C.tmp

Filesize
599B

MD5
48a159520aa5fcdb4d9e77ceedabf47b

SHA1
192dbbb418f24e8183d0c5fa8c79c9878d7df1d9

SHA256
be2c1a65b74682cceddcbed281a7b5ded60cf04eb61b64feb1e78a009636f83e

SHA512
dcd3112160eeb9c944d77567cdc907dedc07cfa532d7ef4ae87e7d6b95a864abfeec40d90efa7626055aaee9574ee2fb3ea07e7bdebefb658f8d1218c2b4dd7e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon24\is-CNLTB.tmp

Filesize
2KB

MD5
787f76317ccb305bb108d0009cf0e92f

SHA1
6b431e3b76abf900b82c35422058e5e65a22a854

SHA256
6cdcf2635f8dccccce8276d779a8bcca43655170325b3e2562224e737f63d020

SHA512
5726b3a049edfe3902892bc3fec9ecb51053839ab35a4135c86fdeafe6f3bca46d7d4459536e3a5faaf151687824048322c9b64d53ac9d743ebe6182c56cc249

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\svg\is-OGVL5.tmp

Filesize
1KB

MD5
7df1cd3401c7603cfcc5130c69e60345

SHA1
6ae83d01c7a9445cc90ac07538b373e632572210

SHA256
a7a8dfdce1d169ada7adb0a725c2529e3aba8a73a903fd17f4b530ecadc64542

SHA512
f10a20baccf80d5851886f0d5cb1c2b2bc4ded598c4b157a902d2b1f6f76c7fff6c549b745749cc3507da7512cb990792cc1d7659c5384f3103fe89413eaab51

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\svg\is-S3AI2.tmp

Filesize
2KB

MD5
38ab610d0695898db52a0dc6e5bda02f

SHA1
64fb453846d61325009bca1843e9602dd8a775db

SHA256
984c62b98b790bf888dc02d9411fccbae24ac72be43b2725eaf09f15392df6cc

SHA512
13b681eb9106a07e4646eb76b94e7bff2b60ad470a348b689e6d852507ce9780ff91f86646871d423e35f32b4e04bb3bf062c227f56a3f5d9290c0a6673a1bea

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\trial\is-0IICD.tmp

Filesize
46KB

MD5
73c09d89c564da9d5a9f56e1f3cf68ca

SHA1
42f300438995f1b39260e7053362e956f9301ef3

SHA256
c70d6023960a6a4f4ff0261c66b05019ed2443118cdd23546688f1d5c7ccec7f

SHA512
be3ca168b7c09cd7d7298bd56a8e1cbfecae5f33264ba2b2b452b5fbe06342f6797013547a42ff39c63b693ec47d9754c040d99bbf40be988a6e4b332fc271ee

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\trial\is-USI3N.tmp

Filesize
63KB

MD5
de8589ad00bceead5d7aa45c7c336b2f

SHA1
d317fa3dec5e9e4503857331ea0931e641eb0f54

SHA256
48e30e5c40fa2ae027e1e12e78a8e3312beca7bace719a34455df9a604096dae

SHA512
5598276102835793c48acd7e8501b551973f641c9f0a81a6c014d7ac9a07f3a043515f647d2acdb4d840f2b1f0ad7afcb30214fc0869455b609428c2ba9921d3

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Uninstall\is-Q11NK.tmp

Filesize
308KB

MD5
8f439908e8867afa394c7fceb46c0005

SHA1
fa583b65e2ece0b93a5ddeca6743fa1a651c1017

SHA256
f44af18991dfab82386b53f676df25ffaeb8de8d8903f87e687e8e9c054132f6

SHA512
0dfddede0ba9db1922feff6e52c0984d9b303e990ff7de6e7c6e4b752d5847110c9e33e4ed4b26cacca097572bc84d3a8d09e304b06bdb4bc29d24c9bac09272

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\blackFrame.jpg

Filesize
1KB

MD5
995660de4310a80db7caa059c7560a81

SHA1
484fd65bfb1a28548807aae5b0fa7d8a70268539

SHA256
17d3bb85667b3d38da2dfd7837cea11a412177ffd445d048d7c569a50c23c491

SHA512
0a21dd14d298566cc6585a195e42995b8b64364191d50a3b41f3cbe72523939db53256815aec62e1c8e65ac63a5c8ef9bce3be1b451ee0f557988a0ea4dda911

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\ConvertedBanner_Bg96.png

Filesize
63KB

MD5
09502bcf5b10a563a13712246c8bb99c

SHA1
7705867114d55c799d7b557e6bfdad1e1963d593

SHA256
169809ec53f16dc83bdfa347bc74ef28a3feda4dbc7162aca4b0423db8a9daac

SHA512
37f92a5d0157d5f1131dbe4cb12f42158ad22c4bbe8fd659ec2e1daddd59c227206e863733da00e8afcca4ae3145b14f6e6c6108ed113f006c25ec6328a3029e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\ConvertedBanner_BtnCoupons32.png

Filesize
1KB

MD5
e16640f9dd5aeccf1f32cffc95c261e4

SHA1
d254e474e92550a89cd9fc6019b22b4550d8cfca

SHA256
7e751e4ea75d2c18134f906dfdf846c784f8608bc849ce72a6f35d0d0cda1d42

SHA512
7f36855696ac58cb2693140c2b81e7dad8138e5817d7355bce3beda17ba678832cf8e317808b736a62d8f1a610d46394505fe633576eb4fea87e835853b56cbb

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\account-24-off.png

Filesize
2KB

MD5
7adfd71d2a35e5a48cc15f00f7adf7ed

SHA1
ea2b7768f6a449b7ea51fd75013782a3ef926cb8

SHA256
84165ea70e9ea0e568290be458ce5e00432788533b18c34592db63df79569d3a

SHA512
aebd148abea5a51a7ed23bd9216fffc89325a7e5f22089fe08e7f139fc16e298beef95bbc54735d729b4149f120f1900b890822252329940002a3107fb58a9d5

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\account-24-on.png

Filesize
2KB

MD5
c27f0fc210cf65cc0588e20787b67e77

SHA1
3ef075883466cfb88d1e5ca53cb0fa33520083bf

SHA256
7e8f30258f6ec6506121907ffebcbbc58e9379a91012f150f7f743afcd6c784c

SHA512
2b5900b89b205cacc33456673235ff06ccababceed7baad4690ab05ca14d56b42dd77f184ad3ebc3f7c33830c7195b7a1f3f5ad4dd06b66ad9cf743203f02212

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\account-80-vip.png

Filesize
6KB

MD5
d875caf3c7f50e2f320ee1227d5f4cbf

SHA1
4b94f5f57c818703ce00ff7718e6e63fe22afb55

SHA256
36d410e24b29fec66d44278910b30c82262ef2866b477ca7bbacfad427d4b1bb

SHA512
d3bcb74a998ded5088f5c931396b226d747cb409b64e95ce06c92a25721eea643f95ab9dffe664f04a9a731f0f757b9670b4712b83e95775f596131beca859dd

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\account-80.png

Filesize
2KB

MD5
b6f496744b8483f93f7fd502a7a65c8f

SHA1
690635df01e5e95f624683a85878a31a3180304d

SHA256
85017d33a900a90d1a70d1449d8ba76059e17d77094707a1eba9730f1f2cf47b

SHA512
e3eaa97b75cb9a448172e803c5605963a8cdd2f057b8c73546a605b93a7e71ef0cafb4c9b36a6ce2c403fc0cb2d60c4ec53c39b1e8bd575461ad5a4b7767e7f5

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\avatar_frame_member.png

Filesize
4KB

MD5
98873a7702c37ef275810cb82ad69d0e

SHA1
424ea2a46a059b861a0dabe781aefb285b7ceca3

SHA256
0cdab017df8c3beb92cb7226891ad5dafd803989c36f8b79c2c3caa22b237dd8

SHA512
c7ba996275d26ed2a19d4e64997ba6ceacc0f4d11644f11a0009def5cf8dc8215de8d6f437b31f376d8233b850916e643d13675ae3ced5ec36df9889c59b9917

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\black.png

Filesize
2KB

MD5
421bd75cbadc63db04aa158de0339d03

SHA1
f0a73438392d83f9bc51e9b3f1b56d53513c75c5

SHA256
a18329dc5c8ed5ac994ec734d639dfd32446e5289a23496854a0afbb068a76dc

SHA512
47b8b45407124aae7edf03f46f09bda13276b2d9e801d56ca00e468a49ea70d85b20e8c7027c84ae2dabd41f987e44047f9f93a3e19b2cd13a0eb5cc07fb3887

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\button-white20_secondary.png

Filesize
1KB

MD5
f87401241a00c9d8b773cf9c6d135282

SHA1
473c8b9b5a64c03f513f77f7e72e436299a5a8d0

SHA256
b49fc1407bdf0a7b317bb399d0ed7ef4d0660101f3be69df7e1fc13da3b5409e

SHA512
5e65236db85526c80e353ca2a5a0ab16489b34cdbcf554d1909b9537419f278d3a7c3acf5181f5a4765da1f56dcb46acc35183d5515ab5379122edf3d4f17fe5

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\button20_buy-primary.png

Filesize
1KB

MD5
116dab7f934dbb55a3f23df5962d3611

SHA1
b046ed811616c0362d51ce1da59836acd270e484

SHA256
5527071b54752e92be00b723139c530787926fa041713ebd06d6a889b951a9a6

SHA512
314f3061c438f1949b3fcc59e9f7cf64a039092c2ccf98665f62e7cde5f8f578364753136e5f9395abb972693bc087cbceb5b760ddf33db85e6f13d2f7a44111

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\button24_buy-primary.png

Filesize
1KB

MD5
7659358247dff687c84632f8df3d7eee

SHA1
3d429f6ba1a1d9509fa1fd8cf2bf6e9ff085db79

SHA256
fc3d5bbf51d8532190a51c1d73b15cafd3acc237e3d559d8e9e9a8b691478d55

SHA512
d0fe6ba8c47466bad97ec1b146ebe57d5a1fe47c2e914953f7d47958b34734bc1d5d0b030c87d01ee13d848b2714a736474a65ecb4c773aabc638026d7b741c2

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\button24_primary_buy.png

Filesize
2KB

MD5
3ba7bdb6e4846c0da8f4aa583fa03a73

SHA1
ac0df5222d9cd311de0039f8c9d35ee1bd7c7028

SHA256
a5f961db317625e268a404574397c93fa703cf1397c137d0300847379dc22b8d

SHA512
dee98d7c5ceb504df22b39e08639bdee0bfeaf2b58ce33d5328ab3aa1b380a21c41adae9ce479560362ef4ed4f39fb7679d7d0c6d687771403b8ffba81a6ccae

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\button32_buy-primary.png

Filesize
1KB

MD5
38c23937eccb6064b90f1883519e20fc

SHA1
31e43e299f1447452005a93226ba0b93e18179f2

SHA256
8bfed4d1501b0a26c343aebc5f5448d47a932bd8d29ea68433eca12612f61b94

SHA512
ed809a36b1377a1e16051c31d824612fa17ae3aeb5cd3003640522a112aca26aeddf94da6cb39c49cefca19fc57eca48f6a5a6db4571acff9c7e8d2ad4c5dcad

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\button32_white_secondary.png

Filesize
3KB

MD5
8d7e6a8bc046bc9df563152d5bfda43d

SHA1
bfee25fe20a4b73b1c08704241e18f450a1773d1

SHA256
5e8e91a43cf908dbe5d7bbd17e81958bd719dde3124a05128740d655f297156a

SHA512
7cf6aa7256d7913cab36c250491ba3fb498d3fe5329dd6f7681d59870ef51aba68d104cd6c46b9bea675a4e571efc0cf94c9db6df6450ebf9bc6a6bb4fc873ee

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\button_refresh.png

Filesize
5KB

MD5
f2b5891c3a42a36636db0d0f4388bab9

SHA1
02e38260bb9982393ed0883a234e55e7f367fe03

SHA256
1a2093b5c27e69e55a179025b5d63994a958265a24212a37289c7c3dff44f597

SHA512
87ae106b32f767afbd153776c655d1175fb9afcc5f286ec26a7de16e70415d6df10e0a8351663f13532160b87d0317a3727a75b64e7d16fdcca5fe800ccb38c9

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\checkbox16_checkbox-mixed.png

Filesize
465B

MD5
7de7e042783b24b434eabc3367b21231

SHA1
c3ea5b869899edc664c177b91c03f56484279b9f

SHA256
d2f8570cef25a67d9861e21d1c11d8ebc28a0d8e505ae7cb0c0ef32c73a17e15

SHA512
51eb521c17221f8482a5b215604bf4b04532858ea68723ca4f57b49d437c0e87dc0ba57bc0979d137a5a3423ef194f538c5e8ed0c9f2110487487e26c7f92708

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\checkbox16_checkbox-off.png

Filesize
423B

MD5
c243251ab3a5cf89e3bbbc87c87f5a49

SHA1
c817cf59e9ca3b3d50b531bcff9322a78c6665dd

SHA256
20c63ffe7b29a23026a341dae229f28f76b3a29dc393e5ab8daf58da112e168b

SHA512
28b210189500aace563243d2167b35c61cd0022ea5c592401b39331b535ef3e62b983d92f9c2ea6df32504ca5a273d792058a1ebdc54a3be16ce875a0e6743d7

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\checkbox16_checkbox-on.png

Filesize
710B

MD5
2035664b1addfbce6de737674e86635f

SHA1
9c591dff660cf15f9001a06e85a66e131a04d0fd

SHA256
4ec44af4c3c93b57845333aa47470dce85d1eb97dd0a3e87fce70c1508cf06ab

SHA512
5dc9fd383134e9bf905c3176c4f6dd6552a0b75af4fb202934577c046a3554e1ca7a8ff8eabc825e4226f6cf33d5aa13eab2b965c6875e313d9350e7d8c34d15

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\checkbox16_checkbox-on_mask.png

Filesize
768B

MD5
77ffc6e0d0659bc402d4adec6ac90376

SHA1
2253f3c49c5c5d35910c9d0fc3e0c76682d7207f

SHA256
b128bd0b6bab6819b92c6b21d7b1645a504bcd31827a887503089e5a8358effa

SHA512
50a14be350cbc0c479704475f7cb6c8040bf3225c8abebfe8d2f63d3fe3026a241ce82f5e70f2e4f6fe7b6c50668ead40f900834efa7d5f5731edf437cdf1a3e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\close_10x10.png

Filesize
172B

MD5
656125d5640fcfa1e7caaae004ecb099

SHA1
b4c312ee9dc432af1d56e004e1c24a06e803ef01

SHA256
c9b4bc8f6ea53a4cbb89c07e76061f0da73653644cfb361cee5876c6ecf796a5

SHA512
24daafaa985d3fe241aa08dfc21f8bb91295bf6a974e7f8f8dae5e0188285c064a586441c21f90eb4dd96225204a54f3fd84c4103d40a24525f7898f9fe6c804

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\cmmon-thumb.png

Filesize
202B

MD5
91c21c5f94dfc4e5a8a219c65832d4e5

SHA1
795ff680c1d869c06216a3e509754021474d990f

SHA256
dac887b1622deff0294118948752ae94075ef1c170cf584a09604147710b3826

SHA512
e552547f8311d6f3ada6dc254b1d2c60b0d8bc3d6fefa509b1c8f8c06668d28d89a734779ab44407953d55f4a95a84e3eb5fd0a07046ec7f907ce159573a4298

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\common_basic.png

Filesize
14KB

MD5
3ec662bc1d60c5b287e34c3d0f0e711f

SHA1
e032125a279e76ebe590e36855171775310181ce

SHA256
eb924900105400f830808c97459275f58e3e4cdd0a6a9788c8a8f109f7885d19

SHA512
7f209095c9f475cbd05a5029a5c221c45ab074f98a46b47b14d60dd994485c85586e0ca59a65977d3ef62e9584b65560df901671a9431ead9f56bebadc2403b4

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\common_icon8_chevron-down.png

Filesize
248B

MD5
7d91afbea09673383325484bc83ef16b

SHA1
c66b6c5a293b9344a7dc4b7055ed9e75acd25aac

SHA256
f2d0a179314d3f4ff4497a87cf4df5ecf2dcf2ee70422a43a2e2a901358df23d

SHA512
ca0eba99860a34f43015bff44044ff49d08c8949efb181edb51428a832c37143708bbd526c0fdc6133416d0a81957c8a6437f7ed0779a2b0e57ffe7d627af194

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\default80_avatar_mask-annual-fee.png

Filesize
2KB

MD5
62a5f1fe3c40202ee605efe29a33cee0

SHA1
6a38669ce0f0235477888c4643622671a396bd7d

SHA256
dacc59f5bd546a58f51a183a92b2e8ae627010e8e1255bc99f02fe4946e09e01

SHA512
368ff1a9ecf1102688112b1290622fbf37002b97f72182a94bb047c406718acc1ec4e14af3ced3b6fe05ecf98548912b38067b2237e8aeb730a1c6cb44741659

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\default80_avatar_mask-pay-life.png

Filesize
2KB

MD5
5ebef99b1a90f295e578e2ad00e06bb3

SHA1
3dd884f788f10167dce1b68fbe209c4b9837575d

SHA256
8995e5c87aab495b1fc7dc2ad0726f273ddeb7e46b0e86a99e716dd16dba432c

SHA512
75466383517420ff4d3fa91f101d9968cfd409b56695f3aa73487570406c2b8f659fa71cb9a34c5690ac6ce8a2816fbf2c63a966053d24f3f3afc3d31b41f02e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\default80_avatar_mask.png

Filesize
943B

MD5
cffd9cb9118bd7939feb65cccf7a3d02

SHA1
d1c6302f962e00339a0cf50a807d753f59fe127b

SHA256
6c686af9b53758f5d767afefa1c2cf888c1563598f44749a01d6d7a62c3d47c9

SHA512
efdb3ec1b1104327f68731c9907e957ceb4e511ba92ff35c7ed2740175b1f81abe8ed530f8dacd8c2ea3256c095109f744bb3a0364e0fe95a62b2ad1c9a61e4d

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\default88_avatar-before.png

Filesize
2KB

MD5
c3fdce180bd741bafb5fe05e4e435e0a

SHA1
7be9717bc87f18e287d609a82ad9a40ba858152c

SHA256
1a4b6125093f636e0a284613dcf2f5286c837ae9c61a650b0241df705f885e18

SHA512
308d21ff2ea7e4e756701e2d75379b71c9ad8fe0995e0487199bf67eec9499046911703b601041e6aefb09a302acadcee2b71842fd7df05cb56c5cbfadd2ce87

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\default88_avatar-rear.png

Filesize
2KB

MD5
40f15f9f87ef3ec969b2d990ac716993

SHA1
43caa33b838af572a19e0d6f4d72f973ce60b887

SHA256
287d9cb7f82aba922e3901e793c36dba3c2db054fd229f17faa5624f9b408cfb

SHA512
add6ad9d8bbec59e8fa204338b7529063127b61cd10e3de34cfd04eb7de1de3bbe0bf11c915ce6e40e015ef70a00e27eaee8b7aee63e6a6edc38a5aa41cf6f00

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\default88_avatar_mask.png

Filesize
1KB

MD5
427a8c7ab0ea3ec46c41a9ef8f12e0f4

SHA1
885866de01c8079e0f2bcf2b065c9242a0dc6176

SHA256
3939cf0e406894a1a5d699f51982d30b068048eaad595923c203741801ae9c78

SHA512
ee6d341b8af9e9ef7ec228f1e593b756295a1c9021d52e0572678e91bc84cb2315ec23c352c597ea284b03e97044b28dc8c8e918d8f747998acc0945dd6cd450

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon-button24_refresh.png

Filesize
1KB

MD5
cfabf5ac42724cabee6c2c792c045a15

SHA1
19ec4cce29dfd305613aeb7df49855dbdaf0a8c0

SHA256
8268e6798817db7c2d7b7bd552c79219ca67184b2817e5a45606e5a4b3cef713

SHA512
38d526520bfd042946f8aa5d54a610932b33ec1a59fad6488bb7958520e9cf8749e97f6413c328ad4b956b5c5688e3ded6e19a31ef12eae4c5dff9ed78199f2c

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon-button32_wondershare.png

Filesize
1KB

MD5
194412846cfd9e1decb465f491e36d60

SHA1
a18b4cecb9a9d7315cdffc9853cb10ec859915fd

SHA256
f256f0d63128c9453ad3b809c1517cc533037f6e1f0b7d3ed2efb80012189ecd

SHA512
54e53761400054487ef9d2e040c1215f7b50d15bee39db172d6cd18ba700e3bc4b11e5b6680e6256fc01c47650dd4d89d984a1e24fd6e4de202f42470b85b3bf

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon12_clear.png

Filesize
796B

MD5
a5c5fbef3dfccf7400cba292e6940548

SHA1
8af43c163ab78237ce3d6f47ce08557f93a00b27

SHA256
690f4b49db3705775814421310a3006b4eb36e78ffb2b69e3b6944c73f435ff7

SHA512
7a9b6ce49c299d26a7765acb9487c91581a6819a9dbe298d7cc5c4b0b5dcfb85d3a53902478f61400d38069fb9c54af73dac32b6badfd8e75968daa96ce8660c

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon12_visibility-off.png

Filesize
795B

MD5
42ff0eef54fa4c59118e2127dd5be812

SHA1
85ebe11d934e88320291374714cd9cf393307a91

SHA256
a3df2721a29f7f439f6e6da0c0644648f38a93b0b8e1f13ba68c9358b6d6d77f

SHA512
d944a11bcfa310418635295fa76c4408fa6a7069d2d60b968993e9bf97028ab91c5eab8ddd1038d6cb7ee2c63fcdb79f112a6fdbafed8ee3630e8c3fdf29a60f

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon12_visibility-on.png

Filesize
605B

MD5
7b32c7c84fa094db6e3d83ede07550eb

SHA1
0f07b0e6c45be674ee5cbee8daf31e7b829b3de1

SHA256
f383c108a508b230384f86241d66beb10fc4a4e93326e7aff44dcc05145b0a18

SHA512
0a1e005fa4fd3a462416fcfd43da63108dae971a34de88e4f26635e236243f4a4aa7d56dc617424cbd21ca74dd684935e4c261ff62773065adf21e94666746ba

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon16_badge-business.png

Filesize
443B

MD5
f5675ec6c674a644ef1fa52e5c54598c

SHA1
0cd6c1f315734724bf92842564fd1c39d6f2e950

SHA256
ab2c2514d429236a9f774cfdca2258d5a5bb426a703560556176c0b52f677699

SHA512
07905519c42a8c9e9d20ae3d56fcce100047bc8dd22dbf8a5e09687d57b8060b40acbcf474d59f553a7a5f43bc4edb8beb5214f2f03a3ba459ef21d0a9415e0a

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon16_badge-lifetime.png

Filesize
425B

MD5
96c5377d3e4f27f27abde0bed2baf6d4

SHA1
228f5db9ac107cee8982ff7bf5bc87e2282910ab

SHA256
90a604e03eec21eea5de85fcad7340e600c94c1860f89ee0f9e04751b34b77ed

SHA512
82ef230dc6c65159c0ff690cbccc44035381a993291e08f343643de86b64a49706b944c2c262c108b3d3d52b5d9f18e7cbcf9bcd846aa110e59f119ecb2e9b6d

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon16_cart.png

Filesize
413B

MD5
cc1a220cd0c65353a40a175cba57ac54

SHA1
22b77bfa4c789c6e937a8dbb5b3d592ea95e7546

SHA256
af3a171e9de05d7b1caecf6df971d221dc7cf48e5c964d9b0b5d490ffb20dff3

SHA512
b517954030ead044f5f67be4b79a7ad0e50e41c43c7c063e8289f6a072aa22b3663861caaba2cda28a97dd2b8883b7a7843794aacdd2c27af6aef50483f33151

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon16_close.png

Filesize
1KB

MD5
277444dd49e5d822374be74fef43cf51

SHA1
6c86e219a4cd4669cdf8049ebed5a3036eed1e80

SHA256
5aded8d8bec23ca1ef4d52fa5a5b4aa962fd984b7ede2b0ee68c425376f20a08

SHA512
573e3f258abf5e2d52af273863465d4b6a70d7648612a53bf40f82afd8d883420d8d908dc153131186f8c5826a11eac3080d7d17d57931288cc811fbe59832d4

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon16_close_antiwhite.png

Filesize
1KB

MD5
1567bf57c33e611b4b9bb0ca83e369cd

SHA1
9c7f2a0b87dd3d96ce28a62e1fffc29756549917

SHA256
adb596a731de85c03d6f9bb53fabe7856ac165f06fd5d4aa544894890af3e9a3

SHA512
b1f5b7bdfdb87d47f8b0977ca8b0fa282b638979c0862e9f309f8ee2be0c04268d5a2b4cadaf27baec1a2eeee9a604165158a1adaf0d40752a240c3bc2123bb1

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon16_feedback-online-antiwhite.png

Filesize
252B

MD5
3957c180e738deb6ac9b7333d650d3dc

SHA1
280f218b8a5bd022d5ce9fe90ce4b48374f12a65

SHA256
536f0694fa55513c18793b1d8b23bc8fa9d036aeca6106aeecbbffb62de2ad35

SHA512
515ac2202d67861668db69e4612c44e7216cd199f979e155604c100df1fdea9ad8999c2ece187855ae1d154eddd1d6157a526605130a6057643f00d7d04f03e3

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon16_have-not.png

Filesize
259B

MD5
90aeb5de563abf0be2a561143dfa0b48

SHA1
eecf07d3d2194cb6d08a6aaa96ff241c8f802086

SHA256
00a14f64a629ea204f852c4bfe9190f056b322655db605832a5421ddbdfd51e1

SHA512
ce7257bddd7030d01ae440fdd6166c6f71e51ae919974d5c22bc8f14a170d2c8a06dba8678986495b5c28c2adcf556e9be4d46fc4ec4234bfd51e11d046c0798

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon16_have.png

Filesize
260B

MD5
5b70f78e3d001d0301afd717c0161196

SHA1
ad61a609d4d7948f32f4f0e61346a4369f5a34ce

SHA256
908af7a44d2b15063650a60f12bd99d4d70cdd89e55961cd693513f80bb66f8d

SHA512
2c2896b5bf45354d91a8ebe5d5bd59d45fa04e03f5cb9a099008d679bfbdf5c58992057e5cbda224a8273445fcb1380c02ba63fe98a0d5797a078aa3ab6b20be

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon24_failed.png

Filesize
291B

MD5
fecc6775a8715c9425c8e067148c2cc0

SHA1
7edd786f474ccd2967b09f181627378f4c746a92

SHA256
1ae673bbb846601078a610ce15fa43095bf6f6fb2fe3ce5f9d4551a9d0da875d

SHA512
d0e4d89433b152cb426ccc6f2ec87874a49223988add2cba815dd78065f7ec207112693c9aa28a3cb60862e2bcc4c3f0bd1b2f4438b25389b2b1a738768a79f8

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon24_feedback_antiwhite.png

Filesize
375B

MD5
9f81cfa9c023ea6fc0d81f7e73fc3220

SHA1
eb83f89191987b955b74f31a48c3ba75f3e38bef

SHA256
3db2d9fbf612de49e355c928c7fd79bebaf02b31f596e390258497c8f727c3bb

SHA512
7671efd9345b021e451050fa891df96c33d3c49e691626b257a93243692b917312076cde7d35d60e80a347f251fe1ef54999fcf72e075a922c73a3a98bc58ae0

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon24_pay-life.png

Filesize
1KB

MD5
25ec75b44c81b9a575687bf390861cc5

SHA1
118e54b9fb7d54360de427a2828041164f1a2c9b

SHA256
b0a71cd818942671070605ac247d78748fb191942b52707aac0ff4372b129535

SHA512
0af0de0e48b5215f7d72911ec0d0faa32b4e73ad83e135814a351dc65cd4d9637823e8d2fdd32719c12619dd41fc1fce2b342768bd35ad740629ac2ba5c5910d

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon24_successful.png

Filesize
300B

MD5
3babae8350bfb1a34abd96d6bc304ca5

SHA1
72734298333ab9268a93e0bbad880a208d3fda2f

SHA256
bedc584bb71b2c1e19aec1989e2b2448728272f14ef78795ac6e5c9099f8cb59

SHA512
2150d7365e3268177e70a554033dd620fbe30e61bc5925458ccb8aec4799a8740d816b7db5282a0e67850f1f9a0f9946510b0ef0c59fcf9094e943db4fe3b53e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon32_icon-button_qq.png

Filesize
2KB

MD5
fdaa031e843ad0df351fd3d201a22b04

SHA1
9be365dd00baa2e9136584e13ca6d4df66959c43

SHA256
b6d380553b86c55f6aeae93d0f5a98f20104754e0276a6e845b08460ccc652ab

SHA512
fe56fca13ac4a2536222dfe4cedfb329921976056cf2f7d4ba98b4f614c715fb280a9223a10cce962700e63c8ec5eb19d4ee7cce3f0222ea7d97e8221cacbfc1

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon32_icon-button_wechat.png

Filesize
3KB

MD5
fe98722fb0a643cf2524cf89718e6ae0

SHA1
c0c58f1cd9d678e1b40bb0462a3915a0295c85a2

SHA256
214175b4d312f0822d262fb9552c4a97c984734d66944913727592073bedf9fb

SHA512
9c465e6d377882813fd033f28a95b4bf2f7337a665595abbd24a004ca33c254dc9047533e8422fe52ea5f683b418063df34b3e921e95f9d821fa20ad67d65045

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon56-failure.png

Filesize
1KB

MD5
32ae549733a656150b7a8ed6e6c98e0a

SHA1
6088306840d4572b84a03d3109ae5742d5c76808

SHA256
2836bebabf5aaa42ad89be3a9b880e8765c5f551f35be59dd090307431b7af1b

SHA512
937033f9b61b289e1d43d52516c48a5361f9963a1e0866cb7da34e916e88b06817462df3e59667bf7f8f87a6a45c6a4105a703d4cd0855ab8ce56ea5c9836467

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon56-loading.png

Filesize
1KB

MD5
c2155a73f0b389242cd9e881524823f0

SHA1
6f85c8d8691916a00cb978db95ab951bc3aa07c8

SHA256
e4a0528723d871136631755480be45cf5c04bdd45b5ccda189cf06a782f0f2c9

SHA512
663cb64013bcdc68c2dd2e2f64fb8e82a923a0bb4907a383ce7fc0ed50c3e3f5a161b083694ce24fb00140c0fed02391c4a9b94035723a34b415cddd55c81a7e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\icon56-success.png

Filesize
1KB

MD5
60f4db9460215863372600c73de60634

SHA1
aca4f5dcf4df18fa5563cc466303b878090f43af

SHA256
635b95708618907e3d740c8cd7fae515733a96b3f3a329e1cb18681f627857d5

SHA512
3a385e46ce3a87b1a709da6274c8c65f02fd956b6e299137b2b11c9db47574335e11c010444c110717a746809343af7d556443691ba8f18d9050da5dc734362b

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\ws\is-D62KO.tmp

Filesize
9KB

MD5
0b2c7e627cc3fd83a6fb6c5f78af8f71

SHA1
7f4c41b77a9e39900f6d67023bb5217c7f5a01ed

SHA256
e73637d4ed5a9cbffd05f2e2949000538cce4bd971776f4a45b4b8d56783d952

SHA512
4ae8c77c296d05bd58c0c8f9458d8b7e094732a4781a4f7432a6ad73d76ea174ae72711b350f9d0b8d487904a80f2174bfa30bb7ad474d0134aa4608e75287c2

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\ws\is-L913O.tmp

Filesize
7KB

MD5
31a1def6a2dfb7e541392db33863a26b

SHA1
46bff4c8561e0c606d2f038e79647ef71d92f2f5

SHA256
205f7ace6640894799b053ba9b49ebd14d441cec0e9ffe6e6a9e6e8e06733893

SHA512
71488d663f28528440f0c05a2a7b7a34cc6be74172311e4a4b627d9fb2db03e87b5e924deb3c647d0035527e23e45d9412f932d5cad03a097dafd1cc4e1694e1

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\ws\is-OLL8P.tmp

Filesize
3KB

MD5
13f1b188160720a71af9042a826f6c54

SHA1
eb3f36e4f1fa59aab69a0321361c0b516e9bacaf

SHA256
74eea94510ef769a008aa8f8140e78611a7fc2fbb87cdcdedf58335546bf4358

SHA512
9f2d1f796924e1041e4c3de146e4a5f089ebc0ecc1351a0526c7021d037301e155a7e3f3de8cb26efb79ce2e0b85dc388a032e1733795fbf3396dd95d0cb46e1

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Transfer\MultimediaLibs\is-7CKLK.tmp

Filesize
168KB

MD5
3a505ca49c5680b763997491a45d4f7e

SHA1
abae4fe8d087a654aec8baf13caa0a60bb3844a9

SHA256
cce0aed1987f6fc8ede5229d9f609b3b3693fcb58c866d53d270399a5b0de074

SHA512
026415e672f9249bbb8e0a4c09c203d430fd65fdc2cdc24f61781199e296d8fab14f52905852a795abc445fc80b256c45c5880af9a64ab5d70780e9e5e628e23

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Transfer\WUL.Zip.dll

Filesize
142KB

MD5
a6edfbaa6bae8d8faeb9519781b6df6a

SHA1
aef5b7fafa64c0037bea385d700bf663321242a1

SHA256
340b98c07cb04f015eacb899f0ec307eae88c4930335aa5737d4c517da618415

SHA512
f01e7441121169ef08e9347e44ebecadd19dd23002317c6f46cd1ef02c293ee5a8eb9826df50153f6e286dd3374066de8873dbfcca2c9b329d00bd26c0c17469

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Transfer\is-4EOOD.tmp

Filesize
2KB

MD5
2aa25646584c234f3c09ffe3113753c3

SHA1
ada6a017195703c4fbc36235fce1a68536972b36

SHA256
bbdc8182726a41f766ec1c849cbceb0ba6203353d37b6b218e8721c53cda1572

SHA512
5b88396e148ff99f7640bb3e3d63cd22a9bd920d6ddb69570561b54d2c228a8cd2c18a867820b15b698ab67dc63336764f37e176285a3b3302f4b30c7be396d5

Download Submit
C:\Program Files\Wondershare\UniConverter 15\UploadRes\pythondlls\sqlite3.dll

Filesize
512KB

MD5
0734cb3bd3abbc19228e6a1f383b1f42

SHA1
8e92fe641ac3f9a35d24efb0a20815b4c41f8358

SHA256
e97ef947b52a8970ca35a40dadae19fa9b4d12d446079d11fc59349a2a0e5ae4

SHA512
b7d02808a2101b82eb3e34992e85da731d9559a0499e3037dcd8bd35feb064af41713efbc164ee77b80055d89e879352170f79545b6c3141b66440be7d759b46

Download Submit
C:\Program Files\Wondershare\UniConverter 15\UploadRes\requests\packages\urllib3\packages\is-B6SBF.tmp

Filesize
32KB

MD5
7c55d43afdfb1fa830835edbdd283c38

SHA1
c9df234b93fe3f43b0a9766068518a8372608186

SHA256
3194eb5336b8ea6a37b22817b649a95540721ea7184b602fe76843cb4c9fc39f

SHA512
33699a846a745e6c14fb6ca50d0ed5273d738a982f209c4146098c2712419b1731990f6892528c668c44907f610f1cd9ee3d58014c00f048694c83802a4b5164

Download Submit
C:\Program Files\Wondershare\UniConverter 15\is-VIJP9.tmp

Filesize
202KB

MD5
103c351e5051e875ab540faca321035e

SHA1
225a6f3544a0d6ea5c3a5fbd24c4615c3f9097fa

SHA256
dc285c100d5d2495e98e1c4ddf3924343dfaae989aad86c733f94f25a502832e

SHA512
71ef1acf45f67e84f9c2a5699245b581188fbaa6c2532d33c318bafe33f57e2182f794f534f3448f7db0dd408028c25c20769678b80d9add49d69dcd2aae8440

Download Submit
C:\Program Files\Wondershare\UniConverter 15\unins000.exe

Filesize
1.2MB

MD5
dedac36102dc0b4c124db2a305671ee4

SHA1
90e5c39ee10a499d4ad1a25966989509ac6e1020

SHA256
87a3da0b861cf90d2e34fe623eb53acb7bf1a98a2051094622251d77680d3e13

SHA512
5b029fdee32e7596cb4e74320b2982c19e3066f9365ca9139b095add5d7499d22963e13859018338c6e61083166d473000a45210fe5bea3421c3f5be87a37891

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\DVDResUpdate.ini

Filesize
95B

MD5
53b7067dc642f79f0eedb6242cfd49c8

SHA1
2cac9f243eac4a9ae17749854cfb4ff518c7a4b7

SHA256
9c394b075a0d8500f69af45a3ed140b8a77fa5f30fca210a906567af67241c3c

SHA512
11726ca477cc6105087bf75aeb40a6db9f604fa17ffa0612baee939b616cadbcee1da374a52865a798d495ce167a3e2802cb761e2f40f80c3e11ce4c760bf445

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\DVDTemplateInstall.exe

Filesize
35.9MB

MD5
b2264f69ec3f6e0f8a59ff19fe2268e1

SHA1
02168dfcacac83c83a48dd34ddb6e2a77fd43000

SHA256
74aa9f4e6e9cb75597bb472a127558695dc3b44e5b06212f472daebce88ac54a

SHA512
a8731fbba437530c5d289badd19975d2dbc96e12db6d45ccc116f3aa93d7cc29dca0a39553ee0b3972dfffc587dc94cf2c096f6905495424ee7d24d9160b4518

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\MenuRes\MenuButtons\29.png

Filesize
1KB

MD5
a5faf8517c41cdb4c2909f5acea52cac

SHA1
7a2cbc4dfd5d8c7d328012dae13c4722a22f7dc5

SHA256
baba67cbb37d7d21bb0907aaee982e4ac72137b924e9d1b9b839afc6d3a13dfe

SHA512
f5ff7f702f8f444fbfaf8a8d9ff7171615da1dc3dd9eaefc681259d5fa8f3aaebcd3ff7e57fe34dc3b8974c30e0d557165fe560826652f29e735730bacdfba67

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\MenuRes\Template\Sports\Mental.ini

Filesize
1KB

MD5
3232d7879ef4baea5f631b93214eadd7

SHA1
ef6dc0364ff21504c8095b2019d8fff4999d5c9c

SHA256
df97cf1ddc9289ebcd362560d2a57a3ec999e25d31022ce88ab295671b101517

SHA512
32fb6eb7971af6e2bb3f4a82d8b513dbcff20cb936887aecca25308c8359a3c4bcafd260432bff4e12d8eb4ed863e3db4ad74fdba120f4495a98963bb7a7a796

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\MenuRes\Template\Sports\Running.ini

Filesize
1KB

MD5
f415ed4942f27b26c7f875aa8b9600d4

SHA1
4f3a0e8d4365aab0630836c3487cc7f41e3208ba

SHA256
a04f716c99a1e9fe5c3a712a92eb2424b503fbc3a6994f7a8de0455101d19e3b

SHA512
93f7aa24b372517f6e5a073f9e9b3dc80dc7d556563f81e3f2adbea04b4f4564c8f3294d1ec4af52c79e8186a2edd3f65a560de28b7ba4f7627450c898aa1767

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\MenuRes\Template\Sports\Sports.ini

Filesize
1KB

MD5
d6dd4a0e61977bf168c7883fba01b242

SHA1
f5515a2c1075e1656f4828b2aabc8f9c99704631

SHA256
1592677079dbf6100f4178e40ecf689c95aebea6c0529b457e1fecb263a4e37f

SHA512
33646d37e23696bdf8d3fd29e5364105db9063ba64775fed2a9c7907fdc30d64e0321bb00c3de2d0518039c82deb2c0e5457b52da60b0a8f8bccaf888470de8d

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
1KB

MD5
10883d6e7514b50b2d54c8e69d0f71bf

SHA1
56a974601adbef54cd369341b2dffc177a98701e

SHA256
c25cf6289ccd955967624adcc08c9f168d77cb29ed4a790523308c8c321d241b

SHA512
4fe8dec5ce83b0d704a047b97251d8c215e9e8ed04489c29cdc0f3202906519efd2ce20f53a401925214c65c4471307770793164397607401083bdde452587ba

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
1KB

MD5
338a8af75ab6cdc4d9c3bfd6d5545492

SHA1
ac6e527d81a42b3bf2bd91014d3b3a0caf948ce1

SHA256
8a78d344db03c7471694a735998e00faf13fe1e1af0e2a447228b86eed303652

SHA512
35f5fba30b2ff3e06078daca99e8fd22b63bfa7f81eeb5b909250089eeae8f040ebe50995cc50100a274ee3934a81b79c284977e5eb1b27bc393b06410c10604

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
1KB

MD5
8a6e6d090e0c199236744ea0a8ee40a8

SHA1
0a42bc06c32b994e185d3216f2360da02e09c042

SHA256
88a4504d59cfd849a19bff5d7601a01fd84e255e44441e0f018327229e4fce50

SHA512
ea440663d9ed5498ee4a1a967da7b13f3c06cc160cbd30e43dd1505efcd46e30e9edfdfc80a3f13882ba066a2c076b3831582340be53733de679adc7c32065f2

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
2KB

MD5
62ffdff04d2fc7904be5c2f7c3f6ee4c

SHA1
e28493b1816ba39c1c1b538883c19cc6b2358af7

SHA256
9f10f8339f20dbb602bd9fd3281447e08b7cc5e9b168b5c22223c834a07e508e

SHA512
dbff93f4db0759f33cd5a2783baad62d5fc75f71d045e0ba6c44796f28dda8b3e251a25bfb411251dc8a10483ad84b4c0215b065310331d3d788564724c5eb77

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
2KB

MD5
9900937481890a0e011c5f3af29cf4e1

SHA1
a25cd5662a44375f7cb4903002317e0238f6db06

SHA256
4c2cf3ffc16fc1e1335d4caf0a12fa1f5f12c78ac2acff35b6b53093c652b910

SHA512
784ea17402ab6d9d4777278240025ccae8958f577f032a73ca7ac9b70b88b8c51025d084453793910153455513ded6c844265d0472808a9be7def87f1c180ad0

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
372B

MD5
f8215fd297b02b92f8997f27e9855de3

SHA1
453647bfbb86b494990ae5848d47f7489fe2c6f2

SHA256
d9bbba113c107c54b89ecf42805473feda904cbebacd28b811ed5df58813eab2

SHA512
f07c8178be414648a9f15d1d8820d53b6365ff700c79b27502735cea5b725cf8b9b4680a2b268b2ec730b86831d8778796999bcd99ceb355e8a552b02ce72c34

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UpdatePackge\Update.ini

Filesize
124B

MD5
d1c5753b2e5e881994857ce1a2ddb3d7

SHA1
d934a324b0f4392a0c270dc661c3a2b990e6f894

SHA256
559460287bc56b8121d320b7683951b6417b8063b17d0ef2b8fde17aafcabe23

SHA512
392ea28603c446cb55ef5b13b0f4125ff8d37549f0acd03a95942b0baf8aa6048cbad7e881a30d5903e5aa42e89e7e771ad94e542111ef9591bb7edc1751f2c9

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UpdatePackge\e5ad0bac2e8eccecfdde05ebfdd99f64.exe

Filesize
7.4MB

MD5
e5ad0bac2e8eccecfdde05ebfdd99f64

SHA1
9287a0db51434f957aef29eb01c990276281f425

SHA256
b549498b6c666833064a46303e6575a43f35a594f0e8735335e287c86c882b9c

SHA512
2535198a33891f986d82a2fd9b7e4bdec2acd667ad3e20dff78d8d4dd754542481315284c4fc800ba931d877849eefbe8691743d988377c83e27ee98b3bee019

Download Submit
C:\ProgramData\Wondershare\Wondershare Creative Center\AppInstallInfo\vcu.ini

Filesize
251B

MD5
8af808634167c12796fb350c8a9ef450

SHA1
4b8ac399c7170b9863c45d6221ee3c8b44604345

SHA256
341da4e90d945c8bf5faff1852e8e729b12c2ea8a83d731f7956bddd65cc0461

SHA512
eb953e5baa5ec443186b011c42966596337629f679bb22016c61a341eac3540bd5b9c4137f37ffb6fc2827302b734af6d1940db7b435338d01d224a8cbb28263

Download Submit
C:\ProgramData\Wondershare\Wondershare Creative Center\AppInstallInfo\vcu.ini

Filesize
116B

MD5
c688e4f8cfb6a71708f1c4460bb9a8f4

SHA1
1c7b91ce91d5616491ee6799ef96b4fdffa86616

SHA256
d8e1540213fcf8c4fa82a7925e652c66b26d924392f8232ce8f9c8ee03d737bb

SHA512
367a8ca8175222e96df712fe3ac580dcdf36896861a180fe78c1005bfa7eeab6fe890488a88699bfe8fc0ed176759eb14d033118ae873be41265c7e42115d741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
5c18fef9e38c06e30ee1746d2fa72e1e

SHA1
a8b416336dfff54500fb9855e299369c0753ef4f

SHA256
16b7a61c048612b0fdb4153df7c800dee25aa3797ff1bf77aeb6bfbc28f97a2e

SHA512
c0fa849fbfec1ee5ffb9f5a13d7e09d7ffcf659304a84f826423e6af619a375233e7026d4c6c18f8bc9c1bf0ba7235b60800d3296978caff5056c490a75b1ac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
46bc1efeeb44e87273ce18594ac8a60d

SHA1
cfc763dbdb0d605ec27915c9ccc5b35a1906c4aa

SHA256
0fbfbc73b16fc56bbc4cce9d50a1a6aabdcb2577ad774d9d495dc8d1f80c6610

SHA512
4ea55e15ab9c7c933e3084c356d8af2f394d44f1567f9cd4a39d62d57c148e276404f630cc60a524f848453a6ae540f384bb0a560f0a68e6469af1c453518ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2f2408b1b074aa1234a188eaa5a3016

SHA1
6af345ea64ef59dd0752118ff5cdf9ed978193fe

SHA256
6a5d7528dd6167bfe44db93e74dfccdbb1e7d814897eb4f4964c2130a1797bb1

SHA512
4e22c4c37df5bdb07b377414a07b799fc71d9df8160692f6e8f7724452eaca4391a424b8f723d7ab8ac0b888bbdbc15fcbc24f4519cc0dd2d63c8441eba22aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a00fa32742609ca913e5d0b095f3ee78

SHA1
c6daf923f9a3bf85c28dc8dd79f520f888d44779

SHA256
059bd7580b0388cda8c5bbe017a418727d4d7f0d407a4d5620f7870a0288e582

SHA512
f51e91f299120e171b0130ee1954ceb26f55cfe0e03f8b0498d9a50b4f6411e3460c1fa11234f01362ab75f46ea223171251967c82a0de2bb0a1b958cda3579c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9e388f31b966f895862c52ce176ec242b4e129fe\index.txt

Filesize
105B

MD5
936552982f9e2a866f2826024fae589a

SHA1
f752f73229a893ba429f0921276212180df61fee

SHA256
9fb9d5be9d19e9bf287b8c939728cb280f6c805a043d4c41dec2e68a6184ac99

SHA512
75e0465921d98b46c2ccfa2a3629990eaddbbe19481f4982b2f8d7a8f64cd691495856b957bb0a824b4aae54afb99d72c7887294c12d9500f901f543d17846d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9e388f31b966f895862c52ce176ec242b4e129fe\index.txt

Filesize
98B

MD5
c7e99dabd5f08ed3661fd9274458eefd

SHA1
2e666c23905f5f71e708b16540c6d10d3a34db83

SHA256
b9467eb51748e550e178663126ea43e908599839fcaa3e502c4fe16022c53cf4

SHA512
dd9476b86ed150832fe0b13a25c395afdbdd08396c6f9e9c54e8460930a65b191b9977a7f4e578ebb5f08a0084c954c841943c81b28d8a6e1a0f672c4148c93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d415e5ea4fe93e5fc82a143c1fc8ff17

SHA1
efa836040d50ed67ca114283e8f485174f5016d1

SHA256
e66443a512a1df79cd4a392027b5bff97884664cd69e6cd8e72531c7326a1b17

SHA512
3034d737d232552977aab5756c044c64666d4da1885ad976bbd88f9595379745ab25d3b8ac9bee296bf7753074b4931d4c92e5b6e03b7e8bbd5f02a16e1c85c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59cecf.TMP

Filesize
48B

MD5
9691fd6a23513dd9755496ff50703325

SHA1
a11cf7fd48cdab4498382cf93ca992d9d34e9f61

SHA256
d2c866da5b84413472a03b2836f0ca124b05cf854891a08fd70dd6b3d149550c

SHA512
b6690170b89d760e2c7ecd292e40114689c7d5160afe6eb551003e67a080e6b9f27a9cf011357895fd05c2f331242dc23429531b47081f86ea898163506eb412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6d77bf822113ce24050c53c5ebcbcf15

SHA1
2482359f23ea024b1ca4d53c23d2bad9468ae1f6

SHA256
9a856d1d3d27c5b92d4fee05294bac7ece6494fdb4013eb068918edd9a304d1f

SHA512
84674f6a5bd648215f47e8ac9bb652709dd462b8e5f66681993527fd0e2a2188ec4342df3e4ed842829a8446fb92e43727c4263d7c32f364ca20436292a9648a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wondershare\NativePush\wsUpgrade.log

Filesize
952B

MD5
ef711a5d3e4163d4e2c5715207d809be

SHA1
20e49a2b90e12d39cd4252e50f3c171611666b8a

SHA256
ef2a64113f1a8ce75e3c1534f54a95534f8d8eebcd76a3d50da73c8431753ce7

SHA512
f89b32bd6dbcb6ad598c23b8c24a113d3879e08ee7a0cf146ebd89dfb00d8d1601fba79b4c5a5c82654554335daadcc5b37ab3012fdf92ec167b0fbc2a6d006f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-39HJD.tmp\WSHelper.ini

Filesize
4KB

MD5
c3d37313bf465f6145bb6f9bd845622e

SHA1
1a27da4300e997e07da73f2916483862f9fe1fa4

SHA256
1b74775c8d88a46c6f1727029a4acbda6dd9cd1bf5298a3746ce104e0da8f8b6

SHA512
4e92ec23d618e8ef2559be1c5d2cb243e2eb074aad86ffb338e3584806953efdd22856847a35bdfee1aa77756dc2b34f526777bd6fedaf5e4b982391d31ad2d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-39HJD.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6PG3D.tmp\Customization.xml

Filesize
193KB

MD5
7675044bc58af17f4782f77308a9e17c

SHA1
09022766d4dc709124d5e2df70ca43f21dbb2848

SHA256
df721c15517653258311573823c428e3499e0a149422cfeb90bb0ccc98560ed9

SHA512
ffc93b8c9a670bf810a6e33c0d139d3f4d72882fd937e5aed77d3b719b036631c13eca1d675708516df975573528aeccd333496bb0ce8942aa6d3528ead9c3ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6PG3D.tmp\UpdateIcon.dll

Filesize
53KB

MD5
ff7af576017cb8304cb66c957ef11a0c

SHA1
e59a553ab9ef3a51c0d81551707827139c6967c0

SHA256
5af33965e6111e81d60e80fbc13368ef8e7cd4c8655ec70200fc46d32afb78a3

SHA512
ef4e4877256751f60eac2890c2a822dc92b9c9ff01e2b0fd989d2038bf1063833b194e2b054e8225a0e99a55b633b82dc9b860c3a552104b3aca5ea41076829d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6PG3D.tmp\WS_VersionProcess.dll

Filesize
112KB

MD5
055e317aec4c3b4f6dcb0a5e25cec512

SHA1
008fa14c33e1e1bcd2e4351a42b8fdd48b9c6871

SHA256
99e1ebf9a737d149d4a83913afec610e9ee3fccfcc0aa79e8233c6a4544f000d

SHA512
202297d9348b451dd0b880b4396bdfaf8936217d1aa991c475b54183ab0df821486cc587be42f5467399890bb11928a0c75b02cbcdb638ef46b71b8f4be665ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6PG3D.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
526426126ae5d326d0a24706c77d8c5c

SHA1
68baec323767c122f74a269d3aa6d49eb26903db

SHA256
b20a8d88c550981137ed831f2015f5f11517aeb649c29642d9d61dea5ebc37d1

SHA512
a2d824fb08bf0b2b2cc0b5e4af8b13d5bc752ea0d195c6d40fd72aec05360a3569eade1749bdac81cfb075112d0d3cd030d40f629daf7abcc243f9d8dca8bfbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTCF.tmp\uniconverter15_64bit_full14204.tmp

Filesize
1.2MB

MD5
f097443bd4d923815bd21753e33760bb

SHA1
d2326ed69caeb9fe8f2fa91c8a709f8dce947ce6

SHA256
172cb4e4636cae5f7786e98bb273f63d58c9f4e17679f5083c70dceafa4a9918

SHA512
06cc8483865730e5e30a9ae3da90302e5d79cc7d02fe37f24418064465c66b045e8e7aae55e872a5a436d54a44ab0ca374b4bcfc11c17789f69e5e39328f7432

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC162.ini

Filesize
835B

MD5
4fb30672c93503955ec0401044e2d1d9

SHA1
bdbf813fbf9f0fd0d292cb5558fb79e3c68da002

SHA256
b5bdb967984d440ba1bfc72290e6b6ca4a9901c1b1b85759f48cc7bfce4eeac0

SHA512
dbd18b9d6cb2375e2ab23833d87f718b2871c073a175660c7810aa690f04ad97cdceef580a0752604cea1d98901195fbcb12a07417287f55b072b378cbf2d7c2

Download Submit
C:\Users\Admin\AppData\Local\Wondershare\UniConverter 15\TryUsePrinciple\TryUsePrinciple.xml

Filesize
4KB

MD5
3992e4dd29483ea8a62b1f014e7a904a

SHA1
bd503c5e6a91f1d1900ed59ba2c1cbdac35fd900

SHA256
319c3d7e457670643722950ac5c1dc08d420a209650fd62ce2a9040721c3cd5a

SHA512
2b495d33ae94d663c82af1d3f61ae75e692b3148412413af029fee1a8da48fca0b01dd952bf0b7edef7f57bd58c93d06630dc7b4cf6d4e6a2fe20c648271bd22

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\AppleiOSNames.plist

Filesize
35KB

MD5
67dec0321e35f207aa00cf4fbec032c0

SHA1
49ebf07d6e1cd1f9d0dd063cab5f0281cbccf8f5

SHA256
66d0ebd66c3734be8a759cfecb954ab0d64d32adb42ff46f9b829f9fb986450e

SHA512
fa5ae2e0e22f0450ac6a47ac951a3c288a1dc8f870286a33f63eecaf82d4ee4b285b3593abe94caafdd07ae6a4a77e6586afdaec63aa7e280b4c3b1a0168ffe8

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\DeviceInfo.mapping

Filesize
711KB

MD5
3a037a9c9ab6b9372cf4480ffed25c4b

SHA1
6b74a37d784fada60a8e083aa80f9e28a07ae2c9

SHA256
681031199a372f99f0a283dab6accc642b74aa5f9ad3b44f084007ba8fd30f94

SHA512
a5b2b862a25e3c7e5c1d1631a10f550f4410047cd4d970d823c0621ebdc16446bac6d6398d385231e42133ff2460ab3ddb1282854c599c8e9de888a4bbbcfc0c

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\driver_androidusb.zip

Filesize
5.6MB

MD5
2b0a599c93b02685a429811652598d46

SHA1
465b8b8c7e0a469b8c8eaecd3e2406fb5060b57d

SHA256
7fea8083639e4f8466190cc980dd49de463c7601d127af3385327f0550d8a28a

SHA512
a06bd46bc983937bd08a2bbbd718df44b2c7978847d2dce56b97d6a714ba86e2b6efe5e7df19e54faaf38dd5584c2e68526436ff45af0a32d56e2d2cf3a92450

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\driver_appleusb.zip

Filesize
3.5MB

MD5
fe16a38ba51f64c653ba39893c748044

SHA1
011156ed5627afb948ea06130efaa5d65ea66fa4

SHA256
2347c6b73267ee35ea62eada7e9cdefcec6c3dbeb8ab8bf32414643661d9db50

SHA512
3cfd846817dd7c5d60adbc9842e825bbcd82294f9bd93acce33d465e3c9cd45ed76f945598eb0f70d176cf8ad8c2b3e873276b9884f5858a4dd43235fa1eee1d

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\driver_resetdevice.zip

Filesize
44KB

MD5
81447f93aba874682c33f038c2564d9a

SHA1
166b77513e0e82007133e48305cef1ab759d5b38

SHA256
6fafb7a4ce1670b8eaf523371db369474166a73830c24442cfe87fbd98642a37

SHA512
ff13b5e196f3484eb67e16760f86eda4c81bf9709e3a6e17a6d46a9d71f6061b55850b31d303f8a1af511c98455a5edc4894dc0dcc3dd7cdf410861a7b6f3982

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\iTunesVersion.plist

Filesize
9KB

MD5
d45ecdd40078b6ea9699720e22bf2ffd

SHA1
5846b1ce642736c46f8f0164d4658b0370383d38

SHA256
4f5dc4aedd8c2dcb3af00f40ae9fc9c56bc0a1a0fabaf342c2e80c3e602e2875

SHA512
a43344bc4e0912287a87495d762853b7250c77623efeda63f10a1d784c54ff4a4e2e42ee3226d71e0ab81eee9ae359546bb867ca734aa6bf22f4b29bde83495d

Download Submit
memory/920-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/920-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/920-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/1140-11589-0x0000000000AD0000-0x0000000000B88000-memory.dmp

Filesize
736KB

Download
memory/1140-11593-0x0000000000AD0000-0x0000000000B88000-memory.dmp

Filesize
736KB

Download
memory/1140-11592-0x0000000000400000-0x0000000000612000-memory.dmp

Filesize
2.1MB

Download
memory/3544-11623-0x000000001D100000-0x000000001D10C000-memory.dmp

Filesize
48KB

Download
memory/3544-11624-0x000000001ED20000-0x000000001EDBC000-memory.dmp

Filesize
624KB

Download
memory/3544-11625-0x000000001EE50000-0x000000001EEDE000-memory.dmp

Filesize
568KB

Download
memory/3544-11626-0x000000001F010000-0x000000001F040000-memory.dmp

Filesize
192KB

Download
memory/3628-11455-0x0000000000400000-0x0000000000731000-memory.dmp

Filesize
3.2MB

Download
memory/3704-12128-0x0000000000750000-0x0000000000760000-memory.dmp

Filesize
64KB

Download
memory/3728-11456-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/3728-11424-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/3748-11634-0x0000000000A50000-0x0000000000A60000-memory.dmp

Filesize
64KB

Download
memory/4036-26-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-7-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-11647-0x0000000000850000-0x000000000085E000-memory.dmp

Filesize
56KB

Download
memory/4036-11490-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-11492-0x0000000000850000-0x000000000085E000-memory.dmp

Filesize
56KB

Download
memory/4036-21-0x0000000003300000-0x000000000331F000-memory.dmp

Filesize
124KB

Download
memory/4036-22-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-37-0x0000000003300000-0x000000000331F000-memory.dmp

Filesize
124KB

Download
memory/4036-36-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-39-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-42-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-45-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-16-0x0000000003300000-0x000000000331F000-memory.dmp

Filesize
124KB

Download
memory/4036-11645-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-48-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-51-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-5791-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-54-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-11732-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-9933-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4036-60-0x0000000000850000-0x000000000085E000-memory.dmp

Filesize
56KB

Download
memory/4036-2567-0x0000000000850000-0x000000000085E000-memory.dmp

Filesize
56KB

Download
memory/4036-2561-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4288-11483-0x0000000003A80000-0x0000000003A94000-memory.dmp

Filesize
80KB

Download
memory/4288-11609-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/4424-11972-0x00000000200D0000-0x00000000200DE000-memory.dmp

Filesize
56KB

Download
memory/4424-11695-0x0000000000010000-0x00000000009AC000-memory.dmp

Filesize
9.6MB

Download
memory/4424-11975-0x0000000020C90000-0x0000000020CA4000-memory.dmp

Filesize
80KB

Download
memory/4424-11698-0x0000000001060000-0x0000000001072000-memory.dmp

Filesize
72KB

Download
memory/4424-11610-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4424-11697-0x0000000002CD0000-0x0000000002D82000-memory.dmp

Filesize
712KB

Download
memory/4424-11696-0x000000001B910000-0x000000001BAAC000-memory.dmp

Filesize
1.6MB

Download
memory/4424-12362-0x0000000026E90000-0x00000000273B8000-memory.dmp

Filesize
5.2MB

Download
memory/4424-11705-0x0000000002B10000-0x0000000002B40000-memory.dmp

Filesize
192KB

Download
memory/4424-12365-0x00000000261F0000-0x00000000261FC000-memory.dmp

Filesize
48KB

Download
memory/4424-11459-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4424-12372-0x00000000253E0000-0x00000000253F6000-memory.dmp

Filesize
88KB

Download
memory/4424-11974-0x0000000020130000-0x0000000020138000-memory.dmp

Filesize
32KB

Download
memory/4424-11958-0x0000000020C70000-0x0000000020C88000-memory.dmp

Filesize
96KB

Download
memory/4424-11955-0x00000000200E0000-0x0000000020126000-memory.dmp

Filesize
280KB

Download
memory/4424-11954-0x0000000020070000-0x0000000020082000-memory.dmp

Filesize
72KB

Download
memory/4424-11746-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/4424-11721-0x000000001B8B0000-0x000000001B8D4000-memory.dmp

Filesize
144KB

Download
memory/4424-11706-0x0000000001310000-0x0000000001320000-memory.dmp

Filesize
64KB

Download
memory/4424-11704-0x00000000012B0000-0x00000000012C8000-memory.dmp

Filesize
96KB

Download
memory/4424-11712-0x0000000002B80000-0x0000000002BA8000-memory.dmp

Filesize
160KB

Download
memory/4860-11635-0x00000170B9590000-0x00000170B9F42000-memory.dmp

Filesize
9.7MB

Download
memory/4908-11639-0x00000000021C0000-0x00000000021F4000-memory.dmp

Filesize
208KB

Download
memory/4908-11637-0x000000001BDD0000-0x000000001BE4E000-memory.dmp

Filesize
504KB

Download
memory/4908-11633-0x000000001BFC0000-0x000000001C04E000-memory.dmp

Filesize
568KB

Download
memory/4908-11632-0x0000000000160000-0x000000000016E000-memory.dmp

Filesize
56KB

Download
memory/5552-12396-0x0000000000CD0000-0x0000000000CDC000-memory.dmp

Filesize
48KB

Download
memory/5628-12395-0x0000000000570000-0x000000000057E000-memory.dmp

Filesize
56KB

Download
memory/5924-11986-0x0000000000900000-0x000000000090C000-memory.dmp

Filesize
48KB

Download
memory/6028-12029-0x00000000057F0000-0x00000000057FA000-memory.dmp

Filesize
40KB

Download
memory/6028-12137-0x0000000006690000-0x00000000066A4000-memory.dmp

Filesize
80KB

Download
memory/6028-12138-0x0000000005AA0000-0x0000000005AAC000-memory.dmp

Filesize
48KB

Download
memory/6028-12140-0x00000000066D0000-0x00000000066DE000-memory.dmp

Filesize
56KB

Download
memory/6028-12141-0x0000000006700000-0x0000000006714000-memory.dmp

Filesize
80KB

Download
memory/6028-12148-0x0000000006970000-0x000000000699E000-memory.dmp

Filesize
184KB

Download
memory/6028-12144-0x0000000006780000-0x00000000067A4000-memory.dmp

Filesize
144KB

Download
memory/6028-12143-0x0000000006750000-0x000000000677C000-memory.dmp

Filesize
176KB

Download
memory/6028-12139-0x00000000066B0000-0x00000000066BE000-memory.dmp

Filesize
56KB

Download
memory/6028-12018-0x0000000004F30000-0x0000000004F54000-memory.dmp

Filesize
144KB

Download
memory/6028-12016-0x0000000005830000-0x00000000058CC000-memory.dmp

Filesize
624KB

Download
memory/6028-12014-0x00000000056F0000-0x0000000005782000-memory.dmp

Filesize
584KB

Download
memory/6028-12015-0x0000000004ED0000-0x0000000004EE2000-memory.dmp

Filesize
72KB

Download
memory/6028-12013-0x0000000005630000-0x00000000056E2000-memory.dmp

Filesize
712KB

Download
memory/6028-12012-0x0000000004C10000-0x0000000004DAC000-memory.dmp

Filesize
1.6MB

Download
memory/6028-12007-0x0000000004F80000-0x0000000005524000-memory.dmp

Filesize
5.6MB

Download
memory/6028-12006-0x00000000001C0000-0x00000000001D8000-memory.dmp

Filesize
96KB

Download