Malware analysis https://download.wondershare.jp/pdfelement-pro_full5272.exe?_gl=1*1fuwgfu*_gcl_au*MTU5NDMzMTkxMi4xNjk4Nzk4OTQw&_ga=2.93785949.1564695575.1698798940-747152758.1698798940 Malicious activity

Add for printing

URL:	https://download.wondershare.jp/pdfelement-pro_full5272.exe?_gl=11fuwgfu_gcl_au*MTU5NDMzMTkxMi4xNjk4Nzk4OTQw&_ga=2.93785949.1564695575.1698798940-747152758.1698798940
Full analysis:	https://app.any.run/tasks/6a0939b0-c21f-4c01-a9da-30c014ae4d27
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	November 01, 2023, 00:38:16
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	loader
Indicators:
SHA1:	DFE421B50A82B7EF1E211616B08E6A2ACBB80532
SHA256:	8FE97C3F87F9BA586FC2160E85B1925CB3C008944C10A31BFCFD9201BA17D56F
SSDEEP:	3:N8SElIQLPQ16nDcJCB/nYUs0z6RsnBQ0HD65W0RcLfcFSepdESsQJKsvdQ:2SKIQLi60CB/YTKysBQ0j65WBrFezPQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - pdfelement-pro_full5272.exe (PID: 3580)
  - PEAddInDeployment.exe (PID: 2620)
  - PEShellContextMenu4.exe (PID: 3708)
  - pdfelement-pro_full5272.tmp (PID: 2552)
  - WSPrtSetup.exe (PID: 3216)
- Creates a writable file the system directory
  - pdfelement-pro_full5272.tmp (PID: 2552)
  - WSPrtSetup.exe (PID: 3216)
- Registers / Runs the DLL via REGSVR32.EXE
  - pdfelement-pro_full5272.tmp (PID: 2552)
- Create files in the Startup directory
  - PEToolDeployment.exe (PID: 3620)
  - PEToolDeployment.exe (PID: 3468)
SUSPICIOUS
- Reads the Internet Settings
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - pdfelement-pro_full5272.tmp (PID: 2552)
  - PEToolDeployment.exe (PID: 3620)
  - PEToolDeployment.exe (PID: 3468)
  - PEToolDeployment.exe (PID: 3424)
  - PEToolDeployment.exe (PID: 3808)
  - RegAsm.exe (PID: 328)
  - PENotify.exe (PID: 2908)
  - PDFelement.exe (PID: 3888)
- Reads security settings of Internet Explorer
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
- Reads settings of System Certificates
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - PENotify.exe (PID: 2908)
  - PDFelement.exe (PID: 3888)
- Reads Microsoft Outlook installation path
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
- Connects to unusual port
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - PENotify.exe (PID: 2908)
  - PDFelement.exe (PID: 3888)
- Checks Windows Trust Settings
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
- Reads Internet Explorer settings
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - PDFelement.exe (PID: 3888)
- Process requests binary or script from the Internet
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
- Reads the Windows owner or organization settings
  - pdfelement-pro_full5272.tmp (PID: 2552)
- The process drops C-runtime libraries
  - pdfelement-pro_full5272.tmp (PID: 2552)
- Searches for installed software
  - pdfelement-pro_full5272.tmp (PID: 2552)
- Drops 7-zip archiver for unpacking
  - pdfelement-pro_full5272.tmp (PID: 2552)
- Process drops legitimate windows executable
  - pdfelement-pro_full5272.tmp (PID: 2552)
  - PEAddInDeployment.exe (PID: 2620)
  - WSPrtSetup.exe (PID: 3216)
- Starts itself from another location
  - PEShellContextMenu4.exe (PID: 3708)
- Starts SC.EXE for service management
  - pdfelement-pro_full5272.tmp (PID: 2552)
- Explorer used for Indirect Command Execution
  - explorer.exe (PID: 888)
  - explorer.exe (PID: 3928)
  - explorer.exe (PID: 3268)
- Reads the BIOS version
  - PDFelement.exe (PID: 3888)
INFO
- Application launched itself
  - iexplore.exe (PID: 1688)
  - chrome.exe (PID: 2920)
- Checks supported languages
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - pdfelement-pro_full5272.exe (PID: 3580)
  - pdfelement-pro_full5272.tmp (PID: 2552)
  - PEPreviewDeployment.exe (PID: 2096)
  - zip.exe (PID: 2600)
  - zip.exe (PID: 3504)
  - PEAddInDeployment.exe (PID: 2620)
  - PEShellContextMenu4.exe (PID: 3708)
  - PEShellContextMenu4.exe (PID: 3080)
  - FileAssociation.exe (PID: 292)
  - WSPrtSetup.exe (PID: 3216)
  - PEToolDeployment.exe (PID: 3620)
  - PEToolDeployment.exe (PID: 3468)
  - PEToolDeployment.exe (PID: 3424)
  - PENotify.exe (PID: 2908)
  - PEToolDeployment.exe (PID: 3808)
  - PEPreviewDeployment.exe (PID: 3856)
  - PENotify.exe (PID: 1576)
  - RegAsm.exe (PID: 328)
  - PEPreviewDeployment.exe (PID: 3740)
  - fontlistsave.exe (PID: 1372)
  - PDFelement.exe (PID: 3888)
  - zip.exe (PID: 940)
- Reads the computer name
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - PEPreviewDeployment.exe (PID: 2096)
  - pdfelement-pro_full5272.tmp (PID: 2552)
  - PEAddInDeployment.exe (PID: 2620)
  - PEShellContextMenu4.exe (PID: 3708)
  - PEShellContextMenu4.exe (PID: 3080)
  - FileAssociation.exe (PID: 292)
  - WSPrtSetup.exe (PID: 3216)
  - PEToolDeployment.exe (PID: 3620)
  - PEToolDeployment.exe (PID: 3468)
  - PEToolDeployment.exe (PID: 3424)
  - PENotify.exe (PID: 2908)
  - PEToolDeployment.exe (PID: 3808)
  - PENotify.exe (PID: 1576)
  - PEPreviewDeployment.exe (PID: 3856)
  - RegAsm.exe (PID: 328)
  - PEPreviewDeployment.exe (PID: 3740)
  - PDFelement.exe (PID: 3888)
- Reads the machine GUID from the registry
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - PEPreviewDeployment.exe (PID: 2096)
  - PEAddInDeployment.exe (PID: 2620)
  - PEShellContextMenu4.exe (PID: 3708)
  - PEShellContextMenu4.exe (PID: 3080)
  - FileAssociation.exe (PID: 292)
  - PEToolDeployment.exe (PID: 3620)
  - PEToolDeployment.exe (PID: 3468)
  - PEToolDeployment.exe (PID: 3424)
  - PENotify.exe (PID: 2908)
  - PEToolDeployment.exe (PID: 3808)
  - PENotify.exe (PID: 1576)
  - PEPreviewDeployment.exe (PID: 3856)
  - RegAsm.exe (PID: 328)
  - PEPreviewDeployment.exe (PID: 3740)
  - PDFelement.exe (PID: 3888)
- The process uses the downloaded file
  - iexplore.exe (PID: 1688)
  - chrome.exe (PID: 3932)
  - chrome.exe (PID: 3376)
  - chrome.exe (PID: 2744)
- Drops the executable file immediately after the start
  - iexplore.exe (PID: 1688)
  - iexplore.exe (PID: 4016)
- Checks proxy server information
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
- Creates files in the program directory
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - pdfelement-pro_full5272.tmp (PID: 2552)
  - zip.exe (PID: 2600)
  - zip.exe (PID: 3504)
  - PEAddInDeployment.exe (PID: 2620)
  - PEShellContextMenu4.exe (PID: 3708)
  - PEToolDeployment.exe (PID: 3620)
  - PEToolDeployment.exe (PID: 3468)
  - PDFelement.exe (PID: 3888)
  - chrome.exe (PID: 2920)
- Create files in a temporary directory
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - pdfelement-pro_full5272.exe (PID: 3580)
  - pdfelement-pro_full5272.tmp (PID: 2552)
  - PEToolDeployment.exe (PID: 3620)
  - PEToolDeployment.exe (PID: 3468)
  - PDFelement.exe (PID: 3888)
- Creates files or folders in the user directory
  - pdfelement-pro_setup_full5272.exe (PID: 1120)
  - PEPreviewDeployment.exe (PID: 2096)
  - pdfelement-pro_full5272.tmp (PID: 2552)
  - PEShellContextMenu4.exe (PID: 3708)
  - WSPrtSetup.exe (PID: 3216)
  - regsvr32.exe (PID: 3784)
  - PEToolDeployment.exe (PID: 3620)
  - PEToolDeployment.exe (PID: 3468)
  - PEToolDeployment.exe (PID: 3424)
  - PEToolDeployment.exe (PID: 3808)
  - PEPreviewDeployment.exe (PID: 3856)
  - PENotify.exe (PID: 2908)
  - PEPreviewDeployment.exe (PID: 3740)
  - fontlistsave.exe (PID: 1372)
  - PDFelement.exe (PID: 3888)
  - zip.exe (PID: 940)
- Creates a software uninstall entry
  - pdfelement-pro_full5272.tmp (PID: 2552)
- Reads the Internet Settings
  - explorer.exe (PID: 1176)
  - explorer.exe (PID: 2776)
  - explorer.exe (PID: 1304)
- Reads the time zone
  - PENotify.exe (PID: 2908)
  - PDFelement.exe (PID: 3888)
- Reads Environment values
  - PENotify.exe (PID: 2908)
  - PDFelement.exe (PID: 3888)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

111

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

292

"C:\Program Files\Wondershare\PDFelement10\FileAssociation.exe" /a .fdf;.pdf "C:\Program Files\Wondershare\PDFelement10\PDFelement.exe" "C:\Program Files\Wondershare\PDFelement10\projectfile.ico" /FriendlyAppName "Wondershare PDFelement"

C:\Program Files\Wondershare\PDFelement10\FileAssociation.exe

—

pdfelement-pro_full5272.tmp

User:

admin

Company:

Wondershare

Integrity Level:

HIGH

Description:

Fix PDF file association

Exit code:

Version:

10.1.4.2521

Modules

Images
c:\program files\wondershare\pdfelement10\fileassociation.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

328

"C:\Windows\Microsoft.Net\Framework\v4.0.30319\regasm.exe" /codebase "C:\Program Files\Common Files\Wondershare\PDFelement10\Preview\1.0.0.69\PEPreview4.dll"

C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe

PEPreviewDeployment.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft .NET Assembly Registration Utility

Exit code:

Version:

4.0.30319.34209 built by: FX452RTMGDR

Modules

Images
c:\windows\microsoft.net\framework\v4.0.30319\regasm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll

884

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1100,i,4324410265948040387,13257234207075288121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

HIGH

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

888

"C:\Windows\explorer.exe" C:\Program Files\Wondershare\PDFelement10\PEToolDeployment.exe

C:\Windows\explorer.exe

—

PEToolDeployment.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Explorer

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

940

"C:\Program Files\Wondershare\PDFelement10\zip.exe" x -y -o"C:\Users\admin\AppData\Roaming\Wondershare\PDFelement10\Temp\WhatsNew\Pictures" "C:\Users\admin\AppData\Roaming\Wondershare\PDFelement10\Temp\WhatsNew\UpdateWindowsPicture.7z"

C:\Program Files\Wondershare\PDFelement10\zip.exe

—

PDFelement.exe

User:

admin

Company:

Igor Pavlov

Integrity Level:

MEDIUM

Description:

7-Zip 独立命令行

Exit code:

Version:

9.20

Modules

Images
c:\program files\wondershare\pdfelement10\zip.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll

1120

"C:\Users\admin\Downloads\pdfelement-pro_setup_full5272.exe"

C:\Users\admin\Downloads\pdfelement-pro_setup_full5272.exe

iexplore.exe

User:

admin

Integrity Level:

HIGH

Description:

pdfelement10_setup_full5272.exe

Exit code:

Version:

4.0.4.12

Modules

Images
c:\users\admin\downloads\pdfelement-pro_setup_full5272.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

1144

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=852 --field-trial-handle=1100,i,4324410265948040387,13257234207075288121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1176

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\explorer.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Explorer

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

1304

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\explorer.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Explorer

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

1372

"C:\Program Files\Wondershare\PDFelement10\fontlistsave.exe" C:\Users\admin\AppData\Roaming\Wondershare\PDFelement10\Config\SystemFontList.cfg

C:\Program Files\Wondershare\PDFelement10\fontlistsave.exe

—

pdfelement-pro_full5272.tmp

User:

admin

Company:

Wondershare

Integrity Level:

HIGH

Description:

PDF Core Console

Exit code:

Version:

8.4.5.4327

Modules

Images
c:\program files\wondershare\pdfelement10\fontlistsave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\wondershare\pdfelement10\libpdfcore.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

Add for printing

Total events

30 700

Read events

30 389

Write events

304

Delete events

Modification events


(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 0
(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 30847387
(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 30847437
(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(1688) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

324

Suspicious files

603

Text files

328

Unknown types

Dropped files

PID	Process	Filename		Type
4016	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:65236A8757D7BE5A19C508C400EEC55F	SHA256:D1C545AA5FDE6F4B8C35AFCE6B377F677E6AB383762B93FB8B48D89CBE336922
4016	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_260D06ABAE8CB938B7DFA6C4B7C430BA		binary
		MD5:6121BC9CCDE828CDC2B9529C611BBAA1	SHA256:C064C009DE0C79C808BF343C4E6D15598D84D7A2F67D93250E2B5AF500F07B8E
4016	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		compressed
		MD5:1BFE591A4FE3D91B03CDF26EAACD8F89	SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
1120	pdfelement-pro_setup_full5272.exe	C:\Users\Public\Documents\Wondershare\pdfelement-pro_full5272.exe.~P2S		—
		MD5:—	SHA256:—
4016	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04		binary
		MD5:BB8CC24DCB8144A99BDA63898D92166E	SHA256:C9A600A9671DD4AF65C2DFDC3E9336FCA9205EAB379C0DD8EE0CFEA8FDDF7687
4016	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57		binary
		MD5:7DB9D57F968ADFFFA56A91B39E9F8B30	SHA256:778D777F3D733DAA9326A8BE7AA2712B75B4E82FAC9417398E5A283A4872BC51
4016	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04		binary
		MD5:F55C55A77005DAADDF76012EEA702608	SHA256:1F334562DA85539EE53D4DD9CE998DBFF2DB9C04B4BF6B77CB666A7FF70815B4
4016	iexplore.exe	C:\Users\admin\Downloads\pdfelement-pro_setup_full5272.exe.vbtvttj.partial		executable
		MD5:B2B5D4C2EB1CDE586135A9C0C44C6C85	SHA256:AED40EFA31B5E5BC780B2FD899EC2B60FD5DC762BAE356959CDAC7A8F7C0088E
4016	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14561BF7422BB6F70A9CB14F5AA8A7DA_260D06ABAE8CB938B7DFA6C4B7C430BA		binary
		MD5:DA482E07BC4E310A3BAA7109751C43F2	SHA256:E91F19C42ED4D8E3276C20357FDBBDD9665DC70638BD86BA047DE5E2C50700D7
4016	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\pdfelement-pro_setup_full5272[1].exe		executable
		MD5:89A3452C317648367ADB8906F1BA96A4	SHA256:E1BF10AA904B68E3C6FEED5DF0B297137ABFB01BC84951811982B24FEF1AC105

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

235

DNS requests

212

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1120	pdfelement-pro_setup_full5272.exe	GET	—	88.221.110.67:80	http://download.wondershare.jp/cbs_down/pdfelement-pro_full5272.exe	unknown	—	—	unknown
1120	pdfelement-pro_setup_full5272.exe	GET	—	88.221.110.67:80	http://download.wondershare.jp/cbs_down/pdfelement-pro_full5272.exe	unknown	—	—	unknown
1120	pdfelement-pro_setup_full5272.exe	GET	—	88.221.110.67:80	http://download.wondershare.jp/cbs_down/pdfelement-pro_full5272.exe	unknown	—	—	unknown
1120	pdfelement-pro_setup_full5272.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQlOydjtpho0%2Bholo77zGjGxETUEQQU8JyF%2FaKffY%2FJaLvV1IlNHb7TkP8CEA55FRzCAC31guRNu%2FMLaAM%3D	unknown	binary	727 b	unknown
4016	iexplore.exe	GET	200	67.27.234.126:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5495137de89cafc2	unknown	compressed	4.66 Kb	unknown
1120	pdfelement-pro_setup_full5272.exe	GET	206	2.16.100.179:80	http://download.wondershare.jp/cbs_down/pdfelement-pro_full5272.exe	unknown	text	2 b	unknown
4016	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAoFmyX1Sz2HlMxmMUd1OKM%3D	unknown	binary	471 b	unknown
1120	pdfelement-pro_setup_full5272.exe	GET	200	142.250.185.67:80	http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D	unknown	binary	724 b	unknown
1120	pdfelement-pro_setup_full5272.exe	GET	206	2.16.100.179:80	http://download.wondershare.jp/cbs_down/pdfelement-pro_full5272.exe	unknown	binary	26.6 Mb	unknown
1120	pdfelement-pro_setup_full5272.exe	GET	206	2.16.100.179:80	http://download.wondershare.jp/cbs_down/pdfelement-pro_full5272.exe	unknown	binary	26.6 Mb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4016	iexplore.exe	2.16.100.179:443	download.wondershare.jp	Akamai International B.V.	DE	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
4016	iexplore.exe	67.27.234.126:80	ctldl.windowsupdate.com	LEVEL3	US	unknown
4016	iexplore.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
2656	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
4016	iexplore.exe	8.209.73.211:443	cbs.wondershare.jp	Alibaba US Technology Co., Ltd.	DE	unknown
1088	svchost.exe	224.0.0.252:5355	—	—	—	unknown
1120	pdfelement-pro_setup_full5272.exe	8.209.72.213:443	pc-api.wondershare.cc	Alibaba US Technology Co., Ltd.	DE	unknown
1120	pdfelement-pro_setup_full5272.exe	8.209.73.211:80	cbs.wondershare.jp	Alibaba US Technology Co., Ltd.	DE	unknown

DNS requests

Domain	IP	Reputation
ctldl.windowsupdate.com	67.27.234.126 67.27.233.126 8.238.191.254 67.27.235.254 8.253.95.121	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
cbs.wondershare.jp	8.209.73.211	malicious
pc-api.wondershare.cc	8.209.72.213	unknown
platform.wondershare.com	8.209.73.211	unknown
prod-web.wondershare.cc	47.91.89.51	unknown
download.wondershare.jp	104.124.11.34 104.124.11.26 88.221.110.67 2.16.100.179	whitelisted
analytics.wondershare.cc	47.254.80.199	unknown
wae.wondershare.cc	163.181.56.210 163.181.56.211 163.181.56.213 163.181.56.216 163.181.56.212 163.181.56.215 163.181.56.214 163.181.56.209	unknown
analytics.300624.com	47.251.49.246	unknown

Threats

PID	Process	Class	Message
1088	svchost.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD
1088	svchost.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD
1088	svchost.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD
1088	svchost.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD
1120	pdfelement-pro_setup_full5272.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP
1120	pdfelement-pro_setup_full5272.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP
1088	svchost.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD
1088	svchost.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD
884	chrome.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD
884	chrome.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD

3 ETPRO signatures available at the full report

Add for printing

Process	Message
PEPreviewDeployment.exe	StartExeTime: 2023-11-01 00:40:14:696
PEPreviewDeployment.exe	ProductName: PDFelement
PEPreviewDeployment.exe	Args: "/NeedInstall" "/Clsid:{815BAF99-0C5D-4FA8-8CCD-1129EE6D25B9}" "/NewVersion:1.0.0.69"
PEPreviewDeployment.exe	EnvironmentBit: 32
PEPreviewDeployment.exe	ProductVersion: 10.1.4.2521
PEPreviewDeployment.exe	EnvironmentVersion: 4.0.30319.34209
PEPreviewDeployment.exe	PreviewVersion: 1.0.0.69
PEPreviewDeployment.exe	ExitCode: 0
PEToolDeployment.exe	EnvironmentVersion: 4.0.30319.34209
PEToolDeployment.exe	Startup folder: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

General Info

https://download.wondershare.jp/pdfelement-pro_full5272.exe?_gl=1*1fuwgfu*_gcl_au*MTU5NDMzMTkxMi4xNjk4Nzk4OTQw&_ga=2.93785949.1564695575.1698798940-747152758.1698798940

DFE421B50A82B7EF1E211616B08E6A2ACBB80532

8FE97C3F87F9BA586FC2160E85B1925CB3C008944C10A31BFCFD9201BA17D56F

3:N8SElIQLPQ16nDcJCB/nYUs0z6RsnBQ0HD65W0RcLfcFSepdESsQJKsvdQ:2SKIQLi60CB/YTKysBQ0j65WBrFezPQ

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Creates a writable file the system directory

Registers / Runs the DLL via REGSVR32.EXE

Create files in the Startup directory

SUSPICIOUS

Reads the Internet Settings

Reads security settings of Internet Explorer

Reads settings of System Certificates

Reads Microsoft Outlook installation path

Connects to unusual port

Checks Windows Trust Settings

Reads Internet Explorer settings

Process requests binary or script from the Internet

Reads the Windows owner or organization settings

The process drops C-runtime libraries

Searches for installed software

Drops 7-zip archiver for unpacking

Process drops legitimate windows executable

Starts itself from another location

Starts SC.EXE for service management

Explorer used for Indirect Command Execution

Reads the BIOS version

INFO

Application launched itself

Checks supported languages

Reads the computer name

Reads the machine GUID from the registry

The process uses the downloaded file

Drops the executable file immediately after the start

Checks proxy server information

Creates files in the program directory

Create files in a temporary directory

Creates files or folders in the user directory

Creates a software uninstall entry

Reads the Internet Settings

Reads the time zone

Reads Environment values

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

https://download.wondershare.jp/pdfelement-pro_full5272.exe?_gl=11fuwgfu_gcl_au*MTU5NDMzMTkxMi4xNjk4Nzk4OTQw&_ga=2.93785949.1564695575.1698798940-747152758.1698798940