Technical Information
- [<HKLM>\SOFTWARE\Classes\FoxitPhantom.FDFDoc\shell\open\command] '' = '"%ProgramFiles%\Foxit Software\Foxit Phantom\Foxit Phantom.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\FoxitPhantom.Document\shell\open\command] '' = '"%ProgramFiles%\Foxit Software\Foxit Phantom\Foxit Phantom.exe" "%1"'
- '%ProgramFiles%\Foxit Software\Foxit Phantom\Foxit Phantom.exe' /register
- '<SYSTEM32>\cmd.exe' /c rd /s /q %temp% && md %temp%
- '%APPDATA%\~tmp.exe'
- '%TEMP%\fox4.tmp\InPDFReaderPlugin.exe' -p %ProgramFiles%\Foxit Software\Foxit Phantom\plugins\
- C:\Documents and Settings\LocalService\Application Data\Foxit Software\Foxit PDF Creator\FXCPrivate_3c02.ini
- <SYSTEM32>\spool\drivers\w32x86\3\New\fpmvpr_ui.dll
- %ProgramFiles%\Foxit Software\Foxit Phantom\fpc_wordaddin.dll
- <SYSTEM32>\spool\drivers\w32x86\3\FXC_ProxyProcess.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- <SYSTEM32>\spool\drivers\w32x86\3\New\fpmvpr_drv.dll
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\ssceam2.clx
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\ssceam.tlx
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\sscebr2.clx
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\sscebr.tlx
- %ProgramFiles%\Foxit Software\Foxit Phantom\fxdecod1.dll
- %ProgramFiles%\Foxit Software\Foxit Phantom\fpdfcjk.bin
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\correct.tlx
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\accent.tlx
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Sign Here\Initial.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Sign Here\Accepted.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Sign Here\Sign Here.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Sign Here\Rejected.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Revised.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Reviewed.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Void.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Verified.pdf
- %ALLUSERSPROFILE%\Desktop\Foxit Phantom.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Foxit Phantom\Readme.lnk
- %ProgramFiles%\Foxit Software\Foxit Phantom\fpmkey.txt
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Foxit Phantom.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Foxit Phantom\Foxit Phantom.lnk
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Sign Here\Witness.pdf
- %ALLUSERSPROFILE%\Start Menu\Programs\Foxit Phantom\Uninstall.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Foxit Phantom\InstallKey.lnk
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Received.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\plugins\OnDemandCM\curl\curl.exe
- %ProgramFiles%\Foxit Software\Foxit Phantom\plugins\OnDemandCM\OnDemandPlugin.dll
- %ProgramFiles%\Foxit Software\Foxit Phantom\plugins\OnDemandCM\curl\libeay32.dll
- %ProgramFiles%\Foxit Software\Foxit Phantom\plugins\OnDemandCM\curl\libcurl.dll
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\ssceca2.clx
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\ssceca.tlx
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\userdic.tlx
- %ProgramFiles%\Foxit Software\Foxit Phantom\lex\tech.tlx
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Emergency.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Draft.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Final.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Expired.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Approved.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\plugins\OnDemandCM\curl\libssl32.dll
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Confidential.pdf
- %ProgramFiles%\Foxit Software\Foxit Phantom\Stamps\Standard Stamps\Completed.pdf
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- %TEMP%\fox4.tmp\ssceam2.clx
- %TEMP%\fox4.tmp\ssceam.tlx
- %TEMP%\fox4.tmp\sscebr2.clx
- %TEMP%\fox4.tmp\sscebr.tlx
- %TEMP%\fox4.tmp\FXC_ProxyProcess64.exe
- %TEMP%\fox4.tmp\fpmvpr_ui64.dll
- %TEMP%\fox4.tmp\correct.tlx
- %TEMP%\fox4.tmp\accent.tlx
- %TEMP%\fox4.tmp\FoxitReaderOCX.ocx
- %TEMP%\fox4.tmp\config.xml
- %TEMP%\fox4.tmp\InstallPDFReaderPlugin.exe
- %TEMP%\fox4.tmp\InPDFReaderPlugin.exe
- %TEMP%\fox4.tmp\ssceca2.clx
- %TEMP%\fox4.tmp\ssceca.tlx
- %TEMP%\fox4.tmp\userdic.tlx
- %TEMP%\fox4.tmp\tech.tlx
- %TEMP%\fox4.tmp\fpmvpr_drv64.dll
- %TEMP%\fox4.tmp\fpdfcjk.bin
- %TEMP%\fox4.tmp\Foxit Phantom.exe
- %TEMP%\fox4.tmp\InstallKey.exe
- %TEMP%\fox4.tmp\fxdecod1.dll
- %APPDATA%\~tmp.exe
- %TEMP%\aut1.tmp
- %TEMP%\fox3.tmp
- %TEMP%\fox2.tmp
- %TEMP%\fox4.tmp\fpmvpr_drv.dll
- %TEMP%\fox4.tmp\psapi.dll
- %TEMP%\fox4.tmp\FXC_ProxyProcess.exe
- %TEMP%\fox4.tmp\fpmvpr_ui.dll
- %TEMP%\fox4.tmp\Uninstall.exe
- %TEMP%\fox4.tmp\Readme.txt
- %TEMP%\fox4.tmp\framedyn.dll
- %TEMP%\fox4.tmp\fpc_wordaddin.dll
- %TEMP%\fox4.tmp\Revised.pdf
- %TEMP%\fox4.tmp\Reviewed.pdf
- %TEMP%\fox4.tmp\Void.pdf
- %TEMP%\fox4.tmp\Verified.pdf
- %TEMP%\fox4.tmp\Expired.pdf
- %TEMP%\fox4.tmp\Emergency.pdf
- %TEMP%\fox4.tmp\Received.pdf
- %TEMP%\fox4.tmp\Final.pdf
- <SYSTEM32>\spool\drivers\w32x86\fpmvpr_drv.dll
- %ProgramFiles%\Foxit Software\Foxit Phantom\Readme.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- <SYSTEM32>\spool\drivers\w32x86\fpmvpr_ui.dll
- %ProgramFiles%\Foxit Software\Foxit Phantom\Uninstall.exe
- %ProgramFiles%\Foxit Software\Foxit Phantom\Foxit Phantom.exe
- %ProgramFiles%\Foxit Software\Foxit Phantom\InstallKey.exe
- %ProgramFiles%\Foxit Software\Foxit Phantom\config.xml
- %TEMP%\fox4.tmp\Draft.pdf
- %TEMP%\fox4.tmp\libcurl.dll
- %TEMP%\fox4.tmp\curl.exe
- %TEMP%\fox4.tmp\libssl32.dll
- %TEMP%\fox4.tmp\libeay32.dll
- %TEMP%\fox4.tmp\UnInstallPDFReaderPlugin.exe
- %TEMP%\fox4.tmp\npFoxitReaderPlugin.dll
- %TEMP%\fox4.tmp\OnDemandPlugin.dll
- %TEMP%\fox4.tmp\UnPDFReaderPlugin.exe
- %TEMP%\fox4.tmp\Approved.pdf
- %TEMP%\fox4.tmp\Witness.pdf
- %TEMP%\fox4.tmp\Confidential.pdf
- %TEMP%\fox4.tmp\Completed.pdf
- %TEMP%\fox4.tmp\Initial.pdf
- %TEMP%\fox4.tmp\Accepted.pdf
- %TEMP%\fox4.tmp\Sign Here.pdf
- %TEMP%\fox4.tmp\Rejected.pdf
- %TEMP%\fox4.tmp\Rejected.pdf
- %TEMP%\fox4.tmp\Received.pdf
- %TEMP%\fox4.tmp\Readme.txt
- %TEMP%\fox4.tmp\Reviewed.pdf
- %TEMP%\fox4.tmp\ssceam.tlx
- %TEMP%\fox4.tmp\Sign Here.pdf
- %TEMP%\fox4.tmp\Revised.pdf
- %TEMP%\fox4.tmp\libeay32.dll
- %TEMP%\fox4.tmp\libcurl.dll
- %TEMP%\fox4.tmp\InstallPDFReaderPlugin.exe
- %TEMP%\fox4.tmp\libssl32.dll
- %TEMP%\fox4.tmp\psapi.dll
- %TEMP%\fox4.tmp\OnDemandPlugin.dll
- %TEMP%\fox4.tmp\npFoxitReaderPlugin.dll
- %TEMP%\fox4.tmp\ssceam2.clx
- %TEMP%\fox4.tmp\Verified.pdf
- %TEMP%\fox4.tmp\userdic.tlx
- %TEMP%\fox4.tmp\UnPDFReaderPlugin.exe
- %TEMP%\fox4.tmp\Void.pdf
- %ALLUSERSPROFILE%\Desktop\Foxit Phantom.lnk
- %APPDATA%\~tmp.exe
- %TEMP%\fox4.tmp\Witness.pdf
- %TEMP%\fox4.tmp\ssceca.tlx
- %TEMP%\fox4.tmp\sscebr2.clx
- %TEMP%\fox4.tmp\sscebr.tlx
- %TEMP%\fox4.tmp\ssceca2.clx
- %TEMP%\fox4.tmp\UnInstallPDFReaderPlugin.exe
- %TEMP%\fox4.tmp\Uninstall.exe
- %TEMP%\fox4.tmp\tech.tlx
- %TEMP%\fox4.tmp\InstallKey.exe
- %TEMP%\fox4.tmp\correct.tlx
- %TEMP%\fox4.tmp\config.xml
- %TEMP%\fox4.tmp\Confidential.pdf
- %TEMP%\fox4.tmp\curl.exe
- %TEMP%\fox4.tmp\Expired.pdf
- %TEMP%\fox4.tmp\Emergency.pdf
- %TEMP%\fox4.tmp\Draft.pdf
- %TEMP%\fox3.tmp
- %TEMP%\fox2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\fox4.tmp\accent.tlx
- %TEMP%\fox4.tmp\Completed.pdf
- %TEMP%\fox4.tmp\Approved.pdf
- %TEMP%\fox4.tmp\Accepted.pdf
- %TEMP%\fox4.tmp\Final.pdf
- %TEMP%\fox4.tmp\FXC_ProxyProcess.exe
- %TEMP%\fox4.tmp\framedyn.dll
- %TEMP%\fox4.tmp\fpmvpr_ui64.dll
- %TEMP%\fox4.tmp\FXC_ProxyProcess64.exe
- %TEMP%\fox4.tmp\InPDFReaderPlugin.exe
- %TEMP%\fox4.tmp\Initial.pdf
- %TEMP%\fox4.tmp\fxdecod1.dll
- %TEMP%\fox4.tmp\fpc_wordaddin.dll
- %TEMP%\fox4.tmp\FoxitReaderOCX.ocx
- %TEMP%\fox4.tmp\Foxit Phantom.exe
- %TEMP%\fox4.tmp\fpdfcjk.bin
- %TEMP%\fox4.tmp\fpmvpr_ui.dll
- %TEMP%\fox4.tmp\fpmvpr_drv64.dll
- %TEMP%\fox4.tmp\fpmvpr_drv.dll
- from <SYSTEM32>\spool\drivers\w32x86\3\New\fpmvpr_ui.dll to <SYSTEM32>\spool\drivers\w32x86\3\fpmvpr_ui.dll
- from <SYSTEM32>\spool\drivers\w32x86\3\New\fpmvpr_drv.dll to <SYSTEM32>\spool\drivers\w32x86\3\fpmvpr_drv.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''