Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Archive.zip

Overview

General Information

Sample name:Archive.zip
Analysis ID:1541176
MD5:c60cd0df4975d745722d1776d5be95b5
SHA1:f8e2eb05478108eae1f8fa28f70ebb64163d032d
SHA256:f1ed181ee30a70c0f71aacf7c592be0e6589421bc479e379109c4c3f572bb663
Infos:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Monitors registry run keys for changes
Binary contains a suspicious time stamp
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries keyboard layouts
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 6844 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • icepdfeditor.exe (PID: 7060 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe" MD5: 6700C9E3B5ADB8292F5FF09D1C38C920)
  • Patch.exe (PID: 3892 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe" MD5: 8E8EB38C6438BAA41A5867B6F465926F)
  • Patch.exe (PID: 7148 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe" MD5: 8E8EB38C6438BAA41A5867B6F465926F)
  • icepdfeditor.exe (PID: 6164 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe" MD5: 6700C9E3B5ADB8292F5FF09D1C38C920)
  • pdf_editor_setup_Downloadly.ir.exe (PID: 2872 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" MD5: 427D86902D064DCBDE0EB4F2D7FD601A)
    • pdf_editor_setup_Downloadly.ir.tmp (PID: 6340 cmdline: "C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$60464,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" MD5: 4BE9718959029220FC534542CB891006)
      • pdf_editor_setup_Downloadly.ir.exe (PID: 6512 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$10480 /NOTIFYWND=$60464 MD5: 427D86902D064DCBDE0EB4F2D7FD601A)
        • pdf_editor_setup_Downloadly.ir.tmp (PID: 6896 cmdline: "C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$30476,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$10480 /NOTIFYWND=$60464 MD5: 4BE9718959029220FC534542CB891006)
          • chrome.exe (PID: 6116 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
            • chrome.exe (PID: 6232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1904,i,13854701791661007299,5941582953959067631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • icepdfeditor.exe (PID: 1388 cmdline: "C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe" -inst MD5: 4AF96C036230E02407C613237F8BC9D5)
  • Taskmgr.exe (PID: 4116 cmdline: "C:\Windows\system32\taskmgr.exe" /4 MD5: 58D5BC7895F7F32EE308E34F06F25DD5)
  • Taskmgr.exe (PID: 4352 cmdline: "C:\Windows\system32\taskmgr.exe" /4 MD5: 58D5BC7895F7F32EE308E34F06F25DD5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    Process Memory Space: Patch.exe PID: 7148JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      19.2.Patch.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results
        Source: icepdfeditor.exe, 0000001D.00000002.2071338915.000000006B677000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_83bb44db-3
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND ICECREAM APPS LIMITED ("ICECREAMAPPS.COM"). USE OF THE SOFTWARE PROVIDED WITH THIS EULA (THE "SOFTWARE") CONSTITUTES YOUR ACCEPTANCE OF THESE TERMS. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT INSTALL AND/OR USE THIS SOFTWARE. BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. 1. LICENSE GRANT. The Software is licensed on per user basis not per computer site or company. This license is not transferable to any other system or to another organization or individual. You are not allowed to remove any proprietary notices or labels from the SOFTWARE. The PRO license can be used on ONE computer belonging to ONE user. The PRO license applies to the version of the program on which it is activated.2. WARRANTY DISCLAIMER. THIS SOFTWARE AND ANY RELATED DOCUMENTATION is PROVIDED "AS IS" AND COMES WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OR MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THE USE AND PERFORMANCE OF THIS SOFTWARE ARE SOLELY AT YOUR OWN RISK.3. FREE USE. You may install and use the SOFTWARE free of charge for personal educational (non-profit) use. In these cases you are granted the right to use and to make an unlimited number of copies of this software. Some features of the SOFTWARE may be limited or unavailable in free version of the SOFTWARE. To enable all the features you need to upgrade the SOFTWARE to PRO version. Full list of limited features is presented on Upgrade page of the SOFTWARE at icecreamapps.com.4. COMMERCIAL USE. For usage in corporate or commercial environment you will need to upgrade the SOFTWARE to PRO version by obtaining an activation key at icecreamapps.com. 5. REVERSE ENGINEERING. You agree that you will not attempt to reverse compile modify translate or disassemble the Software in whole or in part. 6. COPYRIGHT. The SOFTWARE is intellectual property of Icecream Apps Ltd and is protected by law. You acknowledge that all intellectual property rights in the SOFTWARE anywhere in the world belong to Icecream Apps Ltd that rights in the SOFTWARE are licensed (not sold) to you and that you have no rights in or to the SOFTWARE other than the right to use them in accordance with the terms of this License. You are not allowed to resell charge for rent lease loan sublicense or assign the SOFTWARE or any copy thereof including any related documentation.7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ICECREAM APPS LTD BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (IN
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND ICECREAM APPS LIMITED ("ICECREAMAPPS.COM"). USE OF THE SOFTWARE PROVIDED WITH THIS EULA (THE "SOFTWARE") CONSTITUTES YOUR ACCEPTANCE OF THESE TERMS. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT INSTALL AND/OR USE THIS SOFTWARE. BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. 1. LICENSE GRANT. The Software is licensed on per user basis not per computer site or company. This license is not transferable to any other system or to another organization or individual. You are not allowed to remove any proprietary notices or labels from the SOFTWARE. The PRO license can be used on ONE computer belonging to ONE user. The PRO license applies to the version of the program on which it is activated.2. WARRANTY DISCLAIMER. THIS SOFTWARE AND ANY RELATED DOCUMENTATION is PROVIDED "AS IS" AND COMES WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OR MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THE USE AND PERFORMANCE OF THIS SOFTWARE ARE SOLELY AT YOUR OWN RISK.3. FREE USE. You may install and use the SOFTWARE free of charge for personal educational (non-profit) use. In these cases you are granted the right to use and to make an unlimited number of copies of this software. Some features of the SOFTWARE may be limited or unavailable in free version of the SOFTWARE. To enable all the features you need to upgrade the SOFTWARE to PRO version. Full list of limited features is presented on Upgrade page of the SOFTWARE at icecreamapps.com.4. COMMERCIAL USE. For usage in corporate or commercial environment you will need to upgrade the SOFTWARE to PRO version by obtaining an activation key at icecreamapps.com. 5. REVERSE ENGINEERING. You agree that you will not attempt to reverse compile modify translate or disassemble the Software in whole or in part. 6. COPYRIGHT. The SOFTWARE is intellectual property of Icecream Apps Ltd and is protected by law. You acknowledge that all intellectual property rights in the SOFTWARE anywhere in the world belong to Icecream Apps Ltd that rights in the SOFTWARE are licensed (not sold) to you and that you have no rights in or to the SOFTWARE other than the right to use them in accordance with the terms of this License. You are not allowed to resell charge for rent lease loan sublicense or assign the SOFTWARE or any copy thereof including any related documentation.7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ICECREAM APPS LTD BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (IN
        Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49697 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49705 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49706 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.17:49708 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49709 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 2.23.209.154:443 -> 192.168.2.17:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49713 version: TLS 1.2
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2078018129.000000006C31E000.00000002.00000001.01000000.0000002A.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2101748504.000000006FBD3000.00000002.00000001.01000000.00000028.sdmp
        Source: Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1h\libcrypto-1_1.pdb source: icepdfeditor.exe, 0000001D.00000002.2090008272.000000006C5BF000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: d:\agent\_work\6\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.1988715143.000000006A461000.00000020.00000001.01000000.00000018.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: icepdfeditor.exe, 0000001D.00000002.2001625548.000000006A902000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2078018129.000000006C31E000.00000002.00000001.01000000.0000002A.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: icepdfeditor.exe, 0000001D.00000002.2102244107.000000006FBE4000.00000002.00000001.01000000.00000026.sdmp
        Source: Binary string: d:\agent\_work\6\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.2100429892.000000006C7B1000.00000020.00000001.01000000.0000001B.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: icepdfeditor.exe, 0000001D.00000002.2103264195.000000006FC45000.00000002.00000001.01000000.00000024.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: D:\Work\PdfEditor\icepdfeditor-Desktop_Qt_5_15_1_MSVC2019_32bit\bin\icepdfeditor.pdb source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000F02000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.00000000010A2000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2101290482.000000006FBC3000.00000002.00000001.01000000.00000029.sdmp
        Source: Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1h\libssl-1_1.pdb@@ source: icepdfeditor.exe, 0000001D.00000002.2099319800.000000006C660000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb''! source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1971413309.0000000069E86000.00000002.00000001.01000000.0000001D.sdmp
        Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USE_32BIT_TIME_T -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0501 source: icepdfeditor.exe, 0000001D.00000002.2090008272.000000006C556000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: icepdfeditor.exe, 0000001D.00000002.2067897717.000000006B5F7000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: icepdfeditor.exe, 0000001D.00000002.2102793776.000000006FC36000.00000002.00000001.01000000.00000025.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: icepdfeditor.exe, 0000001D.00000002.2103264195.000000006FC45000.00000002.00000001.01000000.00000024.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1971413309.0000000069E86000.00000002.00000001.01000000.0000001D.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2075960195.000000006C2B7000.00000002.00000001.01000000.0000002C.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: icepdfeditor.exe, 0000001D.00000002.2102244107.000000006FBE4000.00000002.00000001.01000000.00000026.sdmp
        Source: Binary string: msvcr120.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.1982989536.000000006A2F1000.00000020.00000001.01000000.0000001A.sdmp
        Source: Binary string: msvcp120.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.1986865023.000000006A3E1000.00000020.00000001.01000000.00000019.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbV source: icepdfeditor.exe, 0000001D.00000002.2001625548.000000006A902000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtwinextras\lib\Qt5WinExtras.pdb source: icepdfeditor.exe, 0000001D.00000002.2065581136.000000006B596000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1h\libssl-1_1.pdb source: icepdfeditor.exe, 0000001D.00000002.2099319800.000000006C660000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: icepdfeditor.exe, 0000001D.00000002.2028019665.000000006AEAF000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: d:\agent\_work\6\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.1989207627.000000006A481000.00000020.00000001.01000000.00000017.sdmp
        Source: Binary string: @ compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USE_32BIT_TIME_T -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0501OpenSSL 1.1.1h 22 Sep 2020built on: Wed Sep 23 11:25:01 2020 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not availabledes(long) source: icepdfeditor.exe, 0000001D.00000002.2090008272.000000006C556000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: E:\distr\development\crashrpt\CrashRpt_v.1.4.3_r1645\bin\CrashRpt1403.pdb source: icepdfeditor.exe, 0000001D.00000002.2073061037.000000006B6AF000.00000002.00000001.01000000.0000000F.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2080740262.000000006C386000.00000002.00000001.01000000.00000027.sdmp
        Source: Binary string: E:\distr\development\crashrpt\CrashRpt_v.1.4.3_r1645\bin\CrashSender.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtwinextras\lib\Qt5WinExtras.pdb00! source: icepdfeditor.exe, 0000001D.00000002.2065581136.000000006B596000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb,, source: icepdfeditor.exe, 0000001D.00000002.2067897717.000000006B5F7000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: icepdfeditor.exe, 0000001D.00000002.2053745689.000000006B3B7000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1979732769.0000000069FDD000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2080740262.000000006C386000.00000002.00000001.01000000.00000027.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2100854859.000000006FBB3000.00000002.00000001.01000000.0000002B.sdmp
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040A3B8 FindFirstFileA,GetLastError,19_2_0040A3B8
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040A07E FindFirstFileA,FindClose,19_2_0040A07E
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040A190 FindFirstFileA,FindClose,19_2_0040A190
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00406490 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,19_2_00406490
        Source: chrome.exeMemory has grown: Private usage: 7MB later: 28MB
        Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
        Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
        Source: Joe Sandbox ViewIP Address: 92.223.124.62 92.223.124.62
        Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
        Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.64
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=x9SUlfM75X4bzF8&MD=Foo2cD4g HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
        Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
        Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
        Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAVkny3l8ADmu2b%2BEKKgzCpdTAWFDUfQu6sWyczB%2BfWyiQm4dLJoGC3v2bPV21Kqef8rxlKD68%2BLYFpCyxvv8jPDVg6hQFB9x/VUkTw5FiK9YI6bQFpazgHSjzaKaJQurF%2BTLIGvKfusQS1iWjoRhE8zgVgtN9U85w06NQL/7LfhN6s5XGb8uQ4JrZGHEq8f5uf0EAJKrbX%2BdfzMCPGY6srpGMUfBCQ1h5IrPLf9IPd9LYJsr9vUNXZAN4fP/PYoSQOE9dF025nmqRozekVT7MBBhnWD6gKz4IGR4SV3igJaIRrlFmbaMFFZkahBmHv4BN/95jYoox6u9ikKlWI574LUQZgAAEHyBpcfvcRVb34lM2kYbMC6wATSCqNC9%2BSzjtig7VScBAHn/SP0CO04%2BclPjHV6QSG12UUzG0pflF%2BXwt9ft420zzNVL5KlixrnpPNRmvJuSKrTOQfedTaagQLvmLx9BYZeKNgqiT1IltQ2tixFvOhtBSpCzqQdwJdi/9LPYxc6N02NicgV5QzBpuOh7/RbB98wUSZgrPIpukABMa1ysLAlagyXOQM/fy//68h0F2lv9cFU7FLVY2MAxpqATUTLoqywbGCeKqCcAhDN%2BtxbGjg/pGKzeFZ8AKuZNwwGv/vG7u1Pi71iBwR2wo1NoRKUOb/uEeUxKo0u77uiWpMe5%2Bx0RG6l9UnY/0XYz9vdDsIIfPJ9fpxE7RP6hLxAb4Q39SEYfuc/SrK1ura%2BQc5hnCK0Yo92dqDQHc43/%2ByKmt2FbvrNPFBCWah62EjLXykT8Dx4p4D3R0Ux/d9j%2B5acObnVoy4POdtm6vLt58F%2BF6ki0nChZkj2A0EszEouSKlgc4A1dBFfg5Q/74Xhr%2BTF5SJkCuHVWwzT9m9UkzCw6Zgifu/O3bgjd7niGijpTmXIEpKgWjd2LINbl/WxwDZOdz5SVmdoB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1729773762User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: BC21A450E04C4969947AF78C26526D18X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
        Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=x9SUlfM75X4bzF8&MD=Foo2cD4g HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
        Source: global trafficHTTP traffic detected: GET /PDF-Editor/thankyou.html?v=3.27 HTTP/1.1Host: icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /www/images/content/thank2.svg HTTP/1.1Host: icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/thank.svg HTTP/1.1Host: icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/illustration-box.svg HTTP/1.1Host: icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/index.css?f12bd40a HTTP/1.1Host: static.icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://icecreamapps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/header-logo.svg HTTP/1.1Host: static.icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://icecreamapps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/icecreams_bg.svg HTTP/1.1Host: static.icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://icecreamapps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/thank2.svg HTTP/1.1Host: icecreamapps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/thank.svg HTTP/1.1Host: icecreamapps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/illustration-box.svg HTTP/1.1Host: icecreamapps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/icecreams_bg.svg HTTP/1.1Host: static.icecreamapps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/header-logo.svg HTTP/1.1Host: static.icecreamapps.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/webpack_sprite.css-0c046a40.712f8ffc.svg HTTP/1.1Host: static.icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.icecreamapps.com/www/index.css?f12bd40aAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/webpack_sprite2-bf5a251c.04e5ea75.svg HTTP/1.1Host: static.icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.icecreamapps.com/www/index.css?f12bd40aAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/star_bg.svg HTTP/1.1Host: static.icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.icecreamapps.com/www/index.css?f12bd40aAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/content/wave_bg.svg HTTP/1.1Host: static.icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.icecreamapps.com/www/index.css?f12bd40aAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/home-page-images/pdf-editor.png HTTP/1.1Host: static.icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://icecreamapps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: global trafficHTTP traffic detected: GET /www/images/home-page-images/video-editor.png HTTP/1.1Host: static.icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://icecreamapps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a40e799a863.45409504
        Source: icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: j04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
        Source: global trafficDNS traffic detected: DNS query: icecreamapps.com
        Source: global trafficDNS traffic detected: DNS query: static.icecreamapps.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
        Source: icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://bugreports.qt.io/
        Source: icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.Netsca
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/crashrpt/wiki/FAQ
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1435886831.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1440126752.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000018.00000003.1709866734.0000000002805000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.00000000035E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://counter-strike.com.ua/
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
        Source: Patch.exe, 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: http://fontawesome.io
        Source: Patch.exe, 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: http://fontawesome.io/license/
        Source: Patch.exe, 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1719881895.0000000002304000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1715138735.00000000023F4000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000018.00000003.1711123378.0000000002334000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1701495714.0000000002414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icecreamapps.com/PDF-Editor/
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1435886831.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1440126752.0000000003300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icecreamapps.com/PDF-Editor/Fhttp://icecreamapps.com/PDF-Editor/Fhttp://icecreamapps.com/PDF-
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1719881895.0000000002304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icecreamapps.com/PDF-Editor/QN0
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000018.00000003.1711123378.0000000002334000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icecreamapps.com/PDF-Editor/QN3
        Source: icepdfeditor.exe, 0000001D.00000003.1913766286.000000000162B000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1945397183.0000000001630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icecreamapps.com/act/crashfix/index.php/crashReport/uploadExternal
        Source: icepdfeditor.exe, 0000001D.00000002.1945785929.0000000001641000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1913766286.0000000001641000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1918843286.0000000001641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icecreamapps.com/act/crashfix/index.php/crashReport/uploadExternal:0
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://icecreamapps.com/act/crashfix/index.php/crashReport/uploadExternalCould
        Source: icepdfeditor.exe, 0000001D.00000002.1960167865.0000000006E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adC
        Source: icepdfeditor.exeString found in binary or memory: http://ns.ado
        Source: icepdfeditor.exeString found in binary or memory: http://ns.adobe
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://t2.symcb.com0
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crl0
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crt0
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tl.symcd.com0&
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1969043711.000000000A1BA000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1817899487.000000000A18C000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1865136845.000000000A1B8000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000003.1893304822.000000000A1BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updates.icecreamapps.com/check.php
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://updates.icecreamapps.com/check.phphttps://icecreamapps.comhttps://icecreamapps.com/PDF-Editor
        Source: icepdfeditor.exe, 0000001D.00000002.1960167865.0000000006E10000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2028019665.000000006AEAF000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
        Source: icepdfeditor.exe, 0000001D.00000002.1960167865.0000000006E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/N
        Source: icepdfeditor.exe, 0000001D.00000002.1944278540.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/iveEventnd:
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: icepdfeditor.exe, 0000001D.00000002.2028019665.000000006AEAF000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.color.org)
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1435886831.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1440126752.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000018.00000003.1711123378.0000000002220000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1701495714.0000000002300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000000.1438701182.0000000000401000.00000020.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.innosetup.com/
        Source: icepdfeditor.exe, 0000001D.00000003.1734374953.0000000004C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: icepdfeditor.exe, 0000001D.00000003.1734374953.0000000004C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/&
        Source: icepdfeditor.exe, 0000001D.00000003.1734374953.0000000004C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/-
        Source: icepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/C
        Source: icepdfeditor.exe, 0000001D.00000003.1734374953.0000000004C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/b
        Source: icepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
        Source: icepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/&
        Source: icepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/-
        Source: icepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/k
        Source: icepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/on
        Source: icepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/r
        Source: icepdfeditor.exe, 0000001D.00000003.1734374953.0000000004C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/x
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000000.1435155031.0000000000401000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1435886831.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1719881895.00000000022C1000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1440126752.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1704845723.0000000000883000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1704796702.0000000003733000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1701495714.0000000002300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.0000000003521000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mpegla.com
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1435886831.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1440126752.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000018.00000003.1711123378.0000000002220000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.00000000035E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.palkornel.hu/innosetup%1
        Source: icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.phreedom.org/md5)
        Source: icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.phreedom.org/md5)08:27
        Source: pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000000.1438701182.0000000000401000.00000020.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.remobjects.com/ps
        Source: icepdfeditor.exe, 0000001D.00000003.1761046440.0000000003E4B000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1910520523.0000000003E4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.c31
        Source: icepdfeditor.exe, 0000001D.00000003.1711553418.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1710437373.0000000004C99000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1710079274.0000000004C99000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1711915994.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1709402150.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1709646756.0000000004C9A000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1710283270.0000000004C99000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
        Source: icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: icepdfeditor.exe, 0000001D.00000002.2071954494.000000006B68A000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://curl.se/V
        Source: icepdfeditor.exe, 0000001D.00000002.2071338915.000000006B677000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
        Source: icepdfeditor.exe, 0000001D.00000002.2071954494.000000006B68A000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://curl.se/docs/copyright.htmlD
        Source: icepdfeditor.exe, 0000001D.00000002.2071338915.000000006B677000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
        Source: icepdfeditor.exe, 0000001D.00000002.2071338915.000000006B677000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://data.icecreamapps.com
        Source: icepdfeditor.exe, 0000001D.00000003.1890727567.0000000003E25000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1952704771.0000000003E25000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1764982543.0000000003E0E000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1911993165.0000000003E23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://data.icecreamapps.com-
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://data.icecreamapps.com/?pid=%1&ver=%2&dev=%3Send
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://google.ru
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://google.ruSome
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, Patch.exe, Patch.exe, 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://icecreamapps.com
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://icecreamapps.com/Howto/how-to-make-icecream-pdf-editor-your-default-PDF-reader.html
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1701495714.0000000002414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000003.1918222447.000000000A06D000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/changelog.html
        Source: icepdfeditor.exe, 0000001D.00000003.1918222447.000000000A06D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/changelog.htmlBs
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1704845723.0000000000883000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1451721184.00000000033EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.00000000035AC000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000002.1706424936.0000000000883000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.00000000035BB000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1704845723.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27#wdG
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1704845723.0000000000883000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000002.1706424936.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27=prF
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000002.1705675028.00000000006E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27C:
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27X
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27h
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27r
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27u
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27x
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.0000000003521000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/uninstall.html?v=3.27
        Source: icepdfeditor.exe, 0000001D.00000003.1918222447.000000000A06D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/upgrade.html1)
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1944278540.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/upgrade.html?v=%1&t=%2
        Source: icepdfeditor.exe, 0000001D.00000003.1826516467.000000000A2F7000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1860500985.000000000A2F6000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1817899487.000000000A2CE000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1867303496.000000000A2F7000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1917400279.000000000A2F7000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1898061898.000000000A2F7000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1893655796.000000000A2F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/PDF-Editor/upgrade.html?v=3.27&t=9Ztt_3
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://icecreamapps.com/act/license.php
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://icecreamapps.com/act/license.phphttps://icecreamapps.com/go/license_date.phpInvalid
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://icecreamapps.com/go/help.php?prod=pde
        Source: icepdfeditor.exe, 0000001D.00000003.1913766286.000000000162B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.com/go/help.php?prod=pdes8
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://icecreamapps.com/go/license_date.php
        Source: Patch.exe, 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: https://icecreamapps.comU
        Source: icepdfeditor.exe, 0000001D.00000003.1913766286.000000000162B000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1945397183.0000000001630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://icecreamapps.comq
        Source: Patch.exe, Patch.exe, 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Patch.exe, 00000013.00000002.2329481554.000000000256C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ko-fi.com/radixx11
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://mail.ru
        Source: Patch.exe, 00000013.00000002.2329481554.000000000256C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://radixx11rce3.blogspot.com
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
        Source: Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
        Source: icepdfeditor.exe, 0000001D.00000002.2095573440.000000006C5F0000.00000002.00000001.01000000.00000020.sdmp, icepdfeditor.exe, 0000001D.00000002.2100049924.000000006C681000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://www.openssl.org/H
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/cps0/
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/repository0W
        Source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://ya.ru
        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49697 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49705 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49706 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.17:49708 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49709 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 2.23.209.154:443 -> 192.168.2.17:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49713 version: TLS 1.2
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00407EAE OpenClipboard,19_2_00407EAE
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00407F5E SetClipboardData,19_2_00407F5E
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00407C0E GetClipboardData,19_2_00407C0E
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00407BDE GetAsyncKeyState,19_2_00407BDE
        Source: Yara matchFile source: Process Memory Space: Patch.exe PID: 7148, type: MEMORYSTR
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeFile created: C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\sx.datJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00407AE6 NtdllDefWindowProc_A,19_2_00407AE6
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040236419_2_00402364
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00405E2019_2_00405E20
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E6924429_3_03E69244
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E6924429_3_03E69244
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_0632F18A29_3_0632F18A
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E6924429_3_03E69244
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E6924429_3_03E69244
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_06434FE029_3_06434FE0
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_06434FE029_3_06434FE0
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_063216CB29_3_063216CB
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_06434FE029_3_06434FE0
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_06434FE029_3_06434FE0
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: String function: 00411D24 appears 34 times
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: String function: 00404D38 appears 69 times
        Source: pdf_editor_setup_Downloadly.ir.tmp.21.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: pdf_editor_setup_Downloadly.ir.tmp.21.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
        Source: pdf_editor_setup_Downloadly.ir.tmp.24.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: pdf_editor_setup_Downloadly.ir.tmp.24.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
        Source: is-35OOR.tmp.25.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: is-35OOR.tmp.25.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
        Source: is-JVLRB.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-6QUBS.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-2NJ94.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-GG0V7.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-U9H98.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-H0PO3.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-7BQVT.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-GM1JG.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-3K7GS.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-VE7S6.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-6T20U.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-D4QJJ.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-FTNRU.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-SP875.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-MHP3S.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-EPR7I.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-PHFLI.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-0D98S.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-TH7JO.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-VLJUB.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-69TKB.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-GSK92.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-NVQPH.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-NOVTB.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-OCGTL.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-5TRC1.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-4J866.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-004SO.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-GJHED.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-GFA8N.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-SCUOF.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-GHL0F.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-EIH23.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-TE02E.tmp.25.drStatic PE information: No import functions for PE file found
        Source: is-8A9MI.tmp.25.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
        Source: classification engineClassification label: sus36.winZIP@29/233@10/5
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040A62A GetDiskFreeSpaceA,19_2_0040A62A
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00410616 CoCreateInstance,19_2_00410616
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0041C724 FindResourceA,19_2_0041C724
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeFile created: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe.BAKJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeMutant created: NULL
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeMutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/local/temp/qtsingleapp-icepdf-b4e9-1-lockfile
        Source: C:\Windows\System32\Taskmgr.exeMutant created: \Sessions\1\BaseNamedObjects\Local\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeMutant created: \Sessions\1\BaseNamedObjects\Patch.exe_IcecreamAppsPatch_2.3.0.2
        Source: C:\Windows\System32\Taskmgr.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4352:120:WilError_03
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeFile created: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmpJump to behavior
        Source: Yara matchFile source: 19.2.Patch.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
        Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe"
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe"
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe"
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe"
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe"
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess created: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp "C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$60464,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$10480 /NOTIFYWND=$60464
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp "C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$30476,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$10480 /NOTIFYWND=$60464
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1904,i,13854701791661007299,5941582953959067631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess created: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe "C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe" -inst
        Source: unknownProcess created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4
        Source: unknownProcess created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess created: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp "C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$60464,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess created: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe "C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe" -instJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp "C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$30476,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$10480 /NOTIFYWND=$60464 Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1904,i,13854701791661007299,5941582953959067631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: dwrite.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: libcurl.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: crashrpt1403.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5svg.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5widgets.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5winextras.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5gui.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5network.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5core.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: colorui.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: mscms.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: coloradapterclient.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: compstui.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: inetres.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: websocket.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: riched32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: dwrite.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: libcurl.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: crashrpt1403.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5svg.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5widgets.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5winextras.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5gui.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5network.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: qt5core.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: pcacli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: msftedit.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: windows.globalization.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: bcp47mrm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: globinputhost.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: windows.ui.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: windowmanagementapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: inputhost.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: explorerframe.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: linkinfo.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: ntshrui.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: ieframe.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: mlang.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: policymanager.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: dwrite.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: libcurl.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: crashrpt1403.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5svg.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5widgets.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5winextras.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5gui.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5network.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5core.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: version.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msvcp120.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msvcr120.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5widgets.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5gui.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5core.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5gui.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5core.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: qt5core.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msvcp140_1.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: d3d11.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: dxgi.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: version.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msvcp140_1.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msvcr120.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: dbghelp.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: d3d9.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: libcrypto-1_1.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: netprofm.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: npmproxy.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: fontsub.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: dataexchange.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: dcomp.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: Icecream PDF Editor 3.lnk.25.drLNK file: ..\..\..\..\..\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
        Source: Icecream PDF Editor 3.lnk0.25.drLNK file: ..\..\..\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeWindow found: window name: TMainFormJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeFile opened: C:\Windows\SysWOW64\RICHED32.DLLJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND ICECREAM APPS LIMITED ("ICECREAMAPPS.COM"). USE OF THE SOFTWARE PROVIDED WITH THIS EULA (THE "SOFTWARE") CONSTITUTES YOUR ACCEPTANCE OF THESE TERMS. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT INSTALL AND/OR USE THIS SOFTWARE. BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. 1. LICENSE GRANT. The Software is licensed on per user basis not per computer site or company. This license is not transferable to any other system or to another organization or individual. You are not allowed to remove any proprietary notices or labels from the SOFTWARE. The PRO license can be used on ONE computer belonging to ONE user. The PRO license applies to the version of the program on which it is activated.2. WARRANTY DISCLAIMER. THIS SOFTWARE AND ANY RELATED DOCUMENTATION is PROVIDED "AS IS" AND COMES WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OR MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THE USE AND PERFORMANCE OF THIS SOFTWARE ARE SOLELY AT YOUR OWN RISK.3. FREE USE. You may install and use the SOFTWARE free of charge for personal educational (non-profit) use. In these cases you are granted the right to use and to make an unlimited number of copies of this software. Some features of the SOFTWARE may be limited or unavailable in free version of the SOFTWARE. To enable all the features you need to upgrade the SOFTWARE to PRO version. Full list of limited features is presented on Upgrade page of the SOFTWARE at icecreamapps.com.4. COMMERCIAL USE. For usage in corporate or commercial environment you will need to upgrade the SOFTWARE to PRO version by obtaining an activation key at icecreamapps.com. 5. REVERSE ENGINEERING. You agree that you will not attempt to reverse compile modify translate or disassemble the Software in whole or in part. 6. COPYRIGHT. The SOFTWARE is intellectual property of Icecream Apps Ltd and is protected by law. You acknowledge that all intellectual property rights in the SOFTWARE anywhere in the world belong to Icecream Apps Ltd that rights in the SOFTWARE are licensed (not sold) to you and that you have no rights in or to the SOFTWARE other than the right to use them in accordance with the terms of this License. You are not allowed to resell charge for rent lease loan sublicense or assign the SOFTWARE or any copy thereof including any related documentation.7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ICECREAM APPS LTD BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (IN
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND ICECREAM APPS LIMITED ("ICECREAMAPPS.COM"). USE OF THE SOFTWARE PROVIDED WITH THIS EULA (THE "SOFTWARE") CONSTITUTES YOUR ACCEPTANCE OF THESE TERMS. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT INSTALL AND/OR USE THIS SOFTWARE. BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. 1. LICENSE GRANT. The Software is licensed on per user basis not per computer site or company. This license is not transferable to any other system or to another organization or individual. You are not allowed to remove any proprietary notices or labels from the SOFTWARE. The PRO license can be used on ONE computer belonging to ONE user. The PRO license applies to the version of the program on which it is activated.2. WARRANTY DISCLAIMER. THIS SOFTWARE AND ANY RELATED DOCUMENTATION is PROVIDED "AS IS" AND COMES WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OR MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THE USE AND PERFORMANCE OF THIS SOFTWARE ARE SOLELY AT YOUR OWN RISK.3. FREE USE. You may install and use the SOFTWARE free of charge for personal educational (non-profit) use. In these cases you are granted the right to use and to make an unlimited number of copies of this software. Some features of the SOFTWARE may be limited or unavailable in free version of the SOFTWARE. To enable all the features you need to upgrade the SOFTWARE to PRO version. Full list of limited features is presented on Upgrade page of the SOFTWARE at icecreamapps.com.4. COMMERCIAL USE. For usage in corporate or commercial environment you will need to upgrade the SOFTWARE to PRO version by obtaining an activation key at icecreamapps.com. 5. REVERSE ENGINEERING. You agree that you will not attempt to reverse compile modify translate or disassemble the Software in whole or in part. 6. COPYRIGHT. The SOFTWARE is intellectual property of Icecream Apps Ltd and is protected by law. You acknowledge that all intellectual property rights in the SOFTWARE anywhere in the world belong to Icecream Apps Ltd that rights in the SOFTWARE are licensed (not sold) to you and that you have no rights in or to the SOFTWARE other than the right to use them in accordance with the terms of this License. You are not allowed to resell charge for rent lease loan sublicense or assign the SOFTWARE or any copy thereof including any related documentation.7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ICECREAM APPS LTD BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (IN
        Source: Archive.zipStatic file information: File size 25201421 > 1048576
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2078018129.000000006C31E000.00000002.00000001.01000000.0000002A.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2101748504.000000006FBD3000.00000002.00000001.01000000.00000028.sdmp
        Source: Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1h\libcrypto-1_1.pdb source: icepdfeditor.exe, 0000001D.00000002.2090008272.000000006C5BF000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: d:\agent\_work\6\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.1988715143.000000006A461000.00000020.00000001.01000000.00000018.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: icepdfeditor.exe, 0000001D.00000002.2001625548.000000006A902000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2078018129.000000006C31E000.00000002.00000001.01000000.0000002A.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: icepdfeditor.exe, 0000001D.00000002.2102244107.000000006FBE4000.00000002.00000001.01000000.00000026.sdmp
        Source: Binary string: d:\agent\_work\6\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.2100429892.000000006C7B1000.00000020.00000001.01000000.0000001B.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: icepdfeditor.exe, 0000001D.00000002.2103264195.000000006FC45000.00000002.00000001.01000000.00000024.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: D:\Work\PdfEditor\icepdfeditor-Desktop_Qt_5_15_1_MSVC2019_32bit\bin\icepdfeditor.pdb source: icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000F02000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.00000000010A2000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2101290482.000000006FBC3000.00000002.00000001.01000000.00000029.sdmp
        Source: Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1h\libssl-1_1.pdb@@ source: icepdfeditor.exe, 0000001D.00000002.2099319800.000000006C660000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb''! source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1971413309.0000000069E86000.00000002.00000001.01000000.0000001D.sdmp
        Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USE_32BIT_TIME_T -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0501 source: icepdfeditor.exe, 0000001D.00000002.2090008272.000000006C556000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: icepdfeditor.exe, 0000001D.00000002.2067897717.000000006B5F7000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: icepdfeditor.exe, 0000001D.00000002.2102793776.000000006FC36000.00000002.00000001.01000000.00000025.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb!! source: icepdfeditor.exe, 0000001D.00000002.2103264195.000000006FC45000.00000002.00000001.01000000.00000024.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1971413309.0000000069E86000.00000002.00000001.01000000.0000001D.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2075960195.000000006C2B7000.00000002.00000001.01000000.0000002C.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb"" source: icepdfeditor.exe, 0000001D.00000002.2102244107.000000006FBE4000.00000002.00000001.01000000.00000026.sdmp
        Source: Binary string: msvcr120.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.1982989536.000000006A2F1000.00000020.00000001.01000000.0000001A.sdmp
        Source: Binary string: msvcp120.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.1986865023.000000006A3E1000.00000020.00000001.01000000.00000019.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbV source: icepdfeditor.exe, 0000001D.00000002.2001625548.000000006A902000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtwinextras\lib\Qt5WinExtras.pdb source: icepdfeditor.exe, 0000001D.00000002.2065581136.000000006B596000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: D:\CFILES\Projects\WinSSL\openssl-1.1.1h\libssl-1_1.pdb source: icepdfeditor.exe, 0000001D.00000002.2099319800.000000006C660000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: icepdfeditor.exe, 0000001D.00000002.2028019665.000000006AEAF000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: d:\agent\_work\6\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: icepdfeditor.exe, 0000001D.00000002.1989207627.000000006A481000.00000020.00000001.01000000.00000017.sdmp
        Source: Binary string: @ compiler: cl /Z7 /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USE_32BIT_TIME_T -D_USING_V110_SDK71_ -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_WIN32_WINNT=0x0501OpenSSL 1.1.1h 22 Sep 2020built on: Wed Sep 23 11:25:01 2020 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not availabledes(long) source: icepdfeditor.exe, 0000001D.00000002.2090008272.000000006C556000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: E:\distr\development\crashrpt\CrashRpt_v.1.4.3_r1645\bin\CrashRpt1403.pdb source: icepdfeditor.exe, 0000001D.00000002.2073061037.000000006B6AF000.00000002.00000001.01000000.0000000F.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2080740262.000000006C386000.00000002.00000001.01000000.00000027.sdmp
        Source: Binary string: E:\distr\development\crashrpt\CrashRpt_v.1.4.3_r1645\bin\CrashSender.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtwinextras\lib\Qt5WinExtras.pdb00! source: icepdfeditor.exe, 0000001D.00000002.2065581136.000000006B596000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb,, source: icepdfeditor.exe, 0000001D.00000002.2067897717.000000006B5F7000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: icepdfeditor.exe, 0000001D.00000002.2053745689.000000006B3B7000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1979732769.0000000069FDD000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2080740262.000000006C386000.00000002.00000001.01000000.00000027.sdmp
        Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.2100854859.000000006FBB3000.00000002.00000001.01000000.0000002B.sdmp
        Source: is-GJHED.tmp.25.drStatic PE information: 0x6F524192 [Thu Mar 8 10:55:14 2029 UTC]
        Source: is-H1NLV.tmp.25.drStatic PE information: section name: .didata
        Source: is-KV5AF.tmp.25.drStatic PE information: section name: .00cfg
        Source: is-JNCTP.tmp.25.drStatic PE information: section name: .00cfg
        Source: is-T3UFK.tmp.25.drStatic PE information: section name: .didat
        Source: is-KOOGP.tmp.25.drStatic PE information: section name: _RDATA
        Source: is-8A9MI.tmp.25.drStatic PE information: section name: .qtmimed
        Source: is-GKK4N.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-7CFBI.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-9D65U.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-G0A35.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-UEUJE.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-D9HS6.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-G4PS3.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-POG0R.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-Q1DIU.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-PGJGK.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-MKJLC.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-TP8U8.tmp.25.drStatic PE information: section name: .qtmetad
        Source: is-FGB9V.tmp.25.drStatic PE information: section name: .didata
        Source: is-7K6P0.tmp.25.drStatic PE information: section name: .00cfg
        Source: is-GUEVQ.tmp.25.drStatic PE information: section name: .00cfg
        Source: is-K9P18.tmp.25.drStatic PE information: section name: .didat
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0041B900 push ecx; mov dword ptr [esp], edx19_2_0041B905
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_004080C8 push ecx; mov dword ptr [esp], eax19_2_004080C9
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0041E1AC push ecx; mov dword ptr [esp], edx19_2_0041E1AD
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_004243CC push ecx; mov dword ptr [esp], edx19_2_004243CE
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040F40C push ecx; mov dword ptr [esp], edx19_2_0040F411
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_004096C4 push ecx; mov dword ptr [esp], ecx19_2_004096C9
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0041B6BC push ecx; mov dword ptr [esp], eax19_2_0041B6BD
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0041873C push 004187B2h; ret 19_2_004187AA
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_004188EC push ecx; mov dword ptr [esp], ecx19_2_004188EF
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_004039A4 push eax; ret 19_2_004039E0
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00419AEC push 00419B39h; ret 19_2_00419B31
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0041BB5C push ecx; mov dword ptr [esp], edx19_2_0041BB61
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00418BC8 push ecx; mov dword ptr [esp], ecx19_2_00418BCA
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040FC56 push 0040FDF3h; ret 19_2_0040FDEB
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0041BC7C push ecx; mov dword ptr [esp], edx19_2_0041BC81
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0041BCC0 push ecx; mov dword ptr [esp], edx19_2_0041BCC5
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00406FA6 push 00407003h; ret 19_2_00406FFB
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4E6E1 push eax; retf 29_3_03E4E6E2
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4E6E9 push ebx; retf 29_3_03E4E6EA
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4E6F1 push esp; retf 29_3_03E4E6F2
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4E6D1 push ebx; retf 29_3_03E4E6D2
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4E6B7 push 58A00628h; retf 29_3_03E4E6CA
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4DB38 push E80169C4h; ret 29_3_03E4DB4D
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_07208480 pushad ; iretd 29_3_07208489
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_063B3DB0 push es; retf 29_3_063B3DB8
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_063B3DB0 push es; retf 29_3_063B3DB8
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_063B3DB0 push es; retf 29_3_063B3DB8
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4E6E1 push eax; retf 29_3_03E4E6E2
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4E6E9 push ebx; retf 29_3_03E4E6EA
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4E6F1 push esp; retf 29_3_03E4E6F2
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_03E4E6D1 push ebx; retf 29_3_03E4E6D2
        Source: is-K0S4S.tmp.25.drStatic PE information: section name: .text entropy: 6.9566713846558015
        Source: is-VR24E.tmp.25.drStatic PE information: section name: .text entropy: 6.9566713846558015
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\is-GKK4N.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qicns.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\vcruntime140.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-TE02E.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-G0A35.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-string-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-FT92J.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-D9HS6.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeFile created: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe.BAKJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-Q1DIU.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Gui.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-7BQVT.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-K9P18.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-heap-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-GFA8N.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-utility-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\libssl-1_1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-PSCCV.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-8A9MI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\libcurl.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\libcrypto-1_1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qico.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\msvcp140.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-GG0V7.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-LMRD4.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-5N01T.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-U9H98.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\msvcp120.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-GHL0F.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-3F3D0.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qgif.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-processthreads-l1-1-1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwbmp.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Network.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-PGJGK.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-7K6P0.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\msvcr120.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-PLRSO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-OCGTL.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-FOAUC.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-D4QJJ.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-004SO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-GSK92.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-POG0R.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-U0GF3.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-69TKB.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-5O9IO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-VLJUB.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\platforms\qwindows.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-35OOR.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-KV5AF.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-locale-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\ucrtbase.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-math-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\styles\is-TP8U8.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-GJHED.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-timezone-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-6QUBS.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-JUER8.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-TH7JO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qjpeg.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-K0S4S.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-BK6QE.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-NVQPH.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-G4PS3.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeFile created: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Widgets.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-011CA.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-6T20U.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-U33GO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\unins000.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-O4ELI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-PO3O3.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\pdfcore-x86.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-UEUJE.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Core.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-0D98S.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-filesystem-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\CrashRpt1403.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-KOOGP.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\styles\qwindowsvistastyle.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-7CFBI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-GM1JG.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-PHFLI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-VE7S6.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-runtime-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-5KAL2.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-5MTU0.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-AMO6P.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-RMKFS.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-MHP3S.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-T8QF6.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeFile created: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-H1NLV.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-EIH23.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtga.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-SP875.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-CB7I0.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-FTNRU.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\qsvgicon.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\CrashSender1403.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-SCUOF.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-stdio-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-5TRC1.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Svg.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-HV7CU.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Users\user\AppData\Local\Temp\is-7P1O9.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-INMGP.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-NOVTB.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\DebenuPDFLibraryDLL1212.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-convert-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-EPR7I.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-KLIKV.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-NBL3T.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-8S8ID.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-localization-l1-2-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-T3UFK.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5WinExtras.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qsvg.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-9D65U.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-time-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-H0PO3.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-3K7GS.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-environment-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwebp.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-2NJ94.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-I02TO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l1-2-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-JNCTP.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\msvcp140_1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-JVLRB.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtiff.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-FGB9V.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\platforms\is-MKJLC.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-VR24E.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-4J866.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l2-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-synch-l1-2-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\Program Files (x86)\Icecream PDF Editor 3\is-GUEVQ.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeFile created: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe.BAKJump to dropped file

        Boot Survival

        barindex
        Monitors registry run keys for changes
        Source: C:\Windows\System32\Taskmgr.exeRegistry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeRegistry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream PDF Editor 3.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00407DEE IsIconic,19_2_00407DEE
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeCode function: 29_3_06321585 sldt word ptr [eax]29_3_06321585
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeWindow / User API: threadDelayed 9974Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\is-GKK4N.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qicns.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-TE02E.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-G0A35.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-string-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-FT92J.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-D9HS6.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-Q1DIU.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-7BQVT.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-heap-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-K9P18.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-utility-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-GFA8N.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\libssl-1_1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-PSCCV.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-8A9MI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qico.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-GG0V7.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-LMRD4.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-U9H98.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-GHL0F.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-3F3D0.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qgif.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwbmp.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-processthreads-l1-1-1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-PGJGK.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-7K6P0.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-OCGTL.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-PLRSO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-FOAUC.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-D4QJJ.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-GSK92.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-004SO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-POG0R.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-U0GF3.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-69TKB.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-5O9IO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\platforms\qwindows.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-VLJUB.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-KV5AF.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-locale-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-math-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\styles\is-TP8U8.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-GJHED.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-timezone-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-6QUBS.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-JUER8.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-TH7JO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qjpeg.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-K0S4S.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-BK6QE.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-NVQPH.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-G4PS3.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-011CA.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-6T20U.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-U33GO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-O4ELI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-PO3O3.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\pdfcore-x86.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-UEUJE.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-0D98S.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-filesystem-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-KOOGP.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\styles\qwindowsvistastyle.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-GM1JG.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-7CFBI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-VE7S6.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-PHFLI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-runtime-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-5KAL2.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-AMO6P.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-5MTU0.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-RMKFS.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-MHP3S.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-T8QF6.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-H1NLV.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-EIH23.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtga.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-SP875.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-CB7I0.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-FTNRU.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\qsvgicon.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\CrashSender1403.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-stdio-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-SCUOF.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-5TRC1.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-HV7CU.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-INMGP.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-7P1O9.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-NOVTB.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\DebenuPDFLibraryDLL1212.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-convert-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-EPR7I.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-KLIKV.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-NBL3T.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-8S8ID.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-localization-l1-2-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qsvg.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-T3UFK.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-time-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-9D65U.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-H0PO3.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-3K7GS.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-environment-l1-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwebp.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-2NJ94.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l1-2-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-JNCTP.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-JVLRB.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtiff.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-FGB9V.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\platforms\is-MKJLC.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-VR24E.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-4J866.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l2-1-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-synch-l1-2-0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpDropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-GUEVQ.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeAPI coverage: 6.0 %
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040A3B8 FindFirstFileA,GetLastError,19_2_0040A3B8
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040A07E FindFirstFileA,FindClose,19_2_0040A07E
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040A190 FindFirstFileA,FindClose,19_2_0040A190
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00406490 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,19_2_00406490
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040757E GetSystemInfo,19_2_0040757E
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000002.1717250638.000000000086B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
        Source: pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000002.1717250638.000000000086B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: icepdfeditor.exe, 0000001D.00000002.2035609545.000000006B0BF000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: j.?AVQEmulationPaintEngine@@
        Source: Patch.exe, 00000013.00000002.2320910640.0000000000917000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
        Source: icepdfeditor.exe, 0000001D.00000002.2035609545.000000006B0BF000.00000008.00000001.01000000.00000015.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeAPI call chain: ExitProcess graph end nodegraph_19-15789
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess created: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp "c:\users\user\appdata\local\temp\is-sdsto.tmp\pdf_editor_setup_downloadly.ir.tmp" /sl5="$60464,22152334,238080,c:\users\user\appdata\local\temp\temp1_mde_file_sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_downloadly.ir.exe"
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp "c:\users\user\appdata\local\temp\is-3u6n3.tmp\pdf_editor_setup_downloadly.ir.tmp" /sl5="$30476,22152334,238080,c:\users\user\appdata\local\temp\temp1_mde_file_sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_downloadly.ir.exe" /spawnwnd=$10480 /notifywnd=$60464
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess created: C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp "c:\users\user\appdata\local\temp\is-sdsto.tmp\pdf_editor_setup_downloadly.ir.tmp" /sl5="$60464,22152334,238080,c:\users\user\appdata\local\temp\temp1_mde_file_sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_downloadly.ir.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp "c:\users\user\appdata\local\temp\is-3u6n3.tmp\pdf_editor_setup_downloadly.ir.tmp" /sl5="$30476,22152334,238080,c:\users\user\appdata\local\temp\temp1_mde_file_sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_downloadly.ir.exe" /spawnwnd=$10480 /notifywnd=$60464 Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00407298 AllocateAndInitializeSid,RegCreateKeyExA,RegQueryValueExA,CopyFileA,CreateMutexA,19_2_00407298
        Source: Patch.exe, 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Shell_TrayWndSVW
        Source: Patch.exe, Patch.exe, 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Shell_TrayWnd
        Source: Patch.exe, 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,19_2_00406654
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: GetLocaleInfoA,19_2_0040D2E8
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: GetLocaleInfoA,19_2_0040D29C
        Source: C:\Windows\System32\Taskmgr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmpQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\platforms\qwindows.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\styles\qwindowsvistastyle.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_en.qm VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qgif.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qicns.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qico.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qjpeg.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qsvg.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtga.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwbmp.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwebp.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeQueries volume information: C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\ProgramData\Microsoft\User Account Pictures\user.png VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\System32\RuntimeBroker.exe VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\System32\RuntimeBroker.exe VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\System32\RuntimeBroker.exe VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200.png VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\MediumTile.scale-100.png VolumeInformationJump to behavior
        Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040BBCC GetLocalTime,19_2_0040BBCC
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00407386 GetUserNameA,19_2_00407386
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_00407596 GetTimeZoneInformation,19_2_00407596
        Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exeCode function: 19_2_0040E290 GetVersionExA,19_2_0040E290
        Source: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Command and Scripting Interpreter        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		11
        Input Capture        		2
        System Time Discovery        		Remote Services11
        Archive Collected Data        		1
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Registry Run Keys / Startup Folder        		1
        Extra Window Memory Injection        		3
        Obfuscated Files or Information        		LSASS Memory1
        Account Discovery        		Remote Desktop Protocol11
        Input Capture        		11
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)12
        Process Injection        		2
        Software Packing        		Security Account Manager2
        File and Directory Discovery        		SMB/Windows Admin Shares3
        Clipboard Data        		3
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        Registry Run Keys / Startup Folder        		1
        Timestomp        		NTDS46
        System Information Discovery        		Distributed Component Object ModelInput Capture4
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        DLL Side-Loading        		LSA Secrets11
        Query Registry        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Extra Window Memory Injection        		Cached Domain Credentials11
        Security Software Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
        Masquerading        		DCSync2
        Virtualization/Sandbox Evasion        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
        Virtualization/Sandbox Evasion        		Proc Filesystem2
        Process Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
        Process Injection        		/etc/passwd and /etc/shadow11
        Application Window Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
        Rundll32        		Network Sniffing3
        System Owner/User Discovery        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 process2 2 Behavior Graph ID: 1541176 Sample: Archive.zip Startdate: 24/10/2024 Architecture: WINDOWS Score: 36 9 pdf_editor_setup_Downloadly.ir.exe 2 2->9         started        12 Taskmgr.exe 1 14 2->12         started        15 Patch.exe 4 2->15         started        17 5 other processes 2->17 file3 37 C:\...\pdf_editor_setup_Downloadly.ir.tmp, PE32 9->37 dropped 19 pdf_editor_setup_Downloadly.ir.tmp 1 9->19         started        59 Monitors registry run keys for changes 12->59 39 C:\...\icepdfeditor.exe.BAK, PE32 15->39 dropped signatures4 process5 process6 21 pdf_editor_setup_Downloadly.ir.exe 2 19->21         started        24 icepdfeditor.exe 3 39 19->24         started        file7 35 C:\...\pdf_editor_setup_Downloadly.ir.tmp, PE32 21->35 dropped 26 pdf_editor_setup_Downloadly.ir.tmp 44 135 21->26         started        process8 file9 41 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 26->41 dropped 43 C:\...\vcruntime140.dll (copy), PE32 26->43 dropped 45 C:\...\unins000.exe (copy), PE32 26->45 dropped 47 134 other files (none is malicious) 26->47 dropped 29 chrome.exe 8 26->29         started        process10 dnsIp11 55 192.168.2.17, 137, 138, 443 unknown unknown 29->55 57 239.255.255.250 unknown Reserved 29->57 32 chrome.exe 29->32         started        process12 dnsIp13 49 icecreamapps.com 37.58.52.149, 443, 49715, 49720 LEASEWEB-DE-FRA-10DE Germany 32->49 51 www.google.com 142.250.181.228, 443, 49745 GOOGLEUS United States 32->51 53 3 other IPs or domains 32->53

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\Icecream PDF Editor 3\CrashRpt1403.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\CrashSender1403.exe (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\DebenuPDFLibraryDLL1212.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Core.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Gui.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Network.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Svg.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Widgets.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5WinExtras.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l1-2-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l2-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-localization-l1-2-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-processthreads-l1-1-1.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-synch-l1-2-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-timezone-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-convert-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-environment-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-filesystem-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-heap-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-locale-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-math-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-runtime-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-stdio-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-string-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-time-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-utility-l1-1-0.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe.BAK0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\is-GKK4N.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\qsvgicon.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-7CFBI.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-9D65U.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-D9HS6.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-G0A35.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-G4PS3.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-PGJGK.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-POG0R.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-Q1DIU.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-UEUJE.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qgif.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qicns.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qico.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qjpeg.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qsvg.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtga.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtiff.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwbmp.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwebp.dll (copy)0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-004SO.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-011CA.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-0D98S.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-2NJ94.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-35OOR.tmp4%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-3F3D0.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-3K7GS.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-4J866.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-5KAL2.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-5MTU0.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-5N01T.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-5O9IO.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-5TRC1.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-69TKB.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-6QUBS.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-6T20U.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-7BQVT.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-7K6P0.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-8A9MI.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-8S8ID.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-AMO6P.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-BK6QE.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-CB7I0.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-D4QJJ.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-EIH23.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-EPR7I.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-FGB9V.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-FOAUC.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-FT92J.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-FTNRU.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-GFA8N.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-GG0V7.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-GHL0F.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-GJHED.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-GM1JG.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-GSK92.tmp0%ReversingLabs
        C:\Program Files (x86)\Icecream PDF Editor 3\is-GUEVQ.tmp0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://fontawesome.io0%URL Reputationsafe
        http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#0%URL Reputationsafe
        http://www.fontbureau.com/designers0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#0%URL Reputationsafe
        http://www.innosetup.com/0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.fontbureau.com/designers/frere-jones.html0%URL Reputationsafe
        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z0%URL Reputationsafe
        http://www.fontbureau.com/designersG0%URL Reputationsafe
        http://www.fontbureau.com/designers/?0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        http://www.fontbureau.com/designers?0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl00%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
        http://www.fonts.com0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.fontbureau.com0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        icecreamapps.com
        		37.58.52.149
        		truefalse
          		unknown
          www.google.com
          		142.250.181.228
          		truefalse
            		unknown
            cl-2d703670.gcdn.co
            		92.223.124.62
            		truefalse
              		unknown
              static.icecreamapps.com
              		unknown
              		unknownfalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://static.icecreamapps.com/www/images/content/wave_bg.svgfalse
                  		unknown
                  https://static.icecreamapps.com/www/webpack_sprite.css-0c046a40.712f8ffc.svgfalse
                    		unknown
                    https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27false
                      		unknown
                      https://static.icecreamapps.com/www/images/home-page-images/pdf-editor.pngfalse
                        		unknown
                        https://static.icecreamapps.com/www/webpack_sprite2-bf5a251c.04e5ea75.svgfalse
                          		unknown
                          https://static.icecreamapps.com/www/images/content/icecreams_bg.svgfalse
                            		unknown
                            https://static.icecreamapps.com/www/images/content/star_bg.svgfalse
                              		unknown
                              https://icecreamapps.com/www/images/content/thank.svgfalse
                                		unknown
                                https://static.icecreamapps.com/www/images/content/header-logo.svgfalse
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://fontawesome.ioPatch.exe, 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://icecreamapps.comicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, Patch.exe, Patch.exe, 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpfalse
                                    		unknown
                                    https://icecreamapps.com/PDF-Editor/uninstall.html?v=3.27pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.0000000003521000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://updates.icecreamapps.com/check.phpicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1969043711.000000000A1BA000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1817899487.000000000A18C000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1865136845.000000000A1B8000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000003.1893304822.000000000A1BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://www.fontbureau.com/designersicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://radixx11rce3.blogspot.comPatch.exe, 00000013.00000002.2329481554.000000000256C000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://bugreports.qt.io/icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmpfalse
                                            		unknown
                                            http://www.sajatypeworks.comicepdfeditor.exe, 0000001D.00000003.1711553418.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1710437373.0000000004C99000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1710079274.0000000004C99000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1711915994.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1709402150.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1709646756.0000000004C9A000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1710283270.0000000004C99000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://curl.se/docs/hsts.htmlicepdfeditor.exe, 0000001D.00000002.2071338915.000000006B677000.00000002.00000001.01000000.00000010.sdmpfalse
                                              		unknown
                                              http://www.founder.com.cn/cn/cTheicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://icecreamapps.com/go/help.php?prod=pdeicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                		unknown
                                                https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27hpdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27rpdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://ns.adoicepdfeditor.exefalse
                                                      		unknown
                                                      http://www.jiyu-kobo.co.jp/-icepdfeditor.exe, 0000001D.00000003.1734374953.0000000004C85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://google.ruicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                          		unknown
                                                          http://updates.icecreamapps.com/check.phphttps://icecreamapps.comhttps://icecreamapps.com/PDF-Editoricepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                            		unknown
                                                            http://www.galapagosdesign.com/DPleaseicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://icecreamapps.com/PDF-Editor/upgrade.html?v=3.27&t=9Ztt_3icepdfeditor.exe, 0000001D.00000003.1826516467.000000000A2F7000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1860500985.000000000A2F6000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1817899487.000000000A2CE000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1867303496.000000000A2F7000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1917400279.000000000A2F7000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1898061898.000000000A2F7000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1893655796.000000000A2F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://icecreamapps.com/PDF-Editor/Fhttp://icecreamapps.com/PDF-Editor/Fhttp://icecreamapps.com/PDF-pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1435886831.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1440126752.0000000003300000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://icecreamapps.com/PDF-Editor/pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1719881895.0000000002304000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1715138735.00000000023F4000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000018.00000003.1711123378.0000000002334000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1701495714.0000000002414000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://icecreamapps.com/PDF-Editor/changelog.htmlicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000003.1918222447.000000000A06D000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                    		unknown
                                                                    https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27updf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://www.jiyu-kobo.co.jp/&icepdfeditor.exe, 0000001D.00000003.1734374953.0000000004C85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://www.palkornel.hu/innosetup%1pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1435886831.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1440126752.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000018.00000003.1711123378.0000000002220000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.00000000035E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://www.urwpp.deDPleaseicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://icecreamapps.com/PDF-Editor/changelog.htmlBsicepdfeditor.exe, 0000001D.00000003.1918222447.000000000A06D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.zhongyicts.com.cnicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27xpdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://google.ruSomeicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                		unknown
                                                                                https://data.icecreamapps.com/?pid=%1&ver=%2&dev=%3Sendicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                  		unknown
                                                                                  http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.innosetup.com/pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000000.1438701182.0000000000401000.00000020.00000001.01000000.0000000A.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://icecreamapps.com/act/license.phpicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                    		unknown
                                                                                    http://www.phreedom.org/md5)icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                      		unknown
                                                                                      https://icecreamapps.com/PDF-Editor/upgrade.html?v=%1&t=%2icepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1944278540.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                        		unknown
                                                                                        http://icecreamapps.com/PDF-Editor/QN0pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1719881895.0000000002304000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://ns.adobeicepdfeditor.exefalse
                                                                                            		unknown
                                                                                            https://icecreamapps.com/Howto/how-to-make-icecream-pdf-editor-your-default-PDF-reader.htmlicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000E4A000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000002.1943132606.0000000000FE7000.00000002.00000001.01000000.0000000E.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000000FEA000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                              		unknown
                                                                                              http://icecreamapps.com/PDF-Editor/QN3pdf_editor_setup_Downloadly.ir.exe, 00000018.00000003.1711123378.0000000002334000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://www.jiyu-kobo.co.jp/Cicepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://curl.se/docs/alt-svc.htmlicepdfeditor.exe, 0000001D.00000002.2071338915.000000006B677000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27Xpdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1699316350.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1703731584.00000000008D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://icecreamapps.com/act/crashfix/index.php/crashReport/uploadExternalicepdfeditor.exe, 0000001D.00000003.1913766286.000000000162B000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1945397183.0000000001630000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.color.org)icepdfeditor.exe, 0000001D.00000002.2028019665.000000006AEAF000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://www.carterandcone.comlicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.jiyu-kobo.co.jp/xicepdfeditor.exe, 0000001D.00000003.1734374953.0000000004C85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.fontbureau.com/designers/frere-jones.htmlicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.jiyu-kobo.co.jp/jp/&icepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.jiyu-kobo.co.jp/ricepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zPatch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.jiyu-kobo.co.jp/kicepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://www.jiyu-kobo.co.jp/jp/-icepdfeditor.exe, 0000001D.00000003.1737462276.0000000004C8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://icecreamapps.com/PDF-Editor/upgrade.html1)icepdfeditor.exe, 0000001D.00000003.1918222447.000000000A06D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www.jiyu-kobo.co.jp/bicepdfeditor.exe, 0000001D.00000003.1734374953.0000000004C85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://curl.se/Vicepdfeditor.exe, 0000001D.00000002.2071954494.000000006B68A000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://icecreamapps.comqicepdfeditor.exe, 0000001D.00000003.1913766286.000000000162B000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1945397183.0000000001630000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.fontbureau.com/designersGicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://www.aiim.org/pdfa/ns/id/iveEventnd:icepdfeditor.exe, 0000001D.00000002.1944278540.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.fontbureau.com/designers/?icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://www.phreedom.org/md5)08:27icepdfeditor.exe, 0000001D.00000002.2013235487.000000006AAE3000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://www.founder.com.cn/cn/bTheicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://ocsp.sectigo.com0Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://ko-fi.com/radixx11Patch.exe, Patch.exe, 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Patch.exe, 00000013.00000002.2329481554.000000000256C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://www.fontbureau.com/designers?icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUpdf_editor_setup_Downloadly.ir.exe, 00000015.00000000.1435155031.0000000000401000.00000020.00000001.01000000.00000009.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://www.tiro.comicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://code.google.com/p/crashrpt/wiki/FAQpdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://icecreamapps.com/act/crashfix/index.php/crashReport/uploadExternal:0icepdfeditor.exe, 0000001D.00000002.1945785929.0000000001641000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1913766286.0000000001641000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1918843286.0000000001641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://icecreamapps.com/go/help.php?prod=pdes8icepdfeditor.exe, 0000001D.00000003.1913766286.000000000162B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://icecreamapps.com/act/crashfix/index.php/crashReport/uploadExternalCouldicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://www.goodfont.co.kricepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://www.aiim.org/pdfa/ns/id/Nicepdfeditor.exe, 0000001D.00000002.1960167865.0000000006E10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://icecreamapps.com/act/license.phphttps://icecreamapps.com/go/license_date.phpInvalidicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.sajatypeworks.c31icepdfeditor.exe, 0000001D.00000003.1761046440.0000000003E4B000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1910520523.0000000003E4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://www.typography.netDicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0Patch.exe, 00000013.00000003.2107417937.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1437601534.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1436932557.00000000025E3000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://www.galapagosdesign.com/staff/dennis.htmicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://mail.ruicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.0000000006694000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1690189697.00000000066EE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://data.icecreamapps.com-icepdfeditor.exe, 0000001D.00000003.1890727567.0000000003E25000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000002.1952704771.0000000003E25000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1764982543.0000000003E0E000.00000004.00000020.00020000.00000000.sdmp, icepdfeditor.exe, 0000001D.00000003.1911993165.0000000003E23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://icecreamapps.comUPatch.exe, 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://data.icecreamapps.comicepdfeditor.exe, 00000002.00000000.1138515703.0000000000B87000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 00000014.00000000.1365606055.0000000000EE3000.00000002.00000001.01000000.00000003.sdmp, icepdfeditor.exe, 0000001D.00000000.1687836054.0000000001083000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://counter-strike.com.ua/pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1435886831.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1440126752.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000018.00000003.1709866734.0000000002805000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.00000000035E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.fonts.comicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.sandoll.co.kricepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.mpegla.compdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1435886831.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000015.00000003.1719881895.00000000022C1000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000016.00000003.1440126752.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1704845723.0000000000883000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1704796702.0000000003733000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1701495714.0000000002300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 00000019.00000003.1700066060.0000000003521000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.sakkal.comicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.apache.org/licenses/LICENSE-2.0icepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.fontbureau.comicepdfeditor.exe, 0000001D.00000003.1933039472.0000000005E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown

                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public IPs

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                239.255.255.250
                                                                                                                                                                		unknownReserved
                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                142.250.181.228
                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                92.223.124.62
                                                                                                                                                                		cl-2d703670.gcdn.coAustria
                                                                                                                                                                		199524GCOREATfalse
                                                                                                                                                                37.58.52.149
                                                                                                                                                                		icecreamapps.comGermany
                                                                                                                                                                		28753LEASEWEB-DE-FRA-10DEfalse

                                                                                                                                                                Private

                                                                                                                                                                IP
                                                                                                                                                                192.168.2.17

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                Analysis ID:1541176
                                                                                                                                                                Start date and time:2024-10-24 14:41:52 +02:00
                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 10m 22s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                Number of analysed new started processes analysed:35
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:1
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Sample name:Archive.zip
                                                                                                                                                                Detection:SUS
                                                                                                                                                                Classification:sus36.winZIP@29/233@10/5
                                                                                                                                                                EGA Information:
                                                                                                                                                                • Successful, ratio: 50%
                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Found application associated with file extension: .zip

                                                                                                                                                                Warnings

                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 84.201.210.21, 199.232.214.172, 192.229.221.95, 142.250.184.195, 108.177.15.84, 142.250.185.238, 34.104.35.123, 142.250.185.106, 216.58.206.35, 216.58.212.138, 172.217.23.106, 142.250.185.138, 216.58.212.170, 216.58.206.74, 216.58.206.42, 142.250.184.202, 142.250.185.170, 142.250.186.74, 142.250.186.170, 142.250.185.234, 142.250.185.202, 142.250.181.234, 142.250.184.234, 142.250.185.74
                                                                                                                                                                • Excluded domains from analysis (whitelisted): www.bing.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, evoke-windowsservices-tas.msedge.net, clients.l.google.com
                                                                                                                                                                • Execution Graph export aborted for target icepdfeditor.exe, PID 1388 because there are no executed function
                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                • VT rate limit hit for: Archive.zip

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                08:43:27API Interceptor54x Sleep call for process: icepdfeditor.exe modified

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                239.255.255.250setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                  https://1drv.ms/o/c/3e563d3fb2a98d1c/Emlo5KUbYYNEvKtIF-7SS0EBYSeT3hOOGuv_MbeT-n2y4g?e=HPjqUnGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                    Meridian Group Inc - Contact Submission (70.2 KB)Get hashmaliciousUnknownBrowse
                                                                                                                                                                      https://railrent-railrent.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                        https://2007.filemail.com/api/file/get?filekey=58mKUrTMdlmzqkRvo0UdVa2TMjJTCQiSNv5rUBtsDQTNU0dM4JzppUJaOrP_mWxCym0k9l5xEDeaXunPsHq6frY8XZH_gnclw86MefA3bpAlGuDkr77-xSqrMOQIlMdW5cRjwoOSCWIlTwpC48cNKMMHhMKp&track=P8fpm4ry&pk_vid=8a8b18f03738ae4f17297703684d559dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                          attachment(1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                            https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                              PO 635614 635613_CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                https://railrent-railrent.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    92.223.124.62https://cambridge.pl/testy-poziomujaceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            https://event.stibee.com/v2/click/NDA4MDIvMjQzOTA2MS80OTAyMzcv/aHR0cHM6Ly9uLm5ld3MubmF2ZXIuY29tL21uZXdzL2FydGljbGUvMDI1LzAwMDMzOTE2NDc_c2lkPTEwMQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://securcomau.gurucan.com/66e8e67dd77b5900129b4800Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                https://pancake-swapp.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                  https://app.getresponse.com/change_details.html?x=a62b&m=BrgFNl&s=BW9rcZD&u=C3YQM&z=EMkQID6&pt=change_detailsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    https://securcomau.gurucan.com/66e8e67dd77b5900129b4800Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      https://securcomau.gurucan.com/66e8e67dd77b5900129b4800Get hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        GCOREAThttps://cambridge.pl/testy-poziomujaceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 92.223.124.62
                                                                                                                                                                                                        https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 92.223.124.62
                                                                                                                                                                                                        https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 92.223.124.62
                                                                                                                                                                                                        https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 92.223.124.62
                                                                                                                                                                                                        RemotePCViewer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 5.188.34.61
                                                                                                                                                                                                        na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 92.38.185.13
                                                                                                                                                                                                        https://metaprotradings.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 92.223.127.181
                                                                                                                                                                                                        https://event.stibee.com/v2/click/NDA4MDIvMjQzOTA2MS80OTAyMzcv/aHR0cHM6Ly9uLm5ld3MubmF2ZXIuY29tL21uZXdzL2FydGljbGUvMDI1LzAwMDMzOTE2NDc_c2lkPTEwMQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 92.223.124.62
                                                                                                                                                                                                        https://securcomau.gurucan.com/66e8e67dd77b5900129b4800Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 92.223.124.62
                                                                                                                                                                                                        na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 5.188.4.182
                                                                                                                                                                                                        LEASEWEB-DE-FRA-10DEhttps://m-apkpure.playvoir.com/ru/maiorders-merchant/maiorders.merchantappGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 178.162.215.162
                                                                                                                                                                                                        na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 84.16.239.119
                                                                                                                                                                                                        transferencia.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 91.109.20.161
                                                                                                                                                                                                        Justificante_01102024.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                        • 91.109.20.161
                                                                                                                                                                                                        http://steam.csworkshoparts.com/filedetails/sharedfile/ak47-DeadRose/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 5.61.42.53
                                                                                                                                                                                                        Https://25sep26ww.z13.web.core.windows.net/#Get hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                                                                                                                                                                                        • 217.20.112.104
                                                                                                                                                                                                        https://telegram-message-8n5.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 217.20.112.104
                                                                                                                                                                                                        http://two.eagermint.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 217.20.112.104
                                                                                                                                                                                                        SecuriteInfo.com.Trojan.Inject5.8445.10776.26852.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 37.1.196.35
                                                                                                                                                                                                        http://umjkitjtsk.top/crp/325gewfkj345Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 84.16.251.24

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        28a2c9bd18a11de089ef85a160da29e4Meridian Group Inc - Contact Submission (70.2 KB)Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        https://2007.filemail.com/api/file/get?filekey=58mKUrTMdlmzqkRvo0UdVa2TMjJTCQiSNv5rUBtsDQTNU0dM4JzppUJaOrP_mWxCym0k9l5xEDeaXunPsHq6frY8XZH_gnclw86MefA3bpAlGuDkr77-xSqrMOQIlMdW5cRjwoOSCWIlTwpC48cNKMMHhMKp&track=P8fpm4ry&pk_vid=8a8b18f03738ae4f17297703684d559dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        PO 635614 635613_CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        https://landsmith.ae/continue.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        https://is.gd/6NgVrQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        1863415243647.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        https://www.yola.com/es/zendesk-sso?return_to=http://york.iwill.app.br/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        https://www.yola.com/es/zendesk-sso?return_to=http://york.iwill.app.br/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 4.175.87.197
                                                                                                                                                                                                        • 184.28.90.27
                                                                                                                                                                                                        • 20.190.159.64
                                                                                                                                                                                                        6271f898ce5be7dd52b0fc260d0662b3https://www.yola.com/es/zendesk-sso?return_to=http://york.iwill.app.br/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        https://t.ly/2jKWOGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ffGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        https://dca13.z4.web.core.windows.net/werrx01USAHTML/?bcda=1-877-883-8072#Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        https://asfdhjgd16dfhfgkfsgdssd.z33.web.core.windows.net/asfdsa16.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        Jwhite Pay Increase EFile997843.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        https://t.ly/HTVUPGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        https://link.edgepilot.com/s/638b11ee/5PAE0D7rGEubgiw42RPNhQ?u=https://flow.wirtube.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        https://churchillmcgee-my.sharepoint.com/:u:/p/tholtzclaw/EZYLQhunQLxJgDl2GitW_PEBRKvAR7X0yXjbidcIUQwyng?e=tBP41rGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        Inv No.248730.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 2.23.209.154
                                                                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0ekQyd2z80gD.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                        • 13.107.5.88
                                                                                                                                                                                                        PO-Zam#U00f3wienie zakupu-8837837849-pl-.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                                                                                        • 13.107.5.88
                                                                                                                                                                                                        https://www.yola.com/es/zendesk-sso?return_to=http://york.iwill.app.br/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.5.88
                                                                                                                                                                                                        Produccion.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                        • 13.107.5.88
                                                                                                                                                                                                        xVmySfWfcW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.5.88
                                                                                                                                                                                                        226999705-124613-sanlccjavap0004-67.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                        • 13.107.5.88
                                                                                                                                                                                                        LDlanZur0i.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.5.88
                                                                                                                                                                                                        Fa1QSXjTZD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.5.88
                                                                                                                                                                                                        xxImTScxAq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.5.88
                                                                                                                                                                                                        4aOgNkVU5z.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.5.88

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\CrashRpt1403.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):157208
                                                                                                                                                                                                        Entropy (8bit):6.1934682249941115
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:zKEv+wyTqNr2Z+7UXkvrZexxuF0tBzwuXh47ht0OiJPex01d54aJ:zPv+5qB2ZwKkvrmu6tJ16lg1dRJ
                                                                                                                                                                                                        MD5:D4DB02A96B703FDBFAD4443AB8FA504F
                                                                                                                                                                                                        SHA1:39AD32AE327789C62FD32FCB6C1F4471F1DCE47F
                                                                                                                                                                                                        SHA-256:21171F394862D2342F5AF507A54655B454F510D0B8800E6A4929829EB28F830E
                                                                                                                                                                                                        SHA-512:D5FCB52ACE86D863B822E06070CF34577BC15BA19CB9CFB2D4C1C16705521E779B8B42ECD2EC9E783B06B2A89C92C259015D88E255FCFBCF19D78D2F276B4009
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a[.v...v...v...'...v...'...v...'...v...'...v.......v...v..pv...$...v...$...v...$...v...v...v...$...v..Rich.v..........PE..L.....U...........!.........h......n........................................p.......O....@..........................(..q....+.......P...............F... ...`..........8...........................8...@............................................text............................... ..`.rdata..hJ.......L..................@..@.data...0....@......................@....rsrc........P.......0..............@..@.reloc.......`.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\CrashSender1403.exe (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):951808
                                                                                                                                                                                                        Entropy (8bit):6.595786024423779
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:j3Qot4CtMnlVl8OsmVEpAymT3cVPjeDzh2A2I5fZBTQgsPfU:ko3twVl8OsmVp3cBCDzhn2I5fHTQfU
                                                                                                                                                                                                        MD5:2829AB15FFF44C84D319274AB61BC4DD
                                                                                                                                                                                                        SHA1:F825F839E0EB35077BE24C2692B42C31B4541411
                                                                                                                                                                                                        SHA-256:A8F3DC44C4DE1D96A1C4491686F54E1931387DF800653BE71458BA11863A00C4
                                                                                                                                                                                                        SHA-512:B689D95FE217307736E0240F3F919646F69E953D007EA89B71207A149F8F5D4710307C1D248F755E40A564ADA49DE9E1FDD926984F45CE2F6E4C872DBCA8EB1A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=8..yY..yY..yY..?.Y.pY..?.f.lY..?.[.}Y..?.g.uY..p!..xY..yY...X..p!..fY..t.b..Y..t.g.mY..t.].xY..yY..xY..t.X.xY..RichyY..........PE..L.....U..........................................@.......................................@..................................|..h.......(....................`...W......8...............................@...............h............................text............................... ..`.rdata..$...........................@..@.data...............................@....rsrc...(...........................@..@.reloc...W...`...X..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\DebenuPDFLibraryDLL1212.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6190104
                                                                                                                                                                                                        Entropy (8bit):7.421682960763955
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:MK+/ifzrm29tZTwpN9EVbjl4ece6GMUdaVelHxzINC75Z:X+/ibrm29tZFVvl48DueJO475Z
                                                                                                                                                                                                        MD5:74E2784C899F1D77D6679A03D60A3D64
                                                                                                                                                                                                        SHA1:FF43817A59C7A6964DCC8F9DB2B9A16E1FE58C3C
                                                                                                                                                                                                        SHA-256:A9E1AF2711021486E6BCD3B6520072BC71EC8DF0D63336421286E2C4F3DB7EA8
                                                                                                                                                                                                        SHA-512:E745DD67367588CAAE9B75919DCD370AA26647CDB172C2A0C26A709367D6E526214C7787AAA2BC317FFE6C99BB04C6117E142787A7CE936AD391F21417AF1832
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L..._4.V..................3..r*.......3.......3...@...........................^.....g.^...............................6......6.l#....:...$..........T^.. ...p7.......................................................6.t.....6.\....................text.....3.......3................. ..`.itext.. .....3.......3............. ..`.data...\?....3..@....3.............@....bss....PU...06......"6..................idata..l#....6..$..."6.............@....didata.\.....6......F6.............@....edata.......6......J6.............@..@.reloc.......p7.......6.............@..B.rsrc.....$...:...$..t9.............@..@..............^......T^.............@..@................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Core.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5377144
                                                                                                                                                                                                        Entropy (8bit):6.853679063871745
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:eLlOKYcFr4K9pJsv6tWKFdu9CjvpzjgwWe:eLDrlJsv6tWKFdu9CjRvFWe
                                                                                                                                                                                                        MD5:316FB94DA47EAC5933F3007A8CCA4356
                                                                                                                                                                                                        SHA1:4C17A1A8E21940066BCBB5A0F09F6DA9C26039DA
                                                                                                                                                                                                        SHA-256:0DED0E1CDB33B58CCB8FA20837EBFA9D17A9737BCEB078D0D16F3EF4AC349C5D
                                                                                                                                                                                                        SHA-512:B791A9DC14CB852344D33A7F0DFA5C3C7AC54E50B888024E6795A9FF5372B8554E464C9AF9280289652981B58723C9E4BC72C514D3C346CD020998F67AB84D95
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........A.mC o>C o>C o>JX.>W o>.Mn?E o>..>G o>.Mj?^ o>.Mk?I o>.Ml?N o>.Hk?A o>.Hi?B o>.Hn?T o>C n>.!o>.Nk?n o>.Nj?. o>.No?B o>.N.>B o>C .>B o>.Nm?B o>RichC o>................PE..L...gkP_...........!......(...).......&.......(....g..........................R......ER...@......................... .C.H...h.K.......P...............Q.x.....P.....peA.T...................lfA......eA.@.............(..............................text...'.(.......(................. ..`.rdata..*i"...(..j"...(.............@..@.data.......@K..J...,K.............@....qtmimed......K......vK.............@..P.rsrc.........P......dP.............@..@.reloc........P......jP.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Gui.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5929592
                                                                                                                                                                                                        Entropy (8bit):6.794857574868927
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:7XWX+slNUrE5ZiXVSTsxkHDl3HHx4oRZ0ggBEFslA6A5ORbkVIa+r8ZJU/tNN4gG:752gcsxUl3HN0VUVCr8Ib6mLV9+
                                                                                                                                                                                                        MD5:253C8B17A1476DC182C31B75E98B6A0E
                                                                                                                                                                                                        SHA1:49A511A017EE77FFAC72AF8B007C67C9F6637D53
                                                                                                                                                                                                        SHA-256:55B26B1236A79A6985DC9B6114DD227F5DFF06D6932223DDA02D9ED95968B779
                                                                                                                                                                                                        SHA-512:A5110FDB18DA6D87641B0299EA947F149030B61779EBEEA300F75A555F3F2AB61BFA79204593D3A84F2BE41945A3E82472002F876A3BAC845BADAB871897754C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v.j.2..Q2..Q2..Q;.Q$..Q...P8..Q...P>..Q...P+..Q...P6..Q...P0..Qi..P3..Qi..P?..Q2..Q^..Q...P"..Q...P[..Q...P3..Q...Q3..Q2..Q3..Q...P3..QRich2..Q................PE..L....kP_...........!......6...$.......6.......6...............................[.......Z...@.........................P.=.."...PV.h.....X..............dZ.x.....X..:....<.T...................|.<......<.@.............6..............................text.....6.......6................. ..`.rdata...N ...6..P ...6.............@..@.data....r...@W......0W.............@....rsrc.........X......"X.............@..@.reloc...:....X..<...(X.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Network.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1062520
                                                                                                                                                                                                        Entropy (8bit):6.681028028686963
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:BqjkFWDYqDVCDIkRhMq33zROfSRW88W8mg:wcD9TEf1Wo
                                                                                                                                                                                                        MD5:0FD8AD9B5FE25811E9FA9125E791E083
                                                                                                                                                                                                        SHA1:680FDA9F8B4EBEE870C5DEA0E9DFEE0A918E4E5E
                                                                                                                                                                                                        SHA-256:C9A7571426BB7D0F0939DC4D39D22329373FBD0320708EC6B99C0F516FF77D78
                                                                                                                                                                                                        SHA-512:60899B2FD00D7AC3B34639891664F2F280FD32AF1B0ADB2DED09DB87336243BCDCD731F8D30CFFA665A2BCEAC83771622E755EDAA8DDF5889539B66ABB842E8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........#.t;B.';B.';B.'2:Q'7B.'`*.&:B.'./.&1B.'./.&>B.'./.&"B.'./.&?B.'`*.&5B.'.,.&8B.';B.'.A.'.,.&.B.'.,.&:B.'.,=':B.';BU':B.'.,.&:B.'Rich;B.'........................PE..L....kP_...........!..... ..........<!.......0.....d.........................`......~.....@..........................$...e......T....p............... ..x...........P...T...................L...........@............0..8............................text............ .................. ..`.rdata..L....0.......$..............@..@.data....9...0......."..............@....rsrc........p.......<..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Svg.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):264312
                                                                                                                                                                                                        Entropy (8bit):6.715338352324104
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:dO73uRNCsNic+peLSWOvY0VdWOEDuFcXxwIpunEJr2ty+yUIEDvwrPmaiK+iA0c8:dOsB+peLNMLEDukunEJr2tyRrPTf
                                                                                                                                                                                                        MD5:2974485E58533B9BFC4061E11C0174C7
                                                                                                                                                                                                        SHA1:9A8E9CDEC284B865C76CCA129E7BD44885BABB55
                                                                                                                                                                                                        SHA-256:CD1950F423381E5654EB92E5A77EE19AA6E0212FC3729D5710A9EDF57746C2B0
                                                                                                                                                                                                        SHA-512:CE0EF433D7E8D52EC513725327A7A8DCACAE831704CCD4F2B9B243431A408DE40ABFA846D0BBDBBBDF70B6294439392BD8F4723D465E324A4BBF272727E5B43D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D.h.D.h.D.h.M...B.h...i.F.h...i.F.h...m.Q.h...l.N.h...k.G.h..i.C.h.D.i...h..m.I.h..h.E.h....E.h.D...E.h..j.E.h.RichD.h.................PE..L...d.P_...........!.....^..........4f.......p.....f.........................0.......a....@.............................@}..0?..........................x........0......T...........................X...@............p..H............................text....].......^.................. ..`.rdata...M...p...N...b..............@..@.data...D...........................@....rsrc...............................@..@.reloc...0.......2..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Widgets.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4483704
                                                                                                                                                                                                        Entropy (8bit):6.835994551598057
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:LNYrZPyqlHjgvBDFx+jnn1nSQnCKWnDcxcYd/IAm4:ClqDFx+YxK7mY9IAm4
                                                                                                                                                                                                        MD5:FE4E5ED83642E0DD84BB41450D020AF6
                                                                                                                                                                                                        SHA1:275601E50EECB6C7E19D9DD4DDBE6E23FAA92650
                                                                                                                                                                                                        SHA-256:BAA679FBB6B375EA4F9A2C536E8CC750CDF25946379DCED876D2A855DDAA838C
                                                                                                                                                                                                        SHA-512:B29E60FF24684A969B61357AADC3D8A5614521CC77FE52016F886FD8B40F13F2B8F8B34CD9888D3C972642A06A6B94C29A193D7AB09A8285277F414DF96F5D18
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.....................I........................................F...........F..a..F.....F.%......M....F.....Rich...........................PE..L...KlP_...........!.....X+..........Z+......p+....e..........................D......D...@...........................6..'....>.T.....A..............TD.x.....A.......5.T...................|.5.......5.@............p+../...........................text...:W+......X+................. ..`.rdata.......p+......\+.............@..@.data........@A..j..."A.............@....rsrc.........A.......A.............@..@.reloc........A.......A.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\Qt5WinExtras.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):433272
                                                                                                                                                                                                        Entropy (8bit):6.406577939449063
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:VuWoR2Bwb8HHEgIjBN4SlBZr5j7E8doP+kTRzbh10rNus/vUS+B+/iSMk:VuWODb8nYBN4wBl5M8qPf3wNNmk
                                                                                                                                                                                                        MD5:E368A66AD5114ADF1F43790AB728CED2
                                                                                                                                                                                                        SHA1:C6E86F5B71D628B2556249CC96FDC2884B833143
                                                                                                                                                                                                        SHA-256:5CCA88F525E8B371EB579DA114C26F1EC570157A95EB83A6CC38EA888FF400EA
                                                                                                                                                                                                        SHA-512:D801024C78F986B00CD16E94903057B4D41B72E0C04497A50E70C7CC65F9DA54C347B46D234C26894D9FC7DE6574D5086D2B2E97E66DF0AD1F958438A109BFAF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h...,.G,.G,.G%..G*.G...F..G...F:.G...F&.G...F/.Gw..F-.Gw..F .G...F).G,.G..G...F#.G...F-.G..}G-.G,..G-.G...F-.GRich,.G................PE..L.....P_...........!.....N...t......8R.......`............................................@..........................j..09........... ..................x....0..T...@_..T...................<`......._..@............`...............................text....M.......N.................. ..`.rdata...h...`...j...R..............@..@.data....B..........................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l1-2-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11416
                                                                                                                                                                                                        Entropy (8bit):6.815621198462554
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:KdWYhWJWWFYg7VWQ4WWeRkJqnajgrTZutRnPZA9S:KdWYhWHsJl0huHnPZA9S
                                                                                                                                                                                                        MD5:CD3CEC3D65AE62FDF044F720245F29C0
                                                                                                                                                                                                        SHA1:C4643779A0F0F377323503F2DB8D2E4D74C738CA
                                                                                                                                                                                                        SHA-256:676A6DA661E0C02E72BEA510F5A48CAE71FDC4DA0B1B089C24BFF87651EC0141
                                                                                                                                                                                                        SHA-512:ACA1029497C5A9D26EE09810639278EB17B8FD11B15C9017C8B578FCED29CEF56F172750C4CC2B0D1EBF8683D29E15DE52A6951FB23D78712E31DDCB41776B0F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....ARo...........!......................... ...............................0......@$....@......................... ...L............ ..................."..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@.....ARo........8...T...T........ARo........d................ARo........$...........RSDS...+A<...s.O.....api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ...L....edata... ..`....rsrc$01....` .......rsrc$02.... ......+A<...s.O.&...x)=.ro2.ARo.................ARo....p...............H...X...h...............B...............!...........api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolu

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l2-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11208
                                                                                                                                                                                                        Entropy (8bit):6.914984712440467
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:UC/b2WYhWIWWFYg7VWQ4eW5AZa8p2kacqnajYhx:UC/b2WYhWoY8pUclMH
                                                                                                                                                                                                        MD5:B181124928D8EB7B6CAA0C2C759155CB
                                                                                                                                                                                                        SHA1:1AADBBD43EFF2DF7BAB51C6F3BDA2EB2623B281A
                                                                                                                                                                                                        SHA-256:24EA638DFA9F40E2F395E26E36D308DB2AB25ED1BAA5C796AC2C560AD4C89D77
                                                                                                                                                                                                        SHA-512:2A43BF4D50D47924374CDE689BE24799C4E1C132C0BC981F5109952D3322E91DD5A9352B53BB55CA79A6EA92E2C387E87C064B9D8C8F519B77FFF973D752DC8F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@................8...T...T...................d...........................$...........RSDS.0.O..}_.1..j~n....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....0.O..}_.1..j~n...D....................................................H...t...............'...S...................A...k...................C...l...............6...U.............................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-localization-l1-2-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13768
                                                                                                                                                                                                        Entropy (8bit):6.798905181617243
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:6GEOMw3zdp3bwjGzue9/0jCRrndbFWYhWfRDli:6TOMwBprwjGzue9/0jCRrndbB0
                                                                                                                                                                                                        MD5:21519F4D5F1FEA53532A0B152910EF8B
                                                                                                                                                                                                        SHA1:7833AC2C20263C8BE42F67151F9234EB8E4A5515
                                                                                                                                                                                                        SHA-256:5FBD69186F414D1D99AC61C9C15A57390FF21FE995E5C01F1C4E14510B6FB9B1
                                                                                                                                                                                                        SHA-512:97211FAD4AAE2F6A6B783107938F0635C302445E74FC34A26AA386864509919C3F084E80579D2502105D9256AAB9F57EA16137C43344B1C62F64E5BC1125A417
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....f.F...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....f.F........@...T...T........f.F........d................f.F........$...........RSDSkR...<...L.,.>......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...kR...<...L.,.>..n.N.#$..E..f.F.........f.F............;...;...H...4... ...........-...\.......................5...U...}...................A...i...................1...n...............O...................O...~...............&...O...|...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-processthreads-l1-1-1.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.825370088644229
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:k/DiDfIeJWYhWGWWFYg7VWQ4eWlLoCjux5Dqnajuy:JDfIeJWYhWm+PUDli
                                                                                                                                                                                                        MD5:B5C8334A10B191031769D5DE01DF9459
                                                                                                                                                                                                        SHA1:83A8FCC777C7E8C42FA4C59EE627BAF6CBED1969
                                                                                                                                                                                                        SHA-256:6C27AC0542281649EC8638602FBC24F246424BA550564FC7B290B683F79E712D
                                                                                                                                                                                                        SHA-512:59E53C515DFA2CD96182CA6539ED0EA2EBB01F5991BEB08166D1FC53576AEAAFEBBB2C5EE0CCBDAB60AE45FC6A048FFF0B5E1B8C9C26907791D31FB7E75B1F39
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......I...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......I........B...T...T..........I........d..................I........$...........RSDS...W..w. ..v-.......api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......W..w. ..v-.......Q.c.w/.Y...I.......I....................H...............M...............B...w...............>...n...............3...p...........'...f...............2...S.......................................api-ms-win-core-proc

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-synch-l1-2-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11712
                                                                                                                                                                                                        Entropy (8bit):6.87820352511638
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:JDQtZ34WYhWVWWFYg7VWQ4uW+Jf8p2kacqnajY2xyU:JDQtZ34WYhWT/f8pUclMqx
                                                                                                                                                                                                        MD5:EB6F7AF7EED6AA9AB03495B62FD3563F
                                                                                                                                                                                                        SHA1:5A60EEBE67ED90F3171970F8339E1404CA1BB311
                                                                                                                                                                                                        SHA-256:148ADEF6A34269E403BB509F9D5260ABE52F413A6C268E8BD9869841D5F2BD02
                                                                                                                                                                                                        SHA-512:A9961212B40EFC12FD1AB3CC6551C97C987E73B6E409C9AB8A5E1B24542F9E5884811F06883BD31D2585219C4F60C30DE2D188788513C01B6CBFE22D539D7875
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...\@,............!......................... ...............................0.......l....@......................... ...v............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\@,.........9...T...T.......\@,.........d...............\@,.........$...........RSDS......4.>{{..S.u....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg... ...v....edata... ..`....rsrc$01....` .......rsrc$02.... .........4.>{{..S.usFA..a...c./\@,.............\@,.....................H...........0...r...............?...w...............F...................D...w.......V...............,...[...............-...h...............0...a...........................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-timezone-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.859698838321107
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:FPWYhW5WWFYg7VWQ4eWxSwPGux5DqnajuyVp:FPWYhW3+Dligp
                                                                                                                                                                                                        MD5:86421619DAD87870E5F3CC0BEB1F7963
                                                                                                                                                                                                        SHA1:2F0FE3EB94FA90577846D49C03C4FD08EF9D3FB2
                                                                                                                                                                                                        SHA-256:64ECCD818F6FFC13F57A2EC5CA358B401FFBB1CA13B0C523D479EF5EE9EB44AB
                                                                                                                                                                                                        SHA-512:DBCE9904DD5A403A5A69E528EE1179CC5FAAB1361715A29B1A0DE0CD33AD3AE9C9D5620DAFB161FDA86CB27909D001BE8955940FD051077FFE6F3FF82357AD31
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....A............!......................... ...............................0............@......................... ...E............ ...................!..............T............................................................................text...e........................... ..`.rsrc........ ......................@..@......A.........<...T...T.........A.........d.................A.........$...........RSDS,..[..e.;:.d.N....api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...E....edata... ..`....rsrc$01....` .......rsrc$02.... ...,..[..e.;:.d.NG0...g.@)....A...............A.....................H...|...........J...........%...c...............Y...........:.......5...h...........E...............9.........................................api-ms-win-core-timezone-l1-1-

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-convert-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15304
                                                                                                                                                                                                        Entropy (8bit):6.565748840552441
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:YM0wd8dc9cydWYhWtWWFYg7VWQ4eWydY8p2kacqnajYWx:B0wd8xydWYhWrjY8pUclMK
                                                                                                                                                                                                        MD5:88F89D0F2BD5748ED1AF75889E715E6A
                                                                                                                                                                                                        SHA1:8ADA489B9FF33530A3FB7161CC07B5B11DFB8909
                                                                                                                                                                                                        SHA-256:02C78781BF6CC5F22A0ECEDC3847BFD20BED4065AC028C386D063DC2318C33CC
                                                                                                                                                                                                        SHA-512:1F5A00284CA1D6DC6AE2DFCE306FEBFA6D7D71D421583E4CE6890389334C2D98291E98E992B58136F5D1A41590553E3AD42FB362247AE8ADF60E33397AFBB5DF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!.........................0...............................@.......r....@.........................0................0...................!..............T............................................................................text............................... ..`.rsrc........0......................@..@v...............................:...d...d...................d...........................$...........RSDS.1.....5..MD....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....1.....5..MD T=...Z.9.X.................................z...z...X...@...(...H...c...~...........................7...Q...n.............................../...J...e...............................#...:...U...r...............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-environment-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.761525250479804
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:CKNMWYhWtWWFYg7VWQ4eWSwRrHN8xqnajFW:CKNMWYhWrYHMlZW
                                                                                                                                                                                                        MD5:0979785E3EF8137CDD47C797ADCB96E3
                                                                                                                                                                                                        SHA1:4051C6EB37A4C0DBA47B58301E63DF76BFF347DD
                                                                                                                                                                                                        SHA-256:D5164AECDE4523FFA2DCFD0315B49428AC220013132AD48422A8EA4CA2361257
                                                                                                                                                                                                        SHA-512:E369BC53BABD327F5D1B9833C0B8D6C7E121072AD81D4BA1FB3E2679F161FB6A9FA2FCA0DF0BAC532FD439BEB0D754583582D1DBFECCF2D38CC4F3BDCA39B52D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....][...........!......................... ...............................0............@.........................0..."............ ...................!..............T............................................................................text...R........................... ..`.rsrc........ ......................@..@v.....................][........>...d...d.........][........d.................][........$...........RSDS.,.A..\...R..=v....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0..."....edata... ..`....rsrc$01....` .......rsrc$02.... ....,.A..\...R..=v....N..{?M8d..][..........][....................X...........?...c...........................7...S...o.......................'...@...2...U...z...........................I...f....................... ...7...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-filesystem-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13248
                                                                                                                                                                                                        Entropy (8bit):6.8050900373153675
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:BGnWlC0i5ClWYhWCWWFYg7VWQ4SWg896Tem8p2kacqnajYPxw:cnWm5ClWYhWyld8pUclMpw
                                                                                                                                                                                                        MD5:A1B6CEBD3D7A8B25B9A9CBC18D03A00C
                                                                                                                                                                                                        SHA1:5516DE099C49E0E6D1224286C3DC9B4D7985E913
                                                                                                                                                                                                        SHA-256:162CCF78FA5A4A2EE380F72FBD54D17A73C929A76F6E3659F537FA8F42602362
                                                                                                                                                                                                        SHA-512:A322FB09E6FAAFF0DAABB4F0284E4E90CCACFF27161DBFD77D39A9A93DBF30069B9D86BF15A07FC2006A55AF2C35CD8EA544895C93E2E1697C51F2DAFAD5A9D7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0............@.........................0................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...............................=...d...d...................d...........................$...........RSDS...gK6.....T[.;....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ......gK6.....T[.;2.>.Wf:Y)t.............................A...A...X...\...`.......*...D...]...v...................$...I...m.......................0...O...o.......................%...<...W...x...........................8...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-heap-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12232
                                                                                                                                                                                                        Entropy (8bit):6.72993280581241
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:h7aY17aFBRAWYhW4WWFYg7VWQ4eW1R7N8xqnajFzL:J9WYhWYy7MlZ
                                                                                                                                                                                                        MD5:A6A9DFB31BE2510F6DBFEDD476C6D15A
                                                                                                                                                                                                        SHA1:CDB6D8BD1FBD1C71D85437CFF55DDEB76139DBE7
                                                                                                                                                                                                        SHA-256:150D32B77B2D7F49C8D4F44B64A90D7A0F9DF0874A80FC925DAF298B038A8E4C
                                                                                                                                                                                                        SHA-512:B4F0E8FA148FAC8A94E04BF4B44F2A26221D943CC399E7F48745ED46E8B58C52D9126110CDF868EBB723423FB0E304983D24FE6608D3757A43AD741BDDB3B7EC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......(.....@.........................0................ ...................!..............T............................................................................text...F........................... ..`.rsrc........ ......................@..@v..............................7...d...d..................d..........................$...........RSDSa;PZ.1......."......api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...a;PZ.1......."..f.p.r.7....C..........................f...............X.......0...................I...................'...E...a...........................@...l...........................5...................1...j...............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-locale-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.869160264874051
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:iWYhWFGWWFYg7VWQ4eWd3BSB8p2kacqnajYu4x:iWYhWkWxSB8pUclMuY
                                                                                                                                                                                                        MD5:50B721A0C945ABE3EDCA6BCEE2A70C6C
                                                                                                                                                                                                        SHA1:F35B3157818D4A5AF3486B5E2E70BB510AC05EFF
                                                                                                                                                                                                        SHA-256:DB495C7C4AD2072D09B2D4506B3A50F04487AD8B27D656685EA3FA5D9653A21D
                                                                                                                                                                                                        SHA-512:EF2F6D28D01A5BAD7C494851077D52F22A11514548C287E513F4820C23F90020A0032E2DA16CC170AE80897AE45FC82BFFC9D18AFB2AE1A7B1DA6EEF56240840
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....JI...........!......................... ...............................0......'4....@.........................0...e............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................JI........9...d...d.........JI........d.................JI........$...........RSDS$.,...E.b..,...g....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0...e....edata... ..`....rsrc$01....` .......rsrc$02.... ...$.,...E.b..,...g.>]......S....JI..............JI.... ...............X...........U..............."...e...................D...n.......................D...d.......A...r...............@...................7...Z...................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-math-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21960
                                                                                                                                                                                                        Entropy (8bit):6.271316004393454
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:nt1MCbM4Oe5grykfIgTmLSWYhWZjMlZi:t6gMq5grxfInsYL
                                                                                                                                                                                                        MD5:461D5AF3277EFB5F000B9DF826581B80
                                                                                                                                                                                                        SHA1:935B00C88C2065F98746E2B4353D4369216F1812
                                                                                                                                                                                                        SHA-256:F9CE464B89DD8EA1D5E0B852369FE3A8322B4B9860E5AE401C9A3B797AED17BF
                                                                                                                                                                                                        SHA-512:229BF31A1DE1E84CF238A0DFE0C3A13FEE86DA94D611FBC8FDB65086DEE6A8B1A6BA37C44C5826C3D8CFA120D0FBA9E690D31C5B4E73F98C8362B98BE1EE9600
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....T.>...........!.........................@...............................P............@.........................0....+...........@...............4...!..............T............................................................................text....-.......................... ..`.rsrc........@.......0..............@..@v....................T.>........7...d...d........T.>........d................T.>........$...........RSDS....1...9......E....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0....+...edata...@..`....rsrc$01....`@.......rsrc$02.... .......1...9......E...s.......T.>.................T.>............:...:...X...@...(...................(...@...X...p...............................2...K...d...}.................... ... ..A ..m ... ... ... ...!..J!..u!...!...!...!..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-runtime-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15808
                                                                                                                                                                                                        Entropy (8bit):6.594537759210963
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:nJB0fhrpIhhf4AN5/jiTWYhWjWWFYg7VWQ4uWT67dEO8p2kacqnajYvxfyfA:n0hrKIWYhWR/7F8pUclMJfz
                                                                                                                                                                                                        MD5:4F06DA894EA013A5E18B8B84A9836D5A
                                                                                                                                                                                                        SHA1:40CF36E07B738AA8BBA58BC5587643326FF412A9
                                                                                                                                                                                                        SHA-256:876BD768C8605056579DD8962E2FD7CC96306FAB5759D904E8A24E46C25BD732
                                                                                                                                                                                                        SHA-512:1D7C0682D343416E6942547E6A449BE4654158D6A70D78AD3C7E8C2B39C296C9406013A3CFE84D1AE8608F19BEE1D4F346D26576D7ED56456EEA39D5D7200F79
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....2.O...........!.........................0...............................@......X.....@.........................0................0...................!..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................2.O........:...d...d........2.O........d................2.O........$...........RSDS.:.....1../..$.*....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....:.....1../..$.*j`Y..+J......2.O.............2.O............k...k...X...........................6...T...s.......................>...e.......................+...I...n.......................F...e...................&...G...d...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-stdio-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17352
                                                                                                                                                                                                        Entropy (8bit):6.499657236461651
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:exUO+1pPLNPjFuWYFxEpahTWYhWWWWFYg7VWQ4eWNuvwN8xqnajFD:exUX119OFVhTWYhW2bwMlZ
                                                                                                                                                                                                        MD5:5765103E1F5412C43295BD752CCAEA03
                                                                                                                                                                                                        SHA1:6913BF1624599E55680A0292E22C89CAB559DB81
                                                                                                                                                                                                        SHA-256:8F7ACE43040FA86E972CC74649D3E643D21E4CAD6CB86BA78D4C059ED35D95E4
                                                                                                                                                                                                        SHA-512:5844AC30BC73B7FFBA75016ABEFB8A339E2F2822FC6E1441F33F70B6EB7114F828167DFC34527B0FB5460768C4DE7250C655BC56EFD8BA03115CD2DD6F6C91C0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...I.o?...........!.........................0...............................@......O.....@.........................0...a............0..............."...!..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................I.o?........8...d...d.......I.o?........d...............I.o?........$...........RSDS.../L...{;[3.m5.....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0...a....edata...0..`....rsrc$01....`0.......rsrc$02.... ....../L...{;[3.m5.4.W.6.......I.o?................I.o?....................X.......P...............1...l...............Y...............P...............?...x...........0...Y...t...............................;...^...................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-string-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17864
                                                                                                                                                                                                        Entropy (8bit):6.382738607708961
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:9FvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl/WYhWl76tW8pUclMgp:j5yguNvZ5VQgx3SbwA71IkFw5W8pUq
                                                                                                                                                                                                        MD5:F364190706414020C02CF4D531E0229D
                                                                                                                                                                                                        SHA1:5899230B0D7AD96121C3BE0DF99235DDD8A47DC6
                                                                                                                                                                                                        SHA-256:A797C0D43A52E7C8205397225AC931638D73B567683F38DD803195DA9D34EAC2
                                                                                                                                                                                                        SHA-512:A9C8ABBD846AB55942F440E905D1F3864B82257B8DAA44C784B1997A060DE0C0439ECC25A2193032D4D85191535E9253E435DEED23BDF3D3CB48C4209005A02E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....J.............!.........................0...............................@......cb....@.........................0................0...............$...!..............T............................................................................text............................... ..`.rsrc........0....... ..............@..@v....................J..........9...d...d........J..........d................J..........$...........RSDS...mL..w.z....A....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ......mL..w.z....A.OQ..N..(...J...............J......L...............X... .......w.......................%...C...b...........................:...\...{.......................:...[...{.......................@...a...............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-time-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13760
                                                                                                                                                                                                        Entropy (8bit):6.681985886172717
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:g3sy5NDSWYhWmVWWFYg7VWQ4uWOpxCN8xqnajFs:LU0WYhWmTLaMlZs
                                                                                                                                                                                                        MD5:D0B6A2CAEC62F5477E4E36B991563041
                                                                                                                                                                                                        SHA1:8396E1E02DACE6AE4DDE33B3E432A3581BC38F5D
                                                                                                                                                                                                        SHA-256:FD44D833EA40D50981B3151535618EB57B5513ED824A9963251D07ABFF2BAEDF
                                                                                                                                                                                                        SHA-512:69BD6DF96DE99E6AB9C12D8A1024D20A034A7DB3E2B62E8BE7FDBC838C4E9001D2497B04209E07A5365D00366C794C31EE89B133304E475DDE5F92FDB7FCB0BC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....c!...........!......................... ...............................0...........@.........................0................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................c!........7...d...d.........c!........d.................c!........$...........RSDSTi...:..L?.3".......api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...Ti...:..L?.3"...:.}Fc........c!..................c!....(.......H...H...X...x.......P...m.......................,...J...h...........................5...V...t.......................'...K...o......................./...Q...v.......

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-utility-l1-1-0.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.852501651690859
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:a0I6fHQduPWYhWIWWFYg7VWQ4eW87AEp8p2kacqnajY4xnS:aIf5WYhWosEp8pUclMYnS
                                                                                                                                                                                                        MD5:3DFB82541979A23A9DEB5FD4DCFB6B22
                                                                                                                                                                                                        SHA1:5DA1D02B764917B38FDC34F4B41FB9A599105DD9
                                                                                                                                                                                                        SHA-256:0CD6D0FF0FF5ECF973F545E98B68AC6038DB5494A8990C3B77B8A95B664B6FEB
                                                                                                                                                                                                        SHA-512:F9A20B3D44D39D941FA131C3A1DB37614A2F9B2AF7260981A0F72C69F82A5326901F70A56B5F7AD65862630FCE59B02F650A132EE7ECFE2E4FC80F694483CA82
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...d.............!......................... ...............................0......8.....@.........................0...^............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................d..........:...d...d.......d..........d...............d..........$...........RSDS.@.7..o..t.c.A.V....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0...^....edata... ..`....rsrc$01....` .......rsrc$02.... ....@.7..o..t.c.A.V...1.v..{U.d..............d......................X.......H..............."...C...\...u...........................!...8...K...`...{...............................'...>...T...i.......................<...S...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\crashrpt_lang.ini (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8214
                                                                                                                                                                                                        Entropy (8bit):3.46410018464503
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:rsw6o2KPZEOTWSucfgjfJpkiZJpkiVxoVrOSBngI3NnS0FivuiLugXeTmZ4dIc8k:wlo2K/uKFVVgOgncoW
                                                                                                                                                                                                        MD5:771DA39B527E886A247A0C0A33FFB715
                                                                                                                                                                                                        SHA1:CB762ABE50294A08A7823C246E02CD9347555B49
                                                                                                                                                                                                        SHA-256:763F0FE5AF80055827FB2563AF696BD1452C39BE080720AB483D0CE6AC36EE92
                                                                                                                                                                                                        SHA-512:628382CF8A6035275B48D6FF3CF0DC17C2B61F65E4EF0F138990A09FD0CF09A4F821E2CB5780A3FDDB49A01E3F6AF1F379ED44BEF290D39B0D04D5E110B7D9A5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.n.g.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.s. .s.t.o.p.p.e.d. .w.o.r.k.i.n.g.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.l.e.a.s.e. .s.e.n.d. .u.s. .t.h.i.s. .e.r.r.o.r. .r.e.p.o.r.t. .(.%.s.). .t.o. .h.e.l.p. .f.i.x. .t.h.e. .p.r.o.b.l.e.m. .a.n.d. .i.m.p.r.o.v.e. .t.h.i.s. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.h.a.t. .d.o.e.s. .t.h.i.s. .r.e.p.o.r.t. .c.o.n.t.a.i.n.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.v.i.d.e. .a.d.d.i.t.i.o.n.a.l. .i.n.f.o. .a.b.o.u.t. .t.h.e. .p.r.o.b.l.e.m. .(.r.e.c.o.m.m.e.n.d.e.d.).......Y.o.u.r.E.m.a.i.l.=.Y.o.u.r. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.e. .i.n. .a. .f.e.w. .w.o.r.d.s. .w.h.a.t. .y.o.u. .w.e.r.e. .d.o.i.n.g. .w.h.e.n. .t.h.e. .e.r.

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4369472
                                                                                                                                                                                                        Entropy (8bit):6.59289267077476
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:zpf+AnvqCbjnxmf1O2zdQ93xd7JhvhGS1unYd08gEBk:Vf+6vJbjxmfkd77hGyplC
                                                                                                                                                                                                        MD5:4AF96C036230E02407C613237F8BC9D5
                                                                                                                                                                                                        SHA1:5D5F362E9C1D546368F7FA15C2F443351382DF6C
                                                                                                                                                                                                        SHA-256:422E463DEEE0D63C8C99FEE0C47BBF311377D57E34E57EE72989BC4E98DC1712
                                                                                                                                                                                                        SHA-512:0DACFE172DFEE33EBFE66AFE433B3CB73DEF74AC72179DC4D658B359A191EFEE4C074AE0FF90F2E5A8C6D38FF548507D821948ACAD2535DA8B8CCA185C3FBBFF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........jp&...u...u...u.s.u...u.~.t...u.~.t...u.~.t...u.~.t...u1{.t...uIe.t...uIe.t...uo~.t...uo~.t...u.~.t...u1{.t...u...uk..u.~.t...u.~.t"..u.~.t...u.~.u...u...u...u.~.t...uRich...u................PE..L...G..f.................R%..2.......> ......p%...@...........................B.......C...@.........................pW5.....d\5.0....@:..h...........|B.@0....>......./.T...................@./.....h./.@............p%..1...........................text....Q%......R%................. ..`.rdata...C...p%..D...V%.............@..@.data....q....7..f....7.............@....rsrc....h...@:..j....:.............@..@.reloc........>......j>.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe.BAK

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4369472
                                                                                                                                                                                                        Entropy (8bit):6.59289267077476
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:zpf+AnvqCbjnxmf1O2zdQ93xd7JhvhGS1unYd08gEBk:Vf+6vJbjxmfkd77hGyplC
                                                                                                                                                                                                        MD5:4AF96C036230E02407C613237F8BC9D5
                                                                                                                                                                                                        SHA1:5D5F362E9C1D546368F7FA15C2F443351382DF6C
                                                                                                                                                                                                        SHA-256:422E463DEEE0D63C8C99FEE0C47BBF311377D57E34E57EE72989BC4E98DC1712
                                                                                                                                                                                                        SHA-512:0DACFE172DFEE33EBFE66AFE433B3CB73DEF74AC72179DC4D658B359A191EFEE4C074AE0FF90F2E5A8C6D38FF548507D821948ACAD2535DA8B8CCA185C3FBBFF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........jp&...u...u...u.s.u...u.~.t...u.~.t...u.~.t...u.~.t...u1{.t...uIe.t...uIe.t...uo~.t...uo~.t...u.~.t...u1{.t...u...uk..u.~.t...u.~.t"..u.~.t...u.~.u...u...u...u.~.t...uRich...u................PE..L...G..f.................R%..2.......> ......p%...@...........................B.......C...@.........................pW5.....d\5.0....@:..h...........|B.@0....>......./.T...................@./.....h./.@............p%..1...........................text....Q%......R%................. ..`.rdata...C...p%..D...V%.............@..@.data....q....7..f....7.............@....rsrc....h...@:..j....:.............@..@.reloc........>......j>.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\is-GKK4N.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34424
                                                                                                                                                                                                        Entropy (8bit):6.512784801153792
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:+d4mD/qs5mKxn6UhwjGqnaZjr6mlMNDuagL2qskG+FEkCelQg3Yi5skl4ehbUnf1:+d4W5mE5hYGWQ6mMC6Lkt+kl4wbUmzU
                                                                                                                                                                                                        MD5:1DBD0059535234FC8AFCF42DAEA612CC
                                                                                                                                                                                                        SHA1:34B9B71FC7155DCDF354107CA908490C6C7B0FE2
                                                                                                                                                                                                        SHA-256:6ABD1EAAEC7F4F821295439DF09B79AFA30A67A9DDF6F1669A7AD83A52203340
                                                                                                                                                                                                        SHA-512:2BC74E327F485A0EDE5788D8B175B9A0CE7FDD086DA271B2A7167C697A962C13EBA8D3A0F188BA6A0FCD168A24D5175C4D97EBA524F3890C5770F26136AF73C1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H..............C.........W............................................../..........Rich...........PE..L...m.P_...........!.....8...8.......>.......P......................................."....@......................... ]..x....]..........H............p..x............T..T....................U......8U..@............P..x............................text....6.......8.................. ..`.rdata...%...P...&...<..............@..@.data................b..............@....qtmetadj............d..............@..P.rsrc...H............f..............@..@.reloc...............j..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\qsvgicon.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34424
                                                                                                                                                                                                        Entropy (8bit):6.512784801153792
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:+d4mD/qs5mKxn6UhwjGqnaZjr6mlMNDuagL2qskG+FEkCelQg3Yi5skl4ehbUnf1:+d4W5mE5hYGWQ6mMC6Lkt+kl4wbUmzU
                                                                                                                                                                                                        MD5:1DBD0059535234FC8AFCF42DAEA612CC
                                                                                                                                                                                                        SHA1:34B9B71FC7155DCDF354107CA908490C6C7B0FE2
                                                                                                                                                                                                        SHA-256:6ABD1EAAEC7F4F821295439DF09B79AFA30A67A9DDF6F1669A7AD83A52203340
                                                                                                                                                                                                        SHA-512:2BC74E327F485A0EDE5788D8B175B9A0CE7FDD086DA271B2A7167C697A962C13EBA8D3A0F188BA6A0FCD168A24D5175C4D97EBA524F3890C5770F26136AF73C1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H..............C.........W............................................../..........Rich...........PE..L...m.P_...........!.....8...8.......>.......P......................................."....@......................... ]..x....]..........H............p..x............T..T....................U......8U..@............P..x............................text....6.......8.................. ..`.rdata...%...P...&...<..............@..@.data................b..............@....qtmetadj............d..............@..P.rsrc...H............f..............@..@.reloc...............j..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-7CFBI.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32888
                                                                                                                                                                                                        Entropy (8bit):6.366189239788212
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:SVzMPPFyaBJdbIr1coZjUFF6zAY2UX9uGahWN56omz8Y:SpYbe1pUFF6zAY209uGahg56BX
                                                                                                                                                                                                        MD5:F1A96D6A6E415BC16A21C8557335B910
                                                                                                                                                                                                        SHA1:31B67D9DBE605F2BA0276828912671FF3F520EF5
                                                                                                                                                                                                        SHA-256:46E3E790B150F55FAB6E1509E65804D570D66603FC59CF80A3B7B1005359506D
                                                                                                                                                                                                        SHA-512:F24615198FAE508A9AE4C75055E315F8EC46B54C5C34163AAB56A0F976FF1CC672D556036AC04980B8BE8DE5C734512E63B6E41B5576DCAFE5DD8BF697A0AEF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o#..+B.Z+B.Z+B.Z":*Z-B.Z./.[)B.Zp*.[)B.Z./.[?B.Z./.[!B.Z./.[(B.Z.,.[.B.Z+B.ZDB.Z.,.[(B.Z.,.[*B.Z.,FZ*B.Z.,.[*B.ZRich+B.Z........................PE..L...rlP_...........!.....:...0......S@.......P....................................... ....@.........................p\..t....\..........@............j..x.......`...0T..T...................,U.......T..@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data........p.......\..............@....qtmetads............^..............@..P.rsrc...@............`..............@..@.reloc..`............d..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-9D65U.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):39544
                                                                                                                                                                                                        Entropy (8bit):6.5005630896773186
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:TJVI8DaIhOSb/uqJUDPSfEGlQaMuAS3DJJEwmrmz0i2:TJUYOSTJ1EGlQbuAiDJJEwmSf2
                                                                                                                                                                                                        MD5:FC8F392DFC984A517C2EFFCD06396AE0
                                                                                                                                                                                                        SHA1:E8FBA2260BB2266623F7D36DAA6A20AA131EA693
                                                                                                                                                                                                        SHA-256:79A566A4C494393BDEC6D7FDF9B513A0F565C0E3EF7315CF1C0D31411147DAAB
                                                                                                                                                                                                        SHA-512:E6DB039B5F790562B99BFC00802EDAC95AF0C9F46C7B08E43C6F07C0971E7D405B2218AA868BF66F4D249A3A258CF8FC97FA54A18168F30D44AAAC5BED19EB25
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<..<..<..5.~.:....>..g..>..../....6....>....9..<......>....=.....=....=..Rich<..........PE..L...b.P_...........!.....B...D......%H.......`.......................................F....@..........................q..t...dr..........@...............x............i..T....................j.......i..@............`..<............................text....@.......B.................. ..`.rdata..L(...`...*...F..............@..@.data................p..............@....qtmetadx............v..............@..P.rsrc...@............x..............@..@.reloc...............|..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-D9HS6.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):27256
                                                                                                                                                                                                        Entropy (8bit):6.273902321527826
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:6V5a4Yxx3TRZIrDl5d+jcEeM5uTojmzgA:Z4Yxx3N6rDl5d+jcRM5uTb8A
                                                                                                                                                                                                        MD5:CBAACC4FBCBAEDECF89A193D4923BEAF
                                                                                                                                                                                                        SHA1:B709E2412ACE8BD1D9911E9C02406130AEC2E3DC
                                                                                                                                                                                                        SHA-256:70800F7EE34A249FB33B4A1A108439F364DF6AB7C12DBAAE065F14D8835F5DF5
                                                                                                                                                                                                        SHA-512:D93FA250E24631F28D5F7FDFFE0CBF2D3E8BE80FE49DA386EE8B15780DF72B6A69A3229652CAE9F905C5AAE6D9EDD63AD6175261DCE89FFE79B1B97A7886E618
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H..............B.........W.........................................................Rich...........PE..L...j.P_...........!..... ...4.......%.......0.......................................F....@..........................<..t...D=..........@............T..x............4..T....................5.......4..@............0...............................text...$........ .................. ..`.rdata..X ...0..."...$..............@..@.data........`.......F..............@....qtmetad.....p.......H..............@..P.rsrc...@............J..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-G0A35.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):30840
                                                                                                                                                                                                        Entropy (8bit):6.474092660799376
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:s24GEcF4Bv6MyBgPE3+bTZAvACXCZ6asJgLmzg:nEjR6Myms3+bTZAvAuCZ6asJX0
                                                                                                                                                                                                        MD5:B8AB77896FD026607CB69449D46542A0
                                                                                                                                                                                                        SHA1:E6EC0433F2100AE3D10F4CA63AE1BF150216D9C2
                                                                                                                                                                                                        SHA-256:4B7E2FB1B656840AB2CBBF6F7208A5A52CFB63B8725FB19807EB28CBEA822DCA
                                                                                                                                                                                                        SHA-512:6BBB5D654707D6A67631A68A013D88071240511831C731A7FACBFA41FE678D6DCBDFE76B7BDADA5860EC176FC5DED12CABEE045EE28BE90975C11B66C97E48C5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:x7.~.Y.~.Y.~.Y.wa.z.Y..tX.|.Y.%qX.|.Y..t\.k.Y..t].t.Y..tZ.|.Y..wX.{.Y.~.X...Y..w\.}.Y..wY...Y..w....Y..w[...Y.Rich~.Y.................PE..L...vlP_...........!.........4.......5.......@...........................................@.........................`M..t....M..........@............b..x............D..T....................E.......D..@............@...............................text...t-.......................... ..`.rdata...!...@..."...2..............@..@.data........p.......T..............@....qtmetad.............V..............@..P.rsrc...@............X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-G4PS3.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):26232
                                                                                                                                                                                                        Entropy (8bit):6.256154478197342
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:HePY94fVM1Eyof7rjPDsEDw/iYnqO25QpyFJruvlnfePPLTTjgJg:+gmVMToDvDsEDw/nCCpyFJr0mzUe
                                                                                                                                                                                                        MD5:AC337E90E882E1C887212DB18F667BB5
                                                                                                                                                                                                        SHA1:A0668F44E8A16AE723FCB3011646671D57C61AA1
                                                                                                                                                                                                        SHA-256:EC69599D23D138476342255C204564BE8117B33730AE84E29063D5E2ACA1AC52
                                                                                                                                                                                                        SHA-512:75BB921FAE0BB7685D2EBE6B296600A3066E790C5FF22C1631BEC260A7848CEA211A41A2F8DE2A8283770692934A6EDE6F908BB60EE53C34D97E39F7A68B6847
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5..5..5..MN..5.?X..5..]..5.?X..5.?X..5.?X..5.v[..5..5..5.v[..5.v[..5.v["..5.v[..5.Rich.5.........PE..L...W.P_...........!.........2.......$.......0............................................@.........................0?..t....?.......p..@............P..x............5..T....................6.......6..@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data...L....P.......B..............@....qtmetadu....`.......D..............@..P.rsrc...@....p.......F..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-PGJGK.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):411256
                                                                                                                                                                                                        Entropy (8bit):6.716767399938534
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:HtXD8S+5nDJFnhVGJtdZNcGAwiDXL0rUwffzNk:HtXgS+5nDzatdZ6giD7cDG
                                                                                                                                                                                                        MD5:4B915730082C48A5F7A6D38B86F8DB6D
                                                                                                                                                                                                        SHA1:7048BF42D2302C8B996A6FDEA9B1F335D8C15DBE
                                                                                                                                                                                                        SHA-256:9C426A25A9966A48E1DA323924F2DFE2BEFFC2D59A09CE94BD58C26C724C5AE8
                                                                                                                                                                                                        SHA-512:79C83802F0A660D3BD5D70A7EAF90D57F717C76603CFE7A04FAB4E1F54C1ABCFDD05E0FABAAEB19F10816A30C3B58751C506DE8BE3FF662FA6B9BF77D2E44F52
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Cf."..."..."...Z..."..jO..."...J..."..jO..."..jO..."..jO..."..#L..."..."..+"..#L..."..#L..."..#L..."..#L..."..#L..."..Rich."..........PE..L...n.P_...........!.....^..........Zf.......p............................................@.............................t............P..@............0..x....`...$......T...........................(...@............p..L............................text....].......^.................. ..`.rdata..t....p.......b..............@..@.data...L ..........................@....qtmetadv....@......................@..P.rsrc...@....P......................@..@.reloc...$...`...&..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-POG0R.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):352376
                                                                                                                                                                                                        Entropy (8bit):5.7860727528475495
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:Lg13+6SXUqXxTOEVakoMDTkyJpj/i0kBHWAiSe8uA7oAQxb:EJ+oXkoMDIyXj/kZkxb
                                                                                                                                                                                                        MD5:53B2CC16614853EC5CB2D186444326BF
                                                                                                                                                                                                        SHA1:836075A538A34E4C68486A6CD47975948310E3AB
                                                                                                                                                                                                        SHA-256:3D14491E4417BFB4E6F35BA9E3D5C7253F76E299CAFE7AF1EC3A75861F87C25B
                                                                                                                                                                                                        SHA-512:2045996B4507BE517BBF5B018DE918D4BD9D716E7EBC702DCCB85BD45300D30947840A4C18B26E0BB95F803710F54DD04ABA9C71DC7B02B93BB979E0A5458BF4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.............N..........F............................................>.........."..........Rich...................PE..L...a.P_...........!.........^......h.....................................................@.............................t...4........P..@............J..x....`......p...T...................l...........@............................................text............................... ..`.rdata...........0..................@..@.data........0....... ..............@....qtmetad.....@.......$..............@..P.rsrc...@....P.......&..............@..@.reloc.......`... ...*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-Q1DIU.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):25208
                                                                                                                                                                                                        Entropy (8bit):6.398583681156456
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:m8r/ODY4e2mVkzEkK+jmE2VxfDZFShGqOi5srQIAJ8fZ8nfePPLTTjjev:L/UY4edDkK3E2XfSGe+rXAJ8R8mz6
                                                                                                                                                                                                        MD5:4870C4C067D38EA93FDC06AD53801BF5
                                                                                                                                                                                                        SHA1:DE57B2B78C448CF381A8253F79972C5DF65E5B55
                                                                                                                                                                                                        SHA-256:C564B67E2FF3BB1E4C8BF5EBC9A9E3014B28768BA27C44DCCDFD0D6686400845
                                                                                                                                                                                                        SHA-512:1D53829CAF4E0DE0BD4A187D0F732460FD25591FE335F1E6215A936AE73A77EDB201C818394D684036297331F01BB4F6A1B9A7EDD58DC5705F4A17E05BE5876E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n............................................................V...............V.......V.......V.......V.......Rich............PE..L...P.P_...........!................V%.......0......................................"@....@.........................`<..t....<.......p..@............L..x............4..T....................5......h4..@............0...............................text............................... ..`.rdata..n....0......."..............@..@.data........P.......@..............@....qtmetad~....`.......B..............@..P.rsrc...@....p.......D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-UEUJE.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):372344
                                                                                                                                                                                                        Entropy (8bit):5.6433127384748865
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:JxR84U9TnBEMOMiotCktRTcsLUaEL3lsVTFlX0ljFvA136zd8Za:JlUFYktRfaslPBa
                                                                                                                                                                                                        MD5:9F170BC8DC6F9DAA3DC233EC1186EAF6
                                                                                                                                                                                                        SHA1:D8302C6355A7280CFF6A7B6A8983774405922564
                                                                                                                                                                                                        SHA-256:EF63A855DEB878FEA795C2F251694170ED8B98526BBADF1315FE3D7AED8994CF
                                                                                                                                                                                                        SHA-512:3B04ED0D82AF58B0EA3ECB79E224DE09F8C6E97F53868C4C09BDD093CC1A24E25264179DAB2C708C8A662C898206DFD5E42B24B03B2E27CF1BF6F093853CD3A2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................(...........(.....(.....(.....a.......>.a.....a.....a.....a.a...a.....Rich..........................PE..L....lP_...........!................[.....................................................@..........................u..t....u..........@...............x............l..T....................m......(m..@............................................text............................... ..`.rdata..............................@..@.data...............................@....qtmetad............................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qgif.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32888
                                                                                                                                                                                                        Entropy (8bit):6.366189239788212
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:SVzMPPFyaBJdbIr1coZjUFF6zAY2UX9uGahWN56omz8Y:SpYbe1pUFF6zAY209uGahg56BX
                                                                                                                                                                                                        MD5:F1A96D6A6E415BC16A21C8557335B910
                                                                                                                                                                                                        SHA1:31B67D9DBE605F2BA0276828912671FF3F520EF5
                                                                                                                                                                                                        SHA-256:46E3E790B150F55FAB6E1509E65804D570D66603FC59CF80A3B7B1005359506D
                                                                                                                                                                                                        SHA-512:F24615198FAE508A9AE4C75055E315F8EC46B54C5C34163AAB56A0F976FF1CC672D556036AC04980B8BE8DE5C734512E63B6E41B5576DCAFE5DD8BF697A0AEF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o#..+B.Z+B.Z+B.Z":*Z-B.Z./.[)B.Zp*.[)B.Z./.[?B.Z./.[!B.Z./.[(B.Z.,.[.B.Z+B.ZDB.Z.,.[(B.Z.,.[*B.Z.,FZ*B.Z.,.[*B.ZRich+B.Z........................PE..L...rlP_...........!.....:...0......S@.......P....................................... ....@.........................p\..t....\..........@............j..x.......`...0T..T...................,U.......T..@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data........p.......\..............@....qtmetads............^..............@..P.rsrc...@............`..............@..@.reloc..`............d..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qicns.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):39544
                                                                                                                                                                                                        Entropy (8bit):6.5005630896773186
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:TJVI8DaIhOSb/uqJUDPSfEGlQaMuAS3DJJEwmrmz0i2:TJUYOSTJ1EGlQbuAiDJJEwmSf2
                                                                                                                                                                                                        MD5:FC8F392DFC984A517C2EFFCD06396AE0
                                                                                                                                                                                                        SHA1:E8FBA2260BB2266623F7D36DAA6A20AA131EA693
                                                                                                                                                                                                        SHA-256:79A566A4C494393BDEC6D7FDF9B513A0F565C0E3EF7315CF1C0D31411147DAAB
                                                                                                                                                                                                        SHA-512:E6DB039B5F790562B99BFC00802EDAC95AF0C9F46C7B08E43C6F07C0971E7D405B2218AA868BF66F4D249A3A258CF8FC97FA54A18168F30D44AAAC5BED19EB25
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<..<..<..5.~.:....>..g..>..../....6....>....9..<......>....=.....=....=..Rich<..........PE..L...b.P_...........!.....B...D......%H.......`.......................................F....@..........................q..t...dr..........@...............x............i..T....................j.......i..@............`..<............................text....@.......B.................. ..`.rdata..L(...`...*...F..............@..@.data................p..............@....qtmetadx............v..............@..P.rsrc...@............x..............@..@.reloc...............|..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qico.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):30840
                                                                                                                                                                                                        Entropy (8bit):6.474092660799376
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:s24GEcF4Bv6MyBgPE3+bTZAvACXCZ6asJgLmzg:nEjR6Myms3+bTZAvAuCZ6asJX0
                                                                                                                                                                                                        MD5:B8AB77896FD026607CB69449D46542A0
                                                                                                                                                                                                        SHA1:E6EC0433F2100AE3D10F4CA63AE1BF150216D9C2
                                                                                                                                                                                                        SHA-256:4B7E2FB1B656840AB2CBBF6F7208A5A52CFB63B8725FB19807EB28CBEA822DCA
                                                                                                                                                                                                        SHA-512:6BBB5D654707D6A67631A68A013D88071240511831C731A7FACBFA41FE678D6DCBDFE76B7BDADA5860EC176FC5DED12CABEE045EE28BE90975C11B66C97E48C5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:x7.~.Y.~.Y.~.Y.wa.z.Y..tX.|.Y.%qX.|.Y..t\.k.Y..t].t.Y..tZ.|.Y..wX.{.Y.~.X...Y..w\.}.Y..wY...Y..w....Y..w[...Y.Rich~.Y.................PE..L...vlP_...........!.........4.......5.......@...........................................@.........................`M..t....M..........@............b..x............D..T....................E.......D..@............@...............................text...t-.......................... ..`.rdata...!...@..."...2..............@..@.data........p.......T..............@....qtmetad.............V..............@..P.rsrc...@............X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qjpeg.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):372344
                                                                                                                                                                                                        Entropy (8bit):5.6433127384748865
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:JxR84U9TnBEMOMiotCktRTcsLUaEL3lsVTFlX0ljFvA136zd8Za:JlUFYktRfaslPBa
                                                                                                                                                                                                        MD5:9F170BC8DC6F9DAA3DC233EC1186EAF6
                                                                                                                                                                                                        SHA1:D8302C6355A7280CFF6A7B6A8983774405922564
                                                                                                                                                                                                        SHA-256:EF63A855DEB878FEA795C2F251694170ED8B98526BBADF1315FE3D7AED8994CF
                                                                                                                                                                                                        SHA-512:3B04ED0D82AF58B0EA3ECB79E224DE09F8C6E97F53868C4C09BDD093CC1A24E25264179DAB2C708C8A662C898206DFD5E42B24B03B2E27CF1BF6F093853CD3A2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................(...........(.....(.....(.....a.......>.a.....a.....a.....a.a...a.....Rich..........................PE..L....lP_...........!................[.....................................................@..........................u..t....u..........@...............x............l..T....................m......(m..@............................................text............................... ..`.rdata..............................@..@.data...............................@....qtmetad............................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qsvg.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):27256
                                                                                                                                                                                                        Entropy (8bit):6.273902321527826
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:6V5a4Yxx3TRZIrDl5d+jcEeM5uTojmzgA:Z4Yxx3N6rDl5d+jcRM5uTb8A
                                                                                                                                                                                                        MD5:CBAACC4FBCBAEDECF89A193D4923BEAF
                                                                                                                                                                                                        SHA1:B709E2412ACE8BD1D9911E9C02406130AEC2E3DC
                                                                                                                                                                                                        SHA-256:70800F7EE34A249FB33B4A1A108439F364DF6AB7C12DBAAE065F14D8835F5DF5
                                                                                                                                                                                                        SHA-512:D93FA250E24631F28D5F7FDFFE0CBF2D3E8BE80FE49DA386EE8B15780DF72B6A69A3229652CAE9F905C5AAE6D9EDD63AD6175261DCE89FFE79B1B97A7886E618
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H..............B.........W.........................................................Rich...........PE..L...j.P_...........!..... ...4.......%.......0.......................................F....@..........................<..t...D=..........@............T..x............4..T....................5.......4..@............0...............................text...$........ .................. ..`.rdata..X ...0..."...$..............@..@.data........`.......F..............@....qtmetad.....p.......H..............@..P.rsrc...@............J..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtga.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):26232
                                                                                                                                                                                                        Entropy (8bit):6.256154478197342
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:HePY94fVM1Eyof7rjPDsEDw/iYnqO25QpyFJruvlnfePPLTTjgJg:+gmVMToDvDsEDw/nCCpyFJr0mzUe
                                                                                                                                                                                                        MD5:AC337E90E882E1C887212DB18F667BB5
                                                                                                                                                                                                        SHA1:A0668F44E8A16AE723FCB3011646671D57C61AA1
                                                                                                                                                                                                        SHA-256:EC69599D23D138476342255C204564BE8117B33730AE84E29063D5E2ACA1AC52
                                                                                                                                                                                                        SHA-512:75BB921FAE0BB7685D2EBE6B296600A3066E790C5FF22C1631BEC260A7848CEA211A41A2F8DE2A8283770692934A6EDE6F908BB60EE53C34D97E39F7A68B6847
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5..5..5..MN..5.?X..5..]..5.?X..5.?X..5.?X..5.v[..5..5..5.v[..5.v[..5.v["..5.v[..5.Rich.5.........PE..L...W.P_...........!.........2.......$.......0............................................@.........................0?..t....?.......p..@............P..x............5..T....................6.......6..@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data...L....P.......B..............@....qtmetadu....`.......D..............@..P.rsrc...@....p.......F..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtiff.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):352376
                                                                                                                                                                                                        Entropy (8bit):5.7860727528475495
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:Lg13+6SXUqXxTOEVakoMDTkyJpj/i0kBHWAiSe8uA7oAQxb:EJ+oXkoMDIyXj/kZkxb
                                                                                                                                                                                                        MD5:53B2CC16614853EC5CB2D186444326BF
                                                                                                                                                                                                        SHA1:836075A538A34E4C68486A6CD47975948310E3AB
                                                                                                                                                                                                        SHA-256:3D14491E4417BFB4E6F35BA9E3D5C7253F76E299CAFE7AF1EC3A75861F87C25B
                                                                                                                                                                                                        SHA-512:2045996B4507BE517BBF5B018DE918D4BD9D716E7EBC702DCCB85BD45300D30947840A4C18B26E0BB95F803710F54DD04ABA9C71DC7B02B93BB979E0A5458BF4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.............N..........F............................................>.........."..........Rich...................PE..L...a.P_...........!.........^......h.....................................................@.............................t...4........P..@............J..x....`......p...T...................l...........@............................................text............................... ..`.rdata...........0..................@..@.data........0....... ..............@....qtmetad.....@.......$..............@..P.rsrc...@....P.......&..............@..@.reloc.......`... ...*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwbmp.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):25208
                                                                                                                                                                                                        Entropy (8bit):6.398583681156456
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:m8r/ODY4e2mVkzEkK+jmE2VxfDZFShGqOi5srQIAJ8fZ8nfePPLTTjjev:L/UY4edDkK3E2XfSGe+rXAJ8R8mz6
                                                                                                                                                                                                        MD5:4870C4C067D38EA93FDC06AD53801BF5
                                                                                                                                                                                                        SHA1:DE57B2B78C448CF381A8253F79972C5DF65E5B55
                                                                                                                                                                                                        SHA-256:C564B67E2FF3BB1E4C8BF5EBC9A9E3014B28768BA27C44DCCDFD0D6686400845
                                                                                                                                                                                                        SHA-512:1D53829CAF4E0DE0BD4A187D0F732460FD25591FE335F1E6215A936AE73A77EDB201C818394D684036297331F01BB4F6A1B9A7EDD58DC5705F4A17E05BE5876E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n............................................................V...............V.......V.......V.......V.......Rich............PE..L...P.P_...........!................V%.......0......................................"@....@.........................`<..t....<.......p..@............L..x............4..T....................5......h4..@............0...............................text............................... ..`.rdata..n....0......."..............@..@.data........P.......@..............@....qtmetad~....`.......B..............@..P.rsrc...@....p.......D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwebp.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):411256
                                                                                                                                                                                                        Entropy (8bit):6.716767399938534
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:HtXD8S+5nDJFnhVGJtdZNcGAwiDXL0rUwffzNk:HtXgS+5nDzatdZ6giD7cDG
                                                                                                                                                                                                        MD5:4B915730082C48A5F7A6D38B86F8DB6D
                                                                                                                                                                                                        SHA1:7048BF42D2302C8B996A6FDEA9B1F335D8C15DBE
                                                                                                                                                                                                        SHA-256:9C426A25A9966A48E1DA323924F2DFE2BEFFC2D59A09CE94BD58C26C724C5AE8
                                                                                                                                                                                                        SHA-512:79C83802F0A660D3BD5D70A7EAF90D57F717C76603CFE7A04FAB4E1F54C1ABCFDD05E0FABAAEB19F10816A30C3B58751C506DE8BE3FF662FA6B9BF77D2E44F52
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Cf."..."..."...Z..."..jO..."...J..."..jO..."..jO..."..jO..."..#L..."..."..+"..#L..."..#L..."..#L..."..#L..."..#L..."..Rich."..........PE..L...n.P_...........!.....^..........Zf.......p............................................@.............................t............P..@............0..x....`...$......T...........................(...@............p..L............................text....].......^.................. ..`.rdata..t....p.......b..............@..@.data...L ..........................@....qtmetadv....@......................@..P.rsrc...@....P......................@..@.reloc...$...`...&..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-004SO.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13768
                                                                                                                                                                                                        Entropy (8bit):6.798905181617243
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:6GEOMw3zdp3bwjGzue9/0jCRrndbFWYhWfRDli:6TOMwBprwjGzue9/0jCRrndbB0
                                                                                                                                                                                                        MD5:21519F4D5F1FEA53532A0B152910EF8B
                                                                                                                                                                                                        SHA1:7833AC2C20263C8BE42F67151F9234EB8E4A5515
                                                                                                                                                                                                        SHA-256:5FBD69186F414D1D99AC61C9C15A57390FF21FE995E5C01F1C4E14510B6FB9B1
                                                                                                                                                                                                        SHA-512:97211FAD4AAE2F6A6B783107938F0635C302445E74FC34A26AA386864509919C3F084E80579D2502105D9256AAB9F57EA16137C43344B1C62F64E5BC1125A417
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....f.F...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....f.F........@...T...T........f.F........d................f.F........$...........RSDSkR...<...L.,.>......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...kR...<...L.,.>..n.N.#$..E..f.F.........f.F............;...;...H...4... ...........-...\.......................5...U...}...................A...i...................1...n...............O...................O...~...............&...O...|...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-011CA.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):453312
                                                                                                                                                                                                        Entropy (8bit):6.654147150103626
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:J7kdHIZ63+flb/ExW7PWNLhKj5oKHW/Q13O3PL6v6j5qts3nSIOWuEJH9Mz:G+6OflDfWN8NoKy43O3PL6yMqQ6m
                                                                                                                                                                                                        MD5:03CBD3D314E8666079A20909D269B80C
                                                                                                                                                                                                        SHA1:20A0EB6B35853A73C57467727100F1D3E607472E
                                                                                                                                                                                                        SHA-256:A482A64296D6075282114CA764B7D14812D338D1CE56475610BA43CAD41C27AE
                                                                                                                                                                                                        SHA-512:67BB82CB2E5ADC140E796897C76BA527B466F41B9D5406A9C93EF777D9F05F8F531A6AD6A6F0716E91D8D6D3E15BBD4EAB21A88B587D83152910F512DF5C7266
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q.{F0.(F0.(F0.(OH.(T0.(.E.)D0.( _|(A0.(.E.)J0.(.E.)L0.(.E.)A0.(F0.(.0.(.H.)I0.(.E.).0.(.E.)G0.(.E~(G0.(.E.)G0.(RichF0.(................PE..L......c...........!.....X...j......o].......p.......................................Z....@......................... ].......f..h.......(................*.......>...Y..............................(Y..@............p..P............................text...?V.......X.................. ..`.rdata..h....p.......\..............@..@.data................d..............@....rsrc...(............z..............@..@.reloc...>.......@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-0D98S.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15304
                                                                                                                                                                                                        Entropy (8bit):6.565748840552441
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:YM0wd8dc9cydWYhWtWWFYg7VWQ4eWydY8p2kacqnajYWx:B0wd8xydWYhWrjY8pUclMK
                                                                                                                                                                                                        MD5:88F89D0F2BD5748ED1AF75889E715E6A
                                                                                                                                                                                                        SHA1:8ADA489B9FF33530A3FB7161CC07B5B11DFB8909
                                                                                                                                                                                                        SHA-256:02C78781BF6CC5F22A0ECEDC3847BFD20BED4065AC028C386D063DC2318C33CC
                                                                                                                                                                                                        SHA-512:1F5A00284CA1D6DC6AE2DFCE306FEBFA6D7D71D421583E4CE6890389334C2D98291E98E992B58136F5D1A41590553E3AD42FB362247AE8ADF60E33397AFBB5DF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!.........................0...............................@.......r....@.........................0................0...................!..............T............................................................................text............................... ..`.rsrc........0......................@..@v...............................:...d...d...................d...........................$...........RSDS.1.....5..MD....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....1.....5..MD T=...Z.9.X.................................z...z...X...@...(...H...c...~...........................7...Q...n.............................../...J...e...............................#...:...U...r...............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-2NJ94.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.852501651690859
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:a0I6fHQduPWYhWIWWFYg7VWQ4eW87AEp8p2kacqnajY4xnS:aIf5WYhWosEp8pUclMYnS
                                                                                                                                                                                                        MD5:3DFB82541979A23A9DEB5FD4DCFB6B22
                                                                                                                                                                                                        SHA1:5DA1D02B764917B38FDC34F4B41FB9A599105DD9
                                                                                                                                                                                                        SHA-256:0CD6D0FF0FF5ECF973F545E98B68AC6038DB5494A8990C3B77B8A95B664B6FEB
                                                                                                                                                                                                        SHA-512:F9A20B3D44D39D941FA131C3A1DB37614A2F9B2AF7260981A0F72C69F82A5326901F70A56B5F7AD65862630FCE59B02F650A132EE7ECFE2E4FC80F694483CA82
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...d.............!......................... ...............................0......8.....@.........................0...^............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................d..........:...d...d.......d..........d...............d..........$...........RSDS.@.7..o..t.c.A.V....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0...^....edata... ..`....rsrc$01....` .......rsrc$02.... ....@.7..o..t.c.A.V...1.v..{U.d..............d......................X.......H..............."...C...\...u...........................!...8...K...`...{...............................'...>...T...i.......................<...S...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-35OOR.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1309248
                                                                                                                                                                                                        Entropy (8bit):6.527529456231143
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:8tdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5xax0vTx96e7C:kqTytRFk6ek1x3O
                                                                                                                                                                                                        MD5:4BE9718959029220FC534542CB891006
                                                                                                                                                                                                        SHA1:B205217CEAC2E6F583B250EBC55106001F59EB87
                                                                                                                                                                                                        SHA-256:DB8B0C53B3CF466F055325513273671773A138BCAE59B84E4C78DC7DEE393452
                                                                                                                                                                                                        SHA-512:B21A946BC700988773BE610787B4C4D26F994369742D0293AC74457CFEEE727D7B8F7B7101C8A36C62488B32A1E4D0F85349F8F16A74100D530BE8534FF5658B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................6.....@......@..............................@8...0...\..............@0................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc....\...0...^...l..............@..@....................................@..@........................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-3F3D0.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4483704
                                                                                                                                                                                                        Entropy (8bit):6.835994551598057
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:LNYrZPyqlHjgvBDFx+jnn1nSQnCKWnDcxcYd/IAm4:ClqDFx+YxK7mY9IAm4
                                                                                                                                                                                                        MD5:FE4E5ED83642E0DD84BB41450D020AF6
                                                                                                                                                                                                        SHA1:275601E50EECB6C7E19D9DD4DDBE6E23FAA92650
                                                                                                                                                                                                        SHA-256:BAA679FBB6B375EA4F9A2C536E8CC750CDF25946379DCED876D2A855DDAA838C
                                                                                                                                                                                                        SHA-512:B29E60FF24684A969B61357AADC3D8A5614521CC77FE52016F886FD8B40F13F2B8F8B34CD9888D3C972642A06A6B94C29A193D7AB09A8285277F414DF96F5D18
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.....................I........................................F...........F..a..F.....F.%......M....F.....Rich...........................PE..L...KlP_...........!.....X+..........Z+......p+....e..........................D......D...@...........................6..'....>.T.....A..............TD.x.....A.......5.T...................|.5.......5.@............p+../...........................text...:W+......X+................. ..`.rdata.......p+......\+.............@..@.data........@A..j..."A.............@....rsrc.........A.......A.............@..@.reloc........A.......A.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-3K7GS.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17864
                                                                                                                                                                                                        Entropy (8bit):6.382738607708961
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:9FvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl/WYhWl76tW8pUclMgp:j5yguNvZ5VQgx3SbwA71IkFw5W8pUq
                                                                                                                                                                                                        MD5:F364190706414020C02CF4D531E0229D
                                                                                                                                                                                                        SHA1:5899230B0D7AD96121C3BE0DF99235DDD8A47DC6
                                                                                                                                                                                                        SHA-256:A797C0D43A52E7C8205397225AC931638D73B567683F38DD803195DA9D34EAC2
                                                                                                                                                                                                        SHA-512:A9C8ABBD846AB55942F440E905D1F3864B82257B8DAA44C784B1997A060DE0C0439ECC25A2193032D4D85191535E9253E435DEED23BDF3D3CB48C4209005A02E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....J.............!.........................0...............................@......cb....@.........................0................0...............$...!..............T............................................................................text............................... ..`.rsrc........0....... ..............@..@v....................J..........9...d...d........J..........d................J..........$...........RSDS...mL..w.z....A....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ......mL..w.z....A.OQ..N..(...J...............J......L...............X... .......w.......................%...C...b...........................:...\...{.......................:...[...{.......................@...a...............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-4J866.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15808
                                                                                                                                                                                                        Entropy (8bit):6.594537759210963
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:nJB0fhrpIhhf4AN5/jiTWYhWjWWFYg7VWQ4uWT67dEO8p2kacqnajYvxfyfA:n0hrKIWYhWR/7F8pUclMJfz
                                                                                                                                                                                                        MD5:4F06DA894EA013A5E18B8B84A9836D5A
                                                                                                                                                                                                        SHA1:40CF36E07B738AA8BBA58BC5587643326FF412A9
                                                                                                                                                                                                        SHA-256:876BD768C8605056579DD8962E2FD7CC96306FAB5759D904E8A24E46C25BD732
                                                                                                                                                                                                        SHA-512:1D7C0682D343416E6942547E6A449BE4654158D6A70D78AD3C7E8C2B39C296C9406013A3CFE84D1AE8608F19BEE1D4F346D26576D7ED56456EEA39D5D7200F79
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....2.O...........!.........................0...............................@......X.....@.........................0................0...................!..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................2.O........:...d...d........2.O........d................2.O........$...........RSDS.:.....1../..$.*....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....:.....1../..$.*j`Y..+J......2.O.............2.O............k...k...X...........................6...T...s.......................>...e.......................+...I...n.......................F...e...................&...G...d...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-5KAL2.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):951808
                                                                                                                                                                                                        Entropy (8bit):6.595786024423779
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:j3Qot4CtMnlVl8OsmVEpAymT3cVPjeDzh2A2I5fZBTQgsPfU:ko3twVl8OsmVp3cBCDzhn2I5fHTQfU
                                                                                                                                                                                                        MD5:2829AB15FFF44C84D319274AB61BC4DD
                                                                                                                                                                                                        SHA1:F825F839E0EB35077BE24C2692B42C31B4541411
                                                                                                                                                                                                        SHA-256:A8F3DC44C4DE1D96A1C4491686F54E1931387DF800653BE71458BA11863A00C4
                                                                                                                                                                                                        SHA-512:B689D95FE217307736E0240F3F919646F69E953D007EA89B71207A149F8F5D4710307C1D248F755E40A564ADA49DE9E1FDD926984F45CE2F6E4C872DBCA8EB1A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=8..yY..yY..yY..?.Y.pY..?.f.lY..?.[.}Y..?.g.uY..p!..xY..yY...X..p!..fY..t.b..Y..t.g.mY..t.].xY..yY..xY..t.X.xY..RichyY..........PE..L.....U..........................................@.......................................@..................................|..h.......(....................`...W......8...............................@...............h............................text............................... ..`.rdata..$...........................@..@.data...............................@....rsrc...(...........................@..@.reloc...W...`...X..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-5MTU0.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):433272
                                                                                                                                                                                                        Entropy (8bit):6.406577939449063
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:VuWoR2Bwb8HHEgIjBN4SlBZr5j7E8doP+kTRzbh10rNus/vUS+B+/iSMk:VuWODb8nYBN4wBl5M8qPf3wNNmk
                                                                                                                                                                                                        MD5:E368A66AD5114ADF1F43790AB728CED2
                                                                                                                                                                                                        SHA1:C6E86F5B71D628B2556249CC96FDC2884B833143
                                                                                                                                                                                                        SHA-256:5CCA88F525E8B371EB579DA114C26F1EC570157A95EB83A6CC38EA888FF400EA
                                                                                                                                                                                                        SHA-512:D801024C78F986B00CD16E94903057B4D41B72E0C04497A50E70C7CC65F9DA54C347B46D234C26894D9FC7DE6574D5086D2B2E97E66DF0AD1F958438A109BFAF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h...,.G,.G,.G%..G*.G...F..G...F:.G...F&.G...F/.Gw..F-.Gw..F .G...F).G,.G..G...F#.G...F-.G..}G-.G,..G-.G...F-.GRich,.G................PE..L.....P_...........!.....N...t......8R.......`............................................@..........................j..09........... ..................x....0..T...@_..T...................<`......._..@............`...............................text....M.......N.................. ..`.rdata...h...`...j...R..............@..@.data....B..........................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-5N01T.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4369472
                                                                                                                                                                                                        Entropy (8bit):6.59289267077476
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:zpf+AnvqCbjnxmf1O2zdQ93xd7JhvhGS1unYd08gEBk:Vf+6vJbjxmfkd77hGyplC
                                                                                                                                                                                                        MD5:4AF96C036230E02407C613237F8BC9D5
                                                                                                                                                                                                        SHA1:5D5F362E9C1D546368F7FA15C2F443351382DF6C
                                                                                                                                                                                                        SHA-256:422E463DEEE0D63C8C99FEE0C47BBF311377D57E34E57EE72989BC4E98DC1712
                                                                                                                                                                                                        SHA-512:0DACFE172DFEE33EBFE66AFE433B3CB73DEF74AC72179DC4D658B359A191EFEE4C074AE0FF90F2E5A8C6D38FF548507D821948ACAD2535DA8B8CCA185C3FBBFF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........jp&...u...u...u.s.u...u.~.t...u.~.t...u.~.t...u.~.t...u1{.t...uIe.t...uIe.t...uo~.t...uo~.t...u.~.t...u1{.t...u...uk..u.~.t...u.~.t"..u.~.t...u.~.u...u...u...u.~.t...uRich...u................PE..L...G..f.................R%..2.......> ......p%...@...........................B.......C...@.........................pW5.....d\5.0....@:..h...........|B.@0....>......./.T...................@./.....h./.@............p%..1...........................text....Q%......R%................. ..`.rdata...C...p%..D...V%.............@..@.data....q....7..f....7.............@....rsrc....h...@:..j....:.............@..@.reloc........>......j>.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-5O9IO.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                        Entropy (8bit):6.486713548287172
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:2k0HTiHQYmjfFKyaWcw5gWUsadHRN7ya/hl3KS0nyGqU:H2iF0FK4VoySIyRU
                                                                                                                                                                                                        MD5:56F86F08DE73C981031224CDE928DFA8
                                                                                                                                                                                                        SHA1:C009AA8D145276ED5D1FC21F83BF004594B9793F
                                                                                                                                                                                                        SHA-256:8906D59ED097E7B857DD19A5323CB0EAB006AF7D1F20EE233C4C86645C7F3A0B
                                                                                                                                                                                                        SHA-512:6BCF58A60435A90ABC06334FBAE1507015F793760027F75F6696023AF2A88517DC31B87A86984A0B877384BEA73BC444A92293790FDA3420D36CFC0736E4195E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...%..%..%.8i...%....%.2.!..%.2.&..%..$..%.2.$..%.2. ..%.2.%..%.2....%.2.'..%.Rich..%.........................PE..L....m_.........."!................p........0...............................p.......)....@A.........................*..J....@..x....P...............0...#...`..p...X...8...............................@............@...............................text...J........................... ..`.data...8....0....... ..............@....idata.......@......."..............@..@.rsrc........P.......(..............@..@.reloc..p....`.......,..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-5TRC1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.859698838321107
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:FPWYhW5WWFYg7VWQ4eWxSwPGux5DqnajuyVp:FPWYhW3+Dligp
                                                                                                                                                                                                        MD5:86421619DAD87870E5F3CC0BEB1F7963
                                                                                                                                                                                                        SHA1:2F0FE3EB94FA90577846D49C03C4FD08EF9D3FB2
                                                                                                                                                                                                        SHA-256:64ECCD818F6FFC13F57A2EC5CA358B401FFBB1CA13B0C523D479EF5EE9EB44AB
                                                                                                                                                                                                        SHA-512:DBCE9904DD5A403A5A69E528EE1179CC5FAAB1361715A29B1A0DE0CD33AD3AE9C9D5620DAFB161FDA86CB27909D001BE8955940FD051077FFE6F3FF82357AD31
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....A............!......................... ...............................0............@......................... ...E............ ...................!..............T............................................................................text...e........................... ..`.rsrc........ ......................@..@......A.........<...T...T.........A.........d.................A.........$...........RSDS,..[..e.;:.d.N....api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...E....edata... ..`....rsrc$01....` .......rsrc$02.... ...,..[..e.;:.d.NG0...g.@)....A...............A.....................H...|...........J...........%...c...............Y...........:.......5...h...........E...............9.........................................api-ms-win-core-timezone-l1-1-

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-69TKB.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15304
                                                                                                                                                                                                        Entropy (8bit):6.565748840552441
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:YM0wd8dc9cydWYhWtWWFYg7VWQ4eWydY8p2kacqnajYWx:B0wd8xydWYhWrjY8pUclMK
                                                                                                                                                                                                        MD5:88F89D0F2BD5748ED1AF75889E715E6A
                                                                                                                                                                                                        SHA1:8ADA489B9FF33530A3FB7161CC07B5B11DFB8909
                                                                                                                                                                                                        SHA-256:02C78781BF6CC5F22A0ECEDC3847BFD20BED4065AC028C386D063DC2318C33CC
                                                                                                                                                                                                        SHA-512:1F5A00284CA1D6DC6AE2DFCE306FEBFA6D7D71D421583E4CE6890389334C2D98291E98E992B58136F5D1A41590553E3AD42FB362247AE8ADF60E33397AFBB5DF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!.........................0...............................@.......r....@.........................0................0...................!..............T............................................................................text............................... ..`.rsrc........0......................@..@v...............................:...d...d...................d...........................$...........RSDS.1.....5..MD....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....1.....5..MD T=...Z.9.X.................................z...z...X...@...(...H...c...~...........................7...Q...n.............................../...J...e...............................#...:...U...r...............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-6QUBS.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.859698838321107
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:FPWYhW5WWFYg7VWQ4eWxSwPGux5DqnajuyVp:FPWYhW3+Dligp
                                                                                                                                                                                                        MD5:86421619DAD87870E5F3CC0BEB1F7963
                                                                                                                                                                                                        SHA1:2F0FE3EB94FA90577846D49C03C4FD08EF9D3FB2
                                                                                                                                                                                                        SHA-256:64ECCD818F6FFC13F57A2EC5CA358B401FFBB1CA13B0C523D479EF5EE9EB44AB
                                                                                                                                                                                                        SHA-512:DBCE9904DD5A403A5A69E528EE1179CC5FAAB1361715A29B1A0DE0CD33AD3AE9C9D5620DAFB161FDA86CB27909D001BE8955940FD051077FFE6F3FF82357AD31
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....A............!......................... ...............................0............@......................... ...E............ ...................!..............T............................................................................text...e........................... ..`.rsrc........ ......................@..@......A.........<...T...T.........A.........d.................A.........$...........RSDS,..[..e.;:.d.N....api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...E....edata... ..`....rsrc$01....` .......rsrc$02.... ...,..[..e.;:.d.NG0...g.@)....A...............A.....................H...|...........J...........%...c...............Y...........:.......5...h...........E...............9.........................................api-ms-win-core-timezone-l1-1-

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-6T20U.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11416
                                                                                                                                                                                                        Entropy (8bit):6.815621198462554
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:KdWYhWJWWFYg7VWQ4WWeRkJqnajgrTZutRnPZA9S:KdWYhWHsJl0huHnPZA9S
                                                                                                                                                                                                        MD5:CD3CEC3D65AE62FDF044F720245F29C0
                                                                                                                                                                                                        SHA1:C4643779A0F0F377323503F2DB8D2E4D74C738CA
                                                                                                                                                                                                        SHA-256:676A6DA661E0C02E72BEA510F5A48CAE71FDC4DA0B1B089C24BFF87651EC0141
                                                                                                                                                                                                        SHA-512:ACA1029497C5A9D26EE09810639278EB17B8FD11B15C9017C8B578FCED29CEF56F172750C4CC2B0D1EBF8683D29E15DE52A6951FB23D78712E31DDCB41776B0F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....ARo...........!......................... ...............................0......@$....@......................... ...L............ ..................."..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@.....ARo........8...T...T........ARo........d................ARo........$...........RSDS...+A<...s.O.....api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ...L....edata... ..`....rsrc$01....` .......rsrc$02.... ......+A<...s.O.&...x)=.ro2.ARo.................ARo....p...............H...X...h...............B...............!...........api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolu

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-7BQVT.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12232
                                                                                                                                                                                                        Entropy (8bit):6.72993280581241
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:h7aY17aFBRAWYhW4WWFYg7VWQ4eW1R7N8xqnajFzL:J9WYhWYy7MlZ
                                                                                                                                                                                                        MD5:A6A9DFB31BE2510F6DBFEDD476C6D15A
                                                                                                                                                                                                        SHA1:CDB6D8BD1FBD1C71D85437CFF55DDEB76139DBE7
                                                                                                                                                                                                        SHA-256:150D32B77B2D7F49C8D4F44B64A90D7A0F9DF0874A80FC925DAF298B038A8E4C
                                                                                                                                                                                                        SHA-512:B4F0E8FA148FAC8A94E04BF4B44F2A26221D943CC399E7F48745ED46E8B58C52D9126110CDF868EBB723423FB0E304983D24FE6608D3757A43AD741BDDB3B7EC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......(.....@.........................0................ ...................!..............T............................................................................text...F........................... ..`.rsrc........ ......................@..@v..............................7...d...d..................d..........................$...........RSDSa;PZ.1......."......api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...a;PZ.1......."..f.p.r.7....C..........................f...............X.......0...................I...................'...E...a...........................@...l...........................5...................1...j...............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-7K6P0.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2529816
                                                                                                                                                                                                        Entropy (8bit):6.2349774154874025
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:nS+Pyrz6zwISvMezG5886F1CPwDv3uFfJPPyEii/:S+PypIJezD8K1CPwDv3uFfJZ
                                                                                                                                                                                                        MD5:9B0C4FA8171D2EE4BBD0D46EC70184A0
                                                                                                                                                                                                        SHA1:E5A1A605F14FA0260038862CB02DD80BA43CCAB1
                                                                                                                                                                                                        SHA-256:F9127F8E9D2E498699007E9A5C7FBF2FD7FC5EADD58B1924EB08242E573E2A95
                                                                                                                                                                                                        SHA-512:A1BCA8ED34839124C0ABC7D33F1CECDB5342BAB8F34767EAAA74FFA17022C7FF60A25DA93FDC462A476A8A8571669B746088D85600DE5124DF04D552B26650C6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C...".}.".}.".}.ZI}.".}.J.|.".}.J.|.".}.J.|.".}.J.|.".}.D.|.".}.".}L".}.".}.".}MK.|. .}MK.|.".}MK%}.".}MK.|.".}Rich.".}................PE..L....0k_...........!.....J...p......;H.......`................................'.....`X'...@..........................."..h..d.%.@.....&.|............z&.. ....&.$...@.".8...........................x.".@.............%.d............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data....Y...p%......P%.............@....idata........%......f%.............@..@.00cfg........%.......%.............@..@.rsrc...|.....&.......%.............@..@.reloc........&.......%.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-8A9MI.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5377144
                                                                                                                                                                                                        Entropy (8bit):6.853679063871745
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:eLlOKYcFr4K9pJsv6tWKFdu9CjvpzjgwWe:eLDrlJsv6tWKFdu9CjRvFWe
                                                                                                                                                                                                        MD5:316FB94DA47EAC5933F3007A8CCA4356
                                                                                                                                                                                                        SHA1:4C17A1A8E21940066BCBB5A0F09F6DA9C26039DA
                                                                                                                                                                                                        SHA-256:0DED0E1CDB33B58CCB8FA20837EBFA9D17A9737BCEB078D0D16F3EF4AC349C5D
                                                                                                                                                                                                        SHA-512:B791A9DC14CB852344D33A7F0DFA5C3C7AC54E50B888024E6795A9FF5372B8554E464C9AF9280289652981B58723C9E4BC72C514D3C346CD020998F67AB84D95
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........A.mC o>C o>C o>JX.>W o>.Mn?E o>..>G o>.Mj?^ o>.Mk?I o>.Ml?N o>.Hk?A o>.Hi?B o>.Hn?T o>C n>.!o>.Nk?n o>.Nj?. o>.No?B o>.N.>B o>C .>B o>.Nm?B o>RichC o>................PE..L...gkP_...........!......(...).......&.......(....g..........................R......ER...@......................... .C.H...h.K.......P...............Q.x.....P.....peA.T...................lfA......eA.@.............(..............................text...'.(.......(................. ..`.rdata..*i"...(..j"...(.............@..@.data.......@K..J...,K.............@....qtmimed......K......vK.............@..P.rsrc.........P......dP.............@..@.reloc........P......jP.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-8S8ID.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):76152
                                                                                                                                                                                                        Entropy (8bit):6.779355547596994
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:igTqURG2vo0RwvI7sjBH+cOKXc36r23vEecbiOkNAPy:idURhvZ6vIQVrPysecbiOkKy
                                                                                                                                                                                                        MD5:9E532403774906F0D1E3179D8840674D
                                                                                                                                                                                                        SHA1:DAC4A653D468F873D5F5533E0C91C93FE5BE1E5B
                                                                                                                                                                                                        SHA-256:E30380FB3301B114F4DD4D09A83C8F2B1C0D6885412065F0D163B0FB342D86C0
                                                                                                                                                                                                        SHA-512:9DED622AD9101EBBD7C4447B11FB1AAFA4DDA47BEE76585A6090B2D756D721AD59CF8B6B3D1B40945FDFA27C9C409283BAA5A0D435B1F351AE4BE9675B577706
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ix..-...-...-....|./...$a..&...-.......h..>...h..8...h..1...h..,...hl.,...h..,...Rich-...................PE..L....m_.........."!.........................................................@............@A......................................... ..................x#...0..x....#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc..x....0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-9BSU4.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8214
                                                                                                                                                                                                        Entropy (8bit):3.46410018464503
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:rsw6o2KPZEOTWSucfgjfJpkiZJpkiVxoVrOSBngI3NnS0FivuiLugXeTmZ4dIc8k:wlo2K/uKFVVgOgncoW
                                                                                                                                                                                                        MD5:771DA39B527E886A247A0C0A33FFB715
                                                                                                                                                                                                        SHA1:CB762ABE50294A08A7823C246E02CD9347555B49
                                                                                                                                                                                                        SHA-256:763F0FE5AF80055827FB2563AF696BD1452C39BE080720AB483D0CE6AC36EE92
                                                                                                                                                                                                        SHA-512:628382CF8A6035275B48D6FF3CF0DC17C2B61F65E4EF0F138990A09FD0CF09A4F821E2CB5780A3FDDB49A01E3F6AF1F379ED44BEF290D39B0D04D5E110B7D9A5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.n.g.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.s. .s.t.o.p.p.e.d. .w.o.r.k.i.n.g.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.l.e.a.s.e. .s.e.n.d. .u.s. .t.h.i.s. .e.r.r.o.r. .r.e.p.o.r.t. .(.%.s.). .t.o. .h.e.l.p. .f.i.x. .t.h.e. .p.r.o.b.l.e.m. .a.n.d. .i.m.p.r.o.v.e. .t.h.i.s. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.h.a.t. .d.o.e.s. .t.h.i.s. .r.e.p.o.r.t. .c.o.n.t.a.i.n.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.v.i.d.e. .a.d.d.i.t.i.o.n.a.l. .i.n.f.o. .a.b.o.u.t. .t.h.e. .p.r.o.b.l.e.m. .(.r.e.c.o.m.m.e.n.d.e.d.).......Y.o.u.r.E.m.a.i.l.=.Y.o.u.r. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.e. .i.n. .a. .f.e.w. .w.o.r.d.s. .w.h.a.t. .y.o.u. .w.e.r.e. .d.o.i.n.g. .w.h.e.n. .t.h.e. .e.r.

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-AMO6P.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5929592
                                                                                                                                                                                                        Entropy (8bit):6.794857574868927
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:7XWX+slNUrE5ZiXVSTsxkHDl3HHx4oRZ0ggBEFslA6A5ORbkVIa+r8ZJU/tNN4gG:752gcsxUl3HN0VUVCr8Ib6mLV9+
                                                                                                                                                                                                        MD5:253C8B17A1476DC182C31B75E98B6A0E
                                                                                                                                                                                                        SHA1:49A511A017EE77FFAC72AF8B007C67C9F6637D53
                                                                                                                                                                                                        SHA-256:55B26B1236A79A6985DC9B6114DD227F5DFF06D6932223DDA02D9ED95968B779
                                                                                                                                                                                                        SHA-512:A5110FDB18DA6D87641B0299EA947F149030B61779EBEEA300F75A555F3F2AB61BFA79204593D3A84F2BE41945A3E82472002F876A3BAC845BADAB871897754C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v.j.2..Q2..Q2..Q;.Q$..Q...P8..Q...P>..Q...P+..Q...P6..Q...P0..Qi..P3..Qi..P?..Q2..Q^..Q...P"..Q...P[..Q...P3..Q...Q3..Q2..Q3..Q...P3..QRich2..Q................PE..L....kP_...........!......6...$.......6.......6...............................[.......Z...@.........................P.=.."...PV.h.....X..............dZ.x.....X..:....<.T...................|.<......<.@.............6..............................text.....6.......6................. ..`.rdata...N ...6..P ...6.............@..@.data....r...@W......0W.............@....rsrc.........X......"X.............@..@.reloc...:....X..<...(X.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-BK6QE.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):453312
                                                                                                                                                                                                        Entropy (8bit):6.654147150103626
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:J7kdHIZ63+flb/ExW7PWNLhKj5oKHW/Q13O3PL6v6j5qts3nSIOWuEJH9Mz:G+6OflDfWN8NoKy43O3PL6yMqQ6m
                                                                                                                                                                                                        MD5:03CBD3D314E8666079A20909D269B80C
                                                                                                                                                                                                        SHA1:20A0EB6B35853A73C57467727100F1D3E607472E
                                                                                                                                                                                                        SHA-256:A482A64296D6075282114CA764B7D14812D338D1CE56475610BA43CAD41C27AE
                                                                                                                                                                                                        SHA-512:67BB82CB2E5ADC140E796897C76BA527B466F41B9D5406A9C93EF777D9F05F8F531A6AD6A6F0716E91D8D6D3E15BBD4EAB21A88B587D83152910F512DF5C7266
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q.{F0.(F0.(F0.(OH.(T0.(.E.)D0.( _|(A0.(.E.)J0.(.E.)L0.(.E.)A0.(F0.(.0.(.H.)I0.(.E.).0.(.E.)G0.(.E~(G0.(.E.)G0.(RichF0.(................PE..L......c...........!.....X...j......o].......p.......................................Z....@......................... ].......f..h.......(................*.......>...Y..............................(Y..@............p..P............................text...?V.......X.................. ..`.rdata..h....p.......\..............@..@.data................d..............@....rsrc...(............z..............@..@.reloc...>.......@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-CB7I0.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):454968
                                                                                                                                                                                                        Entropy (8bit):6.702123748477664
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:/VHbDqy90l5yQBggQerfhUgiW6QR7t5ss3Ooc8DHkC2ehSxPA:tbOqQbnrMs3Ooc8DHkC2ehSxo
                                                                                                                                                                                                        MD5:A883C95684EFF25E71C3B644912C73A5
                                                                                                                                                                                                        SHA1:3F541023690680D002A22F64153EA4E000E5561B
                                                                                                                                                                                                        SHA-256:D672FB07A05FB53CC821DA0FDE823FDFD46071854FE8C6C5EA83D7450B978ECB
                                                                                                                                                                                                        SHA-512:5A47C138D50690828303B1A01B28E6EF67CFE48215D16ED8A70F2BC8DBB4A73A42C37D02CCAE416DC5BD12B7ED14FF692369BC294259B46DBF02DC1073F0CB52
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..'U.'U.'U.h.U.'U.&U..'U...U.'U...U.'U...U..'U...U..'U...U.'U...U.'U...U.'U...U.'URich.'U................PE..L.../.~W.........."!.........................0............................................@..........................W..L...@...<.......................8?.......D...................................K..@...............@............................text............................... ..`.data....^...0...0..................@....idata...............N..............@..@.rsrc................h..............@..@.reloc...D.......F...l..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-D4QJJ.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.852501651690859
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:a0I6fHQduPWYhWIWWFYg7VWQ4eW87AEp8p2kacqnajY4xnS:aIf5WYhWosEp8pUclMYnS
                                                                                                                                                                                                        MD5:3DFB82541979A23A9DEB5FD4DCFB6B22
                                                                                                                                                                                                        SHA1:5DA1D02B764917B38FDC34F4B41FB9A599105DD9
                                                                                                                                                                                                        SHA-256:0CD6D0FF0FF5ECF973F545E98B68AC6038DB5494A8990C3B77B8A95B664B6FEB
                                                                                                                                                                                                        SHA-512:F9A20B3D44D39D941FA131C3A1DB37614A2F9B2AF7260981A0F72C69F82A5326901F70A56B5F7AD65862630FCE59B02F650A132EE7ECFE2E4FC80F694483CA82
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...d.............!......................... ...............................0......8.....@.........................0...^............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................d..........:...d...d.......d..........d...............d..........$...........RSDS.@.7..o..t.c.A.V....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0...^....edata... ..`....rsrc$01....` .......rsrc$02.... ....@.7..o..t.c.A.V...1.v..{U.d..............d......................X.......H..............."...C...\...u...........................!...8...K...`...{...............................'...>...T...i.......................<...S...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-EIH23.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.825370088644229
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:k/DiDfIeJWYhWGWWFYg7VWQ4eWlLoCjux5Dqnajuy:JDfIeJWYhWm+PUDli
                                                                                                                                                                                                        MD5:B5C8334A10B191031769D5DE01DF9459
                                                                                                                                                                                                        SHA1:83A8FCC777C7E8C42FA4C59EE627BAF6CBED1969
                                                                                                                                                                                                        SHA-256:6C27AC0542281649EC8638602FBC24F246424BA550564FC7B290B683F79E712D
                                                                                                                                                                                                        SHA-512:59E53C515DFA2CD96182CA6539ED0EA2EBB01F5991BEB08166D1FC53576AEAAFEBBB2C5EE0CCBDAB60AE45FC6A048FFF0B5E1B8C9C26907791D31FB7E75B1F39
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......I...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......I........B...T...T..........I........d..................I........$...........RSDS...W..w. ..v-.......api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......W..w. ..v-.......Q.c.w/.Y...I.......I....................H...............M...............B...w...............>...n...............3...p...........'...f...............2...S.......................................api-ms-win-core-proc

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-EPR7I.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15808
                                                                                                                                                                                                        Entropy (8bit):6.594537759210963
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:nJB0fhrpIhhf4AN5/jiTWYhWjWWFYg7VWQ4uWT67dEO8p2kacqnajYvxfyfA:n0hrKIWYhWR/7F8pUclMJfz
                                                                                                                                                                                                        MD5:4F06DA894EA013A5E18B8B84A9836D5A
                                                                                                                                                                                                        SHA1:40CF36E07B738AA8BBA58BC5587643326FF412A9
                                                                                                                                                                                                        SHA-256:876BD768C8605056579DD8962E2FD7CC96306FAB5759D904E8A24E46C25BD732
                                                                                                                                                                                                        SHA-512:1D7C0682D343416E6942547E6A449BE4654158D6A70D78AD3C7E8C2B39C296C9406013A3CFE84D1AE8608F19BEE1D4F346D26576D7ED56456EEA39D5D7200F79
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....2.O...........!.........................0...............................@......X.....@.........................0................0...................!..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................2.O........:...d...d........2.O........d................2.O........$...........RSDS.:.....1../..$.*....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ....:.....1../..$.*j`Y..+J......2.O.............2.O............k...k...X...........................6...T...s.......................>...e.......................+...I...n.......................F...e...................&...G...d...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-FGB9V.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6190104
                                                                                                                                                                                                        Entropy (8bit):7.421682960763955
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:MK+/ifzrm29tZTwpN9EVbjl4ece6GMUdaVelHxzINC75Z:X+/ibrm29tZFVvl48DueJO475Z
                                                                                                                                                                                                        MD5:74E2784C899F1D77D6679A03D60A3D64
                                                                                                                                                                                                        SHA1:FF43817A59C7A6964DCC8F9DB2B9A16E1FE58C3C
                                                                                                                                                                                                        SHA-256:A9E1AF2711021486E6BCD3B6520072BC71EC8DF0D63336421286E2C4F3DB7EA8
                                                                                                                                                                                                        SHA-512:E745DD67367588CAAE9B75919DCD370AA26647CDB172C2A0C26A709367D6E526214C7787AAA2BC317FFE6C99BB04C6117E142787A7CE936AD391F21417AF1832
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L..._4.V..................3..r*.......3.......3...@...........................^.....g.^...............................6......6.l#....:...$..........T^.. ...p7.......................................................6.t.....6.\....................text.....3.......3................. ..`.itext.. .....3.......3............. ..`.data...\?....3..@....3.............@....bss....PU...06......"6..................idata..l#....6..$..."6.............@....didata.\.....6......F6.............@....edata.......6......J6.............@..@.reloc.......p7.......6.............@..B.rsrc.....$...:...$..t9.............@..@..............^......T^.............@..@................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-FOAUC.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):454968
                                                                                                                                                                                                        Entropy (8bit):6.702123748477664
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:/VHbDqy90l5yQBggQerfhUgiW6QR7t5ss3Ooc8DHkC2ehSxPA:tbOqQbnrMs3Ooc8DHkC2ehSxo
                                                                                                                                                                                                        MD5:A883C95684EFF25E71C3B644912C73A5
                                                                                                                                                                                                        SHA1:3F541023690680D002A22F64153EA4E000E5561B
                                                                                                                                                                                                        SHA-256:D672FB07A05FB53CC821DA0FDE823FDFD46071854FE8C6C5EA83D7450B978ECB
                                                                                                                                                                                                        SHA-512:5A47C138D50690828303B1A01B28E6EF67CFE48215D16ED8A70F2BC8DBB4A73A42C37D02CCAE416DC5BD12B7ED14FF692369BC294259B46DBF02DC1073F0CB52
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..'U.'U.'U.h.U.'U.&U..'U...U.'U...U.'U...U..'U...U..'U...U.'U...U.'U...U.'U...U.'URich.'U................PE..L.../.~W.........."!.........................0............................................@..........................W..L...@...<.......................8?.......D...................................K..@...............@............................text............................... ..`.data....^...0...0..................@....idata...............N..............@..@.rsrc................h..............@..@.reloc...D.......F...l..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-FT92J.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):157208
                                                                                                                                                                                                        Entropy (8bit):6.1934682249941115
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:zKEv+wyTqNr2Z+7UXkvrZexxuF0tBzwuXh47ht0OiJPex01d54aJ:zPv+5qB2ZwKkvrmu6tJ16lg1dRJ
                                                                                                                                                                                                        MD5:D4DB02A96B703FDBFAD4443AB8FA504F
                                                                                                                                                                                                        SHA1:39AD32AE327789C62FD32FCB6C1F4471F1DCE47F
                                                                                                                                                                                                        SHA-256:21171F394862D2342F5AF507A54655B454F510D0B8800E6A4929829EB28F830E
                                                                                                                                                                                                        SHA-512:D5FCB52ACE86D863B822E06070CF34577BC15BA19CB9CFB2D4C1C16705521E779B8B42ECD2EC9E783B06B2A89C92C259015D88E255FCFBCF19D78D2F276B4009
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a[.v...v...v...'...v...'...v...'...v...'...v.......v...v..pv...$...v...$...v...$...v...v...v...$...v..Rich.v..........PE..L.....U...........!.........h......n........................................p.......O....@..........................(..q....+.......P...............F... ...`..........8...........................8...@............................................text............................... ..`.rdata..hJ.......L..................@..@.data...0....@......................@....rsrc........P.......0..............@..@.reloc.......`.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-FTNRU.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.869160264874051
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:iWYhWFGWWFYg7VWQ4eWd3BSB8p2kacqnajYu4x:iWYhWkWxSB8pUclMuY
                                                                                                                                                                                                        MD5:50B721A0C945ABE3EDCA6BCEE2A70C6C
                                                                                                                                                                                                        SHA1:F35B3157818D4A5AF3486B5E2E70BB510AC05EFF
                                                                                                                                                                                                        SHA-256:DB495C7C4AD2072D09B2D4506B3A50F04487AD8B27D656685EA3FA5D9653A21D
                                                                                                                                                                                                        SHA-512:EF2F6D28D01A5BAD7C494851077D52F22A11514548C287E513F4820C23F90020A0032E2DA16CC170AE80897AE45FC82BFFC9D18AFB2AE1A7B1DA6EEF56240840
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....JI...........!......................... ...............................0......'4....@.........................0...e............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................JI........9...d...d.........JI........d.................JI........$...........RSDS$.,...E.b..,...g....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0...e....edata... ..`....rsrc$01....` .......rsrc$02.... ...$.,...E.b..,...g.>]......S....JI..............JI.... ...............X...........U..............."...e...................D...n.......................D...d.......A...r...............@...................7...Z...................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-GFA8N.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17864
                                                                                                                                                                                                        Entropy (8bit):6.382738607708961
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:9FvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl/WYhWl76tW8pUclMgp:j5yguNvZ5VQgx3SbwA71IkFw5W8pUq
                                                                                                                                                                                                        MD5:F364190706414020C02CF4D531E0229D
                                                                                                                                                                                                        SHA1:5899230B0D7AD96121C3BE0DF99235DDD8A47DC6
                                                                                                                                                                                                        SHA-256:A797C0D43A52E7C8205397225AC931638D73B567683F38DD803195DA9D34EAC2
                                                                                                                                                                                                        SHA-512:A9C8ABBD846AB55942F440E905D1F3864B82257B8DAA44C784B1997A060DE0C0439ECC25A2193032D4D85191535E9253E435DEED23BDF3D3CB48C4209005A02E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....J.............!.........................0...............................@......cb....@.........................0................0...............$...!..............T............................................................................text............................... ..`.rsrc........0....... ..............@..@v....................J..........9...d...d........J..........d................J..........$...........RSDS...mL..w.z....A....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ......mL..w.z....A.OQ..N..(...J...............J......L...............X... .......w.......................%...C...b...........................:...\...{.......................:...[...{.......................@...a...............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-GG0V7.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11712
                                                                                                                                                                                                        Entropy (8bit):6.87820352511638
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:JDQtZ34WYhWVWWFYg7VWQ4uW+Jf8p2kacqnajY2xyU:JDQtZ34WYhWT/f8pUclMqx
                                                                                                                                                                                                        MD5:EB6F7AF7EED6AA9AB03495B62FD3563F
                                                                                                                                                                                                        SHA1:5A60EEBE67ED90F3171970F8339E1404CA1BB311
                                                                                                                                                                                                        SHA-256:148ADEF6A34269E403BB509F9D5260ABE52F413A6C268E8BD9869841D5F2BD02
                                                                                                                                                                                                        SHA-512:A9961212B40EFC12FD1AB3CC6551C97C987E73B6E409C9AB8A5E1B24542F9E5884811F06883BD31D2585219C4F60C30DE2D188788513C01B6CBFE22D539D7875
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...\@,............!......................... ...............................0.......l....@......................... ...v............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\@,.........9...T...T.......\@,.........d...............\@,.........$...........RSDS......4.>{{..S.u....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg... ...v....edata... ..`....rsrc$01....` .......rsrc$02.... .........4.>{{..S.usFA..a...c./\@,.............\@,.....................H...........0...r...............?...w...............F...................D...w.......V...............,...[...............-...h...............0...a...........................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-GHL0F.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.825370088644229
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:k/DiDfIeJWYhWGWWFYg7VWQ4eWlLoCjux5Dqnajuy:JDfIeJWYhWm+PUDli
                                                                                                                                                                                                        MD5:B5C8334A10B191031769D5DE01DF9459
                                                                                                                                                                                                        SHA1:83A8FCC777C7E8C42FA4C59EE627BAF6CBED1969
                                                                                                                                                                                                        SHA-256:6C27AC0542281649EC8638602FBC24F246424BA550564FC7B290B683F79E712D
                                                                                                                                                                                                        SHA-512:59E53C515DFA2CD96182CA6539ED0EA2EBB01F5991BEB08166D1FC53576AEAAFEBBB2C5EE0CCBDAB60AE45FC6A048FFF0B5E1B8C9C26907791D31FB7E75B1F39
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L......I...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......I........B...T...T..........I........d..................I........$...........RSDS...W..w. ..v-.......api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......W..w. ..v-.......Q.c.w/.Y...I.......I....................H...............M...............B...w...............>...n...............3...p...........'...f...............2...S.......................................api-ms-win-core-proc

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-GJHED.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11416
                                                                                                                                                                                                        Entropy (8bit):6.815621198462554
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:KdWYhWJWWFYg7VWQ4WWeRkJqnajgrTZutRnPZA9S:KdWYhWHsJl0huHnPZA9S
                                                                                                                                                                                                        MD5:CD3CEC3D65AE62FDF044F720245F29C0
                                                                                                                                                                                                        SHA1:C4643779A0F0F377323503F2DB8D2E4D74C738CA
                                                                                                                                                                                                        SHA-256:676A6DA661E0C02E72BEA510F5A48CAE71FDC4DA0B1B089C24BFF87651EC0141
                                                                                                                                                                                                        SHA-512:ACA1029497C5A9D26EE09810639278EB17B8FD11B15C9017C8B578FCED29CEF56F172750C4CC2B0D1EBF8683D29E15DE52A6951FB23D78712E31DDCB41776B0F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....ARo...........!......................... ...............................0......@$....@......................... ...L............ ..................."..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@.....ARo........8...T...T........ARo........d................ARo........$...........RSDS...+A<...s.O.....api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ...L....edata... ..`....rsrc$01....` .......rsrc$02.... ......+A<...s.O.&...x)=.ro2.ARo.................ARo....p...............H...X...h...............B...............!...........api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolu

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-GM1JG.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13248
                                                                                                                                                                                                        Entropy (8bit):6.8050900373153675
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:BGnWlC0i5ClWYhWCWWFYg7VWQ4SWg896Tem8p2kacqnajYPxw:cnWm5ClWYhWyld8pUclMpw
                                                                                                                                                                                                        MD5:A1B6CEBD3D7A8B25B9A9CBC18D03A00C
                                                                                                                                                                                                        SHA1:5516DE099C49E0E6D1224286C3DC9B4D7985E913
                                                                                                                                                                                                        SHA-256:162CCF78FA5A4A2EE380F72FBD54D17A73C929A76F6E3659F537FA8F42602362
                                                                                                                                                                                                        SHA-512:A322FB09E6FAAFF0DAABB4F0284E4E90CCACFF27161DBFD77D39A9A93DBF30069B9D86BF15A07FC2006A55AF2C35CD8EA544895C93E2E1697C51F2DAFAD5A9D7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0............@.........................0................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...............................=...d...d...................d...........................$...........RSDS...gK6.....T[.;....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ......gK6.....T[.;2.>.Wf:Y)t.............................A...A...X...\...`.......*...D...]...v...................$...I...m.......................0...O...o.......................%...<...W...x...........................8...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-GSK92.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17352
                                                                                                                                                                                                        Entropy (8bit):6.499657236461651
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:exUO+1pPLNPjFuWYFxEpahTWYhWWWWFYg7VWQ4eWNuvwN8xqnajFD:exUX119OFVhTWYhW2bwMlZ
                                                                                                                                                                                                        MD5:5765103E1F5412C43295BD752CCAEA03
                                                                                                                                                                                                        SHA1:6913BF1624599E55680A0292E22C89CAB559DB81
                                                                                                                                                                                                        SHA-256:8F7ACE43040FA86E972CC74649D3E643D21E4CAD6CB86BA78D4C059ED35D95E4
                                                                                                                                                                                                        SHA-512:5844AC30BC73B7FFBA75016ABEFB8A339E2F2822FC6E1441F33F70B6EB7114F828167DFC34527B0FB5460768C4DE7250C655BC56EFD8BA03115CD2DD6F6C91C0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...I.o?...........!.........................0...............................@......O.....@.........................0...a............0..............."...!..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................I.o?........8...d...d.......I.o?........d...............I.o?........$...........RSDS.../L...{;[3.m5.....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0...a....edata...0..`....rsrc$01....`0.......rsrc$02.... ....../L...{;[3.m5.4.W.6.......I.o?................I.o?....................X.......P...............1...l...............Y...............P...............?...x...........0...Y...t...............................;...^...................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-GUEVQ.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):539160
                                                                                                                                                                                                        Entropy (8bit):5.767679498376213
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:PksKJlXTd8oLjM54JNv63wwSh3PXU2lvzXv6OV:7IlXp8q230hfXU2lvz/6OV
                                                                                                                                                                                                        MD5:E8B31242BADE80571DE091E389ABCF2B
                                                                                                                                                                                                        SHA1:95CF1683CEBC7EAEE9FCDBA35394FE163F584DB3
                                                                                                                                                                                                        SHA-256:C6ECE484FD7FC0E7FD1BC17B2A1218F0D6E24DDB7F35FBBC0FBFEC0923EE6B45
                                                                                                                                                                                                        SHA-512:0D9D289C007D03E3CB9FB38EBE61E94534432C427B323300066EFA27E0DAB86B18F86C4576F26A15C159131C89790040DEBE1D8635B742E0344D01BF2CEFAC18
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^Y...8.K.8.K.8.K.@uK.8.KHP.J.8.K.^.J.8.KHP.J.8.KHP.J.8.KHP.J.8.K.Q.J.8.K.8.K.9.K.Q.J68.K.Q.J.8.K.Q.K.8.K.Q.J.8.KRich.8.K........................PE..L....0k_...........!.........................................................`.......b....@..............................N..............s................ ... ...5......8...............................@............................................text...L........................... ..`.rdata...g.......h..................@..@.data....;...p...6...Z..............@....idata..[A.......B..................@..@.00cfg..............................@..@.rsrc...s...........................@..@.reloc..2=... ...>..................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-H0PO3.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.761525250479804
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:CKNMWYhWtWWFYg7VWQ4eWSwRrHN8xqnajFW:CKNMWYhWrYHMlZW
                                                                                                                                                                                                        MD5:0979785E3EF8137CDD47C797ADCB96E3
                                                                                                                                                                                                        SHA1:4051C6EB37A4C0DBA47B58301E63DF76BFF347DD
                                                                                                                                                                                                        SHA-256:D5164AECDE4523FFA2DCFD0315B49428AC220013132AD48422A8EA4CA2361257
                                                                                                                                                                                                        SHA-512:E369BC53BABD327F5D1B9833C0B8D6C7E121072AD81D4BA1FB3E2679F161FB6A9FA2FCA0DF0BAC532FD439BEB0D754583582D1DBFECCF2D38CC4F3BDCA39B52D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....][...........!......................... ...............................0............@.........................0..."............ ...................!..............T............................................................................text...R........................... ..`.rsrc........ ......................@..@v.....................][........>...d...d.........][........d.................][........$...........RSDS.,.A..\...R..=v....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0..."....edata... ..`....rsrc$01....` .......rsrc$02.... ....,.A..\...R..=v....N..{?M8d..][..........][....................X...........?...c...........................7...S...o.......................'...@...2...U...z...........................I...f....................... ...7...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-H1NLV.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6190104
                                                                                                                                                                                                        Entropy (8bit):7.421682960763955
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:MK+/ifzrm29tZTwpN9EVbjl4ece6GMUdaVelHxzINC75Z:X+/ibrm29tZFVvl48DueJO475Z
                                                                                                                                                                                                        MD5:74E2784C899F1D77D6679A03D60A3D64
                                                                                                                                                                                                        SHA1:FF43817A59C7A6964DCC8F9DB2B9A16E1FE58C3C
                                                                                                                                                                                                        SHA-256:A9E1AF2711021486E6BCD3B6520072BC71EC8DF0D63336421286E2C4F3DB7EA8
                                                                                                                                                                                                        SHA-512:E745DD67367588CAAE9B75919DCD370AA26647CDB172C2A0C26A709367D6E526214C7787AAA2BC317FFE6C99BB04C6117E142787A7CE936AD391F21417AF1832
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L..._4.V..................3..r*.......3.......3...@...........................^.....g.^...............................6......6.l#....:...$..........T^.. ...p7.......................................................6.t.....6.\....................text.....3.......3................. ..`.itext.. .....3.......3............. ..`.data...\?....3..@....3.............@....bss....PU...06......"6..................idata..l#....6..$..."6.............@....didata.\.....6......F6.............@....edata.......6......J6.............@..@.reloc.......p7.......6.............@..B.rsrc.....$...:...$..t9.............@..@..............^......T^.............@..@................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-HV7CU.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):76152
                                                                                                                                                                                                        Entropy (8bit):6.779355547596994
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:igTqURG2vo0RwvI7sjBH+cOKXc36r23vEecbiOkNAPy:idURhvZ6vIQVrPysecbiOkKy
                                                                                                                                                                                                        MD5:9E532403774906F0D1E3179D8840674D
                                                                                                                                                                                                        SHA1:DAC4A653D468F873D5F5533E0C91C93FE5BE1E5B
                                                                                                                                                                                                        SHA-256:E30380FB3301B114F4DD4D09A83C8F2B1C0D6885412065F0D163B0FB342D86C0
                                                                                                                                                                                                        SHA-512:9DED622AD9101EBBD7C4447B11FB1AAFA4DDA47BEE76585A6090B2D756D721AD59CF8B6B3D1B40945FDFA27C9C409283BAA5A0D435B1F351AE4BE9675B577706
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ix..-...-...-....|./...$a..&...-.......h..>...h..8...h..1...h..,...hl.,...h..,...Rich-...................PE..L....m_.........."!.........................................................@............@A......................................... ..................x#...0..x....#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc..x....0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-I02TO.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4369472
                                                                                                                                                                                                        Entropy (8bit):6.59289267077476
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:zpf+AnvqCbjnxmf1O2zdQ93xd7JhvhGS1unYd08gEBk:Vf+6vJbjxmfkd77hGyplC
                                                                                                                                                                                                        MD5:4AF96C036230E02407C613237F8BC9D5
                                                                                                                                                                                                        SHA1:5D5F362E9C1D546368F7FA15C2F443351382DF6C
                                                                                                                                                                                                        SHA-256:422E463DEEE0D63C8C99FEE0C47BBF311377D57E34E57EE72989BC4E98DC1712
                                                                                                                                                                                                        SHA-512:0DACFE172DFEE33EBFE66AFE433B3CB73DEF74AC72179DC4D658B359A191EFEE4C074AE0FF90F2E5A8C6D38FF548507D821948ACAD2535DA8B8CCA185C3FBBFF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........jp&...u...u...u.s.u...u.~.t...u.~.t...u.~.t...u.~.t...u1{.t...uIe.t...uIe.t...uo~.t...uo~.t...u.~.t...u1{.t...u...uk..u.~.t...u.~.t"..u.~.t...u.~.u...u...u...u.~.t...uRich...u................PE..L...G..f.................R%..2.......> ......p%...@...........................B.......C...@.........................pW5.....d\5.0....@:..h...........|B.@0....>......./.T...................@./.....h./.@............p%..1...........................text....Q%......R%................. ..`.rdata...C...p%..D...V%.............@..@.data....q....7..f....7.............@....rsrc....h...@:..j....:.............@..@.reloc........>......j>.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-II2QL.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PDF document, version 1.7 (zip deflate encoded)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1320391
                                                                                                                                                                                                        Entropy (8bit):7.9992888549386585
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:24576:k4oFw1jwkIQfkME2xnmcQqASBneIDIYSTpRyqsa84JAK5f2g:k4o2jwsfk8xmcTAcIYSqqv8CAs2g
                                                                                                                                                                                                        MD5:54DC9CBDE130682C4C26D7240DF349D7
                                                                                                                                                                                                        SHA1:A85369185808000C2F95D348DD32926F23E70459
                                                                                                                                                                                                        SHA-256:B4C873DB0255D52EB4291A152205CC227AC6DFA5ABF50BFCE8758C0260A160CC
                                                                                                                                                                                                        SHA-512:174AC6840FF91C905695DDA4CFA1620503C80A75877C91A89D79200F4EEC6ACB2373336B0F8E42EBEB6C341FF17F56F9EB2B35A61EDDD72945D95AB9D31359C2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:%PDF-1.7.%......2 0 obj<</Storage 3 0 R/Type/Catalog/Version/1.7>>.endobj.14 0 obj<</D(\..\.\. \.\.u..\."\.n\.r..\.\.\.\.e)/Filter/FlateDecode/L 1409/Length 1420/N/demoWM.xo>>stream......y...Q...z......bD.r..&.......%x.n....Qg.o..J..t..0.|../.L...E.6......Fl._.,...bK.(c3 ...i...LT:;..77e......T...A..>..v9.0..R........2.Gu<..I..9@..rk...ON._.{.@.?...;;..T2...~Q...x....lN.g..*.z.._".j..(G.K...yT&...V3.6"L@M..E.h.z3../.[x.'..K...{.R.v.0.-.......r_..6....o..U.n.W.D.....1.......>..&..TB..."....hSK.zb.saF.0....{..@2.>..[.D..]...G3.%..Nu>q. .I..|....l..V..,.vz......-.Q....c...3...t...n.n...........l.M....^.]3... .{...]...|......=..B.;.w.p..k..Y.;.s..m.... ....a:......v..$9ks............(...l....(..f.......m:Vm.j...(.....8...._#.............`.[i..-..7H...b..sk...t"..r1.,...#.|..h..5aA.....L.n..9.|..+T.m.......b.H.a.S2...^.....Gk8..w%>*...[:z.Od..$3..z.*.|5M..O.b..g<y(3...n.*.w].&.....J...?.Dt.N..+^..~.l.zEO...$...2....'=.(8-......Y.....".c@..;E.x.*

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-INMGP.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):29308848
                                                                                                                                                                                                        Entropy (8bit):6.429221480087082
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:393216:2KMiAG0wPidFOhuTFx0IkcUZ33uk+aEIPtD:2kzidFOSxat3uk+and
                                                                                                                                                                                                        MD5:4C58277BCB810B7B7F07BAAAF0C4D409
                                                                                                                                                                                                        SHA1:A64EC7B797FDABFA81EE71502C6462AFD836FFDD
                                                                                                                                                                                                        SHA-256:26309184E7986C384AE0BECB6916240E71E139DD2FB1A031D3263B79652B1B7A
                                                                                                                                                                                                        SHA-512:FC973BDF9778CEDB565445FBABDECFA880F6C8218C3F5279CC1F9BC400695828372F7489ED4CB9D404BC945DBF7F14964F6C0A977A4F1EB380E63CB6A8EDD1D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........3;'.RUt.RUt.RUtC.t.RUtC.t7RUtC.t.RUt..Pu.RUt..Vu.RUt..Pu.RUt..Qu.RUt`.Qu.SUt*..t.RUt*..t.RUt.RTt.SUt`.PuLVUt`.Uu.RUte..t.RUt.R.t.RUt`.Wu.RUtRich.RUt........PE..L...,?.Y...........!.....68..`......kF.......P8.....................................}....@.........................p.j.`....j......@............... .......P..T.+.`.^.T.....................^.......^.@............P8..............................text...M58......68................. ..`.rdata..FG2..P8..H2..:8.............@..@.data....i)...j...(...j.............@....gfids..0............r..............@..@.tls......... .......v..............@..._RDATA..0....0.......x..............@..@.rsrc........@.......z..............@..@.reloc..T.+..P....+.................@..B................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-JNCTP.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):539160
                                                                                                                                                                                                        Entropy (8bit):5.767679498376213
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:PksKJlXTd8oLjM54JNv63wwSh3PXU2lvzXv6OV:7IlXp8q230hfXU2lvz/6OV
                                                                                                                                                                                                        MD5:E8B31242BADE80571DE091E389ABCF2B
                                                                                                                                                                                                        SHA1:95CF1683CEBC7EAEE9FCDBA35394FE163F584DB3
                                                                                                                                                                                                        SHA-256:C6ECE484FD7FC0E7FD1BC17B2A1218F0D6E24DDB7F35FBBC0FBFEC0923EE6B45
                                                                                                                                                                                                        SHA-512:0D9D289C007D03E3CB9FB38EBE61E94534432C427B323300066EFA27E0DAB86B18F86C4576F26A15C159131C89790040DEBE1D8635B742E0344D01BF2CEFAC18
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^Y...8.K.8.K.8.K.@uK.8.KHP.J.8.K.^.J.8.KHP.J.8.KHP.J.8.KHP.J.8.K.Q.J.8.K.8.K.9.K.Q.J68.K.Q.J.8.K.Q.K.8.K.Q.J.8.KRich.8.K........................PE..L....0k_...........!.........................................................`.......b....@..............................N..............s................ ... ...5......8...............................@............................................text...L........................... ..`.rdata...g.......h..................@..@.data....;...p...6...Z..............@....idata..[A.......B..................@..@.00cfg..............................@..@.rsrc...s...........................@..@.reloc..2=... ...>..................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-JUER8.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):264312
                                                                                                                                                                                                        Entropy (8bit):6.715338352324104
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:dO73uRNCsNic+peLSWOvY0VdWOEDuFcXxwIpunEJr2ty+yUIEDvwrPmaiK+iA0c8:dOsB+peLNMLEDukunEJr2tyRrPTf
                                                                                                                                                                                                        MD5:2974485E58533B9BFC4061E11C0174C7
                                                                                                                                                                                                        SHA1:9A8E9CDEC284B865C76CCA129E7BD44885BABB55
                                                                                                                                                                                                        SHA-256:CD1950F423381E5654EB92E5A77EE19AA6E0212FC3729D5710A9EDF57746C2B0
                                                                                                                                                                                                        SHA-512:CE0EF433D7E8D52EC513725327A7A8DCACAE831704CCD4F2B9B243431A408DE40ABFA846D0BBDBBBDF70B6294439392BD8F4723D465E324A4BBF272727E5B43D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D.h.D.h.D.h.M...B.h...i.F.h...i.F.h...m.Q.h...l.N.h...k.G.h..i.C.h.D.i...h..m.I.h..h.E.h....E.h.D...E.h..j.E.h.RichD.h.................PE..L...d.P_...........!.....^..........4f.......p.....f.........................0.......a....@.............................@}..0?..........................x........0......T...........................X...@............p..H............................text....].......^.................. ..`.rdata...M...p...N...b..............@..@.data...D...........................@....rsrc...............................@..@.reloc...0.......2..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-JVLRB.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13248
                                                                                                                                                                                                        Entropy (8bit):6.8050900373153675
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:BGnWlC0i5ClWYhWCWWFYg7VWQ4SWg896Tem8p2kacqnajYPxw:cnWm5ClWYhWyld8pUclMpw
                                                                                                                                                                                                        MD5:A1B6CEBD3D7A8B25B9A9CBC18D03A00C
                                                                                                                                                                                                        SHA1:5516DE099C49E0E6D1224286C3DC9B4D7985E913
                                                                                                                                                                                                        SHA-256:162CCF78FA5A4A2EE380F72FBD54D17A73C929A76F6E3659F537FA8F42602362
                                                                                                                                                                                                        SHA-512:A322FB09E6FAAFF0DAABB4F0284E4E90CCACFF27161DBFD77D39A9A93DBF30069B9D86BF15A07FC2006A55AF2C35CD8EA544895C93E2E1697C51F2DAFAD5A9D7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0............@.........................0................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...............................=...d...d...................d...........................$...........RSDS...gK6.....T[.;....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ......gK6.....T[.;2.>.Wf:Y)t.............................A...A...X...\...`.......*...D...]...v...................$...I...m.......................0...O...o.......................%...<...W...x...........................8...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-K0S4S.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):971064
                                                                                                                                                                                                        Entropy (8bit):6.965132668528083
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:wmFyjHVMxBuwQLYucGp4iiqgNb3HoIbiIw:2My2yRgFoIbnw
                                                                                                                                                                                                        MD5:2FB20C782C237F8B23DF112326048479
                                                                                                                                                                                                        SHA1:B2D5A8B5C0FD735038267914B5080AAB57B78243
                                                                                                                                                                                                        SHA-256:E0305AA54823E6F39D847F8B651B7BD08C085F1DBBCB5C3C1CE1942C0FA1E9FA
                                                                                                                                                                                                        SHA-512:4C1A67DA2A56BC910436F9E339203D939F0BF854B589E26D3F4086277F2BEC3DFCE8B1F60193418C2544EF0C55713C90F6997DF2BFB43F1429F3D00BA46B39B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0iP.^:P.^:P.^:..:S.^:P._:..^:]L.:..^:]L.:1.^:]L.:f.^:]L.:..^:]L.:Q.^:]L.:Q.^:]L.:Q.^:RichP.^:........PE..L.....~W.........."!.....................................................................@.........................`........R..(....p..................8?......D]......8...............................@............P...............................text...y........................... ..`.data...<e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..D].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-K9P18.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):450952
                                                                                                                                                                                                        Entropy (8bit):6.636302273840038
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ho0HQo+Oem3turAvbA2VOt4avcG9u5sl1nhUgiW6QR7t5s03Ooc8dHkC2esA1s:W0HQXm3turm9VOtTvc/03Ooc8dHkC2es
                                                                                                                                                                                                        MD5:D3CE785725FFFAB73DB212D0E943A788
                                                                                                                                                                                                        SHA1:74E8E951BE171B434C6DDC1BA7681BC15C8374BC
                                                                                                                                                                                                        SHA-256:08A47A1B10C4BCBAAC64B49ADF4B8F19B37F5B5820416F2D83F2D71B16BB5F93
                                                                                                                                                                                                        SHA-512:8888560DF96776C275C9CB46E379F17E709FEBBA52EEE49DBFBDB72665FF656F6242B498E5B2737FEE6CA92370361F0D853065C1A0C0382665A7015EBE1156EE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........MfA.#5A.#5A.#5./.5C.#5H.5W.#5A."5..#5.."4B.#5..'4J.#5.. 4I.#5..&4.#5..#4@.#5...5@.#5..!4@.#5RichA.#5........................PE..L....m_.........."!.....H...................`.......................................?....@A........................@....................................#......4<...y..8............................x..@......................@....................text....F.......H.................. ..`.data....(...`.......L..............@....idata...............d..............@..@.didat..4............z..............@....rsrc................|..............@..@.reloc..4<.......>..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-KE203.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PDF document, version 1.7 (zip deflate encoded)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2937426
                                                                                                                                                                                                        Entropy (8bit):7.999721009048782
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:49152:gNIbw9+FObeh8Ec/8R70Ndi927yGt0MXtwolPvXbMN2unFpFQnrXunxD45aD4Aj1:gNIb3ObY8ExsdO27R0M9NlPvrMwzyxDt
                                                                                                                                                                                                        MD5:A156BAC67FDCA2A16112B5EE07396B34
                                                                                                                                                                                                        SHA1:CE1B5BE9C96187DECD752705CE8FE30471B30FF3
                                                                                                                                                                                                        SHA-256:DB64A42B1A2D59139C79DE7C13CA6DD9004544611C62396093C72520BA3EC91C
                                                                                                                                                                                                        SHA-512:24494EAAE5BC0E8CFF551A5454203C7689B3F0DC1F509821E762D7CF8015693F379C82EF2A2659CC29333C4894B3A69F92B3146CCAFA56388FA145765FE08254
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:%PDF-1.7.%......2 0 obj<</Storage 3 0 R/Type/Catalog/Version/1.7>>.endobj.4 0 obj<</D(\.\.\.j\.\.5D\.\(\.;\.\.\.[\\jK\..Wx)/Filter/FlateDecode/L 7463/Length 2964/N/83pv-RKSJ-H>>stream..9.....3.....U+.^...6$.....U......$.+...dC..i.."B..X0fZ%...Po........!.$..Y\..5B...T..d......e.r.....L.q.xOC.B.B.#.. ."j..q..W..M.h....W.C..|8$}*...W.....j.....)|.... EE...$h..#..Lb%w=.f5..sU......v(.9#...Wb.Q.s.hQ.r.....g.v.*I[.#..J....X;.'..a....`4...~Z..X..bQ.._!..b..L..../8.d..7.j.m.3.~}.....)p.+*$..)*.&GjV.lB....2.Nb.=.E.r.K...N.K.1../.,.1U.U.?<..2['......`...X..g..).@."....}W"P...K.{..6.1V..g..dI.....p<..]..^..y.D..u...b......!hpQ?...r.W=.<.:..PN..i].H.....N...%u...X|..G5C .........h]>..........RS.W..J..+4#..\.I.D..k#...=.:..{...6%..n..?..`...X.......W..3.+l0.z.y.'d._[.....n.d..R.O......1.Pi..L<.p.).w)R.N>..._mi.8....!..!...m....d.Aq..;v...?.}.{..y...A...."......i6j..aB.../......._3"~./.jD.=.........=Y.Xf.o..r.pn....S...g....#Y.g..L..........3Q...R.V=[.H

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-KLIKV.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4483704
                                                                                                                                                                                                        Entropy (8bit):6.835994551598057
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:LNYrZPyqlHjgvBDFx+jnn1nSQnCKWnDcxcYd/IAm4:ClqDFx+YxK7mY9IAm4
                                                                                                                                                                                                        MD5:FE4E5ED83642E0DD84BB41450D020AF6
                                                                                                                                                                                                        SHA1:275601E50EECB6C7E19D9DD4DDBE6E23FAA92650
                                                                                                                                                                                                        SHA-256:BAA679FBB6B375EA4F9A2C536E8CC750CDF25946379DCED876D2A855DDAA838C
                                                                                                                                                                                                        SHA-512:B29E60FF24684A969B61357AADC3D8A5614521CC77FE52016F886FD8B40F13F2B8F8B34CD9888D3C972642A06A6B94C29A193D7AB09A8285277F414DF96F5D18
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.....................I........................................F...........F..a..F.....F.%......M....F.....Rich...........................PE..L...KlP_...........!.....X+..........Z+......p+....e..........................D......D...@...........................6..'....>.T.....A..............TD.x.....A.......5.T...................|.5.......5.@............p+../...........................text...:W+......X+................. ..`.rdata.......p+......\+.............@..@.data........@A..j..."A.............@....rsrc.........A.......A.............@..@.reloc........A.......A.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-KOOGP.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):29308848
                                                                                                                                                                                                        Entropy (8bit):6.429221480087082
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:393216:2KMiAG0wPidFOhuTFx0IkcUZ33uk+aEIPtD:2kzidFOSxat3uk+and
                                                                                                                                                                                                        MD5:4C58277BCB810B7B7F07BAAAF0C4D409
                                                                                                                                                                                                        SHA1:A64EC7B797FDABFA81EE71502C6462AFD836FFDD
                                                                                                                                                                                                        SHA-256:26309184E7986C384AE0BECB6916240E71E139DD2FB1A031D3263B79652B1B7A
                                                                                                                                                                                                        SHA-512:FC973BDF9778CEDB565445FBABDECFA880F6C8218C3F5279CC1F9BC400695828372F7489ED4CB9D404BC945DBF7F14964F6C0A977A4F1EB380E63CB6A8EDD1D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........3;'.RUt.RUt.RUtC.t.RUtC.t7RUtC.t.RUt..Pu.RUt..Vu.RUt..Pu.RUt..Qu.RUt`.Qu.SUt*..t.RUt*..t.RUt.RTt.SUt`.PuLVUt`.Uu.RUte..t.RUt.R.t.RUt`.Wu.RUtRich.RUt........PE..L...,?.Y...........!.....68..`......kF.......P8.....................................}....@.........................p.j.`....j......@............... .......P..T.+.`.^.T.....................^.......^.@............P8..............................text...M58......68................. ..`.rdata..FG2..P8..H2..:8.............@..@.data....i)...j...(...j.............@....gfids..0............r..............@..@.tls......... .......v..............@..._RDATA..0....0.......x..............@..@.rsrc........@.......z..............@..@.reloc..T.+..P....+.................@..B................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-KV5AF.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2529816
                                                                                                                                                                                                        Entropy (8bit):6.2349774154874025
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:nS+Pyrz6zwISvMezG5886F1CPwDv3uFfJPPyEii/:S+PypIJezD8K1CPwDv3uFfJZ
                                                                                                                                                                                                        MD5:9B0C4FA8171D2EE4BBD0D46EC70184A0
                                                                                                                                                                                                        SHA1:E5A1A605F14FA0260038862CB02DD80BA43CCAB1
                                                                                                                                                                                                        SHA-256:F9127F8E9D2E498699007E9A5C7FBF2FD7FC5EADD58B1924EB08242E573E2A95
                                                                                                                                                                                                        SHA-512:A1BCA8ED34839124C0ABC7D33F1CECDB5342BAB8F34767EAAA74FFA17022C7FF60A25DA93FDC462A476A8A8571669B746088D85600DE5124DF04D552B26650C6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C...".}.".}.".}.ZI}.".}.J.|.".}.J.|.".}.J.|.".}.J.|.".}.D.|.".}.".}L".}.".}.".}MK.|. .}MK.|.".}MK%}.".}MK.|.".}Rich.".}................PE..L....0k_...........!.....J...p......;H.......`................................'.....`X'...@..........................."..h..d.%.@.....&.|............z&.. ....&.$...@.".8...........................x.".@.............%.d............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data....Y...p%......P%.............@....idata........%......f%.............@..@.00cfg........%.......%.............@..@.rsrc...|.....&.......%.............@..@.reloc........&.......%.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-LMRD4.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                        Entropy (8bit):6.486713548287172
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:2k0HTiHQYmjfFKyaWcw5gWUsadHRN7ya/hl3KS0nyGqU:H2iF0FK4VoySIyRU
                                                                                                                                                                                                        MD5:56F86F08DE73C981031224CDE928DFA8
                                                                                                                                                                                                        SHA1:C009AA8D145276ED5D1FC21F83BF004594B9793F
                                                                                                                                                                                                        SHA-256:8906D59ED097E7B857DD19A5323CB0EAB006AF7D1F20EE233C4C86645C7F3A0B
                                                                                                                                                                                                        SHA-512:6BCF58A60435A90ABC06334FBAE1507015F793760027F75F6696023AF2A88517DC31B87A86984A0B877384BEA73BC444A92293790FDA3420D36CFC0736E4195E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...%..%..%.8i...%....%.2.!..%.2.&..%..$..%.2.$..%.2. ..%.2.%..%.2....%.2.'..%.Rich..%.........................PE..L....m_.........."!................p........0...............................p.......)....@A.........................*..J....@..x....P...............0...#...`..p...X...8...............................@............@...............................text...J........................... ..`.data...8....0....... ..............@....idata.......@......."..............@..@.rsrc........P.......(..............@..@.reloc..p....`.......,..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-MHP3S.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13760
                                                                                                                                                                                                        Entropy (8bit):6.681985886172717
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:g3sy5NDSWYhWmVWWFYg7VWQ4uWOpxCN8xqnajFs:LU0WYhWmTLaMlZs
                                                                                                                                                                                                        MD5:D0B6A2CAEC62F5477E4E36B991563041
                                                                                                                                                                                                        SHA1:8396E1E02DACE6AE4DDE33B3E432A3581BC38F5D
                                                                                                                                                                                                        SHA-256:FD44D833EA40D50981B3151535618EB57B5513ED824A9963251D07ABFF2BAEDF
                                                                                                                                                                                                        SHA-512:69BD6DF96DE99E6AB9C12D8A1024D20A034A7DB3E2B62E8BE7FDBC838C4E9001D2497B04209E07A5365D00366C794C31EE89B133304E475DDE5F92FDB7FCB0BC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....c!...........!......................... ...............................0...........@.........................0................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................c!........7...d...d.........c!........d.................c!........$...........RSDSTi...:..L?.3".......api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...Ti...:..L?.3"...:.}Fc........c!..................c!....(.......H...H...X...x.......P...m.......................,...J...h...........................5...V...t.......................'...K...o......................./...Q...v.......

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-NBL3T.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1168840
                                                                                                                                                                                                        Entropy (8bit):6.796126828525289
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:tCjjeiNFnAp+O+R2l2WDPc/9qHrX0cJ/gAp0ei5mcvIZPoy4aVvFjDp:4jyuRR2l2WD6I/bp0erVL
                                                                                                                                                                                                        MD5:2040CDCD779BBEBAD36D36035C675D99
                                                                                                                                                                                                        SHA1:918BC19F55E656F6D6B1E4713604483EB997EA15
                                                                                                                                                                                                        SHA-256:2AD9A105A9CAA24F41E7B1A6F303C07E6FAECEAF3AAF43EBD644D9D5746A4359
                                                                                                                                                                                                        SHA-512:83DC3C7E35F0F83E1224505D04CDBAEE12B7EA37A2C3367CB4FCCC4FFF3E5923CF8A79DD513C33A667D8231B1CC6CFB1E33F957D92E195892060A22F53C7532F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>2._\.._\.._\..'.._\.._].)_\..7..._\..7\.._\..7_.._\..7Y.._\..7R..]\..7X.._\..7..._\..7^.._\.Rich._\.................PE..L.....t...........!......................................................................@A................................p........0...................!...@..T...P...T...........................p...@...............l............................text...p........................... ..`.data...$...........................@....idata..............................@..@.rsrc........0......................@..@.reloc..T....@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-NOVTB.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13760
                                                                                                                                                                                                        Entropy (8bit):6.681985886172717
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:g3sy5NDSWYhWmVWWFYg7VWQ4uWOpxCN8xqnajFs:LU0WYhWmTLaMlZs
                                                                                                                                                                                                        MD5:D0B6A2CAEC62F5477E4E36B991563041
                                                                                                                                                                                                        SHA1:8396E1E02DACE6AE4DDE33B3E432A3581BC38F5D
                                                                                                                                                                                                        SHA-256:FD44D833EA40D50981B3151535618EB57B5513ED824A9963251D07ABFF2BAEDF
                                                                                                                                                                                                        SHA-512:69BD6DF96DE99E6AB9C12D8A1024D20A034A7DB3E2B62E8BE7FDBC838C4E9001D2497B04209E07A5365D00366C794C31EE89B133304E475DDE5F92FDB7FCB0BC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....c!...........!......................... ...............................0...........@.........................0................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................c!........7...d...d.........c!........d.................c!........$...........RSDSTi...:..L?.3".......api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...Ti...:..L?.3"...:.}Fc........c!..................c!....(.......H...H...X...x.......P...m.......................,...J...h...........................5...V...t.......................'...K...o......................./...Q...v.......

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-NVQPH.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13768
                                                                                                                                                                                                        Entropy (8bit):6.798905181617243
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:6GEOMw3zdp3bwjGzue9/0jCRrndbFWYhWfRDli:6TOMwBprwjGzue9/0jCRrndbB0
                                                                                                                                                                                                        MD5:21519F4D5F1FEA53532A0B152910EF8B
                                                                                                                                                                                                        SHA1:7833AC2C20263C8BE42F67151F9234EB8E4A5515
                                                                                                                                                                                                        SHA-256:5FBD69186F414D1D99AC61C9C15A57390FF21FE995E5C01F1C4E14510B6FB9B1
                                                                                                                                                                                                        SHA-512:97211FAD4AAE2F6A6B783107938F0635C302445E74FC34A26AA386864509919C3F084E80579D2502105D9256AAB9F57EA16137C43344B1C62F64E5BC1125A417
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....f.F...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....f.F........@...T...T........f.F........d................f.F........$...........RSDSkR...<...L.,.>......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...kR...<...L.,.>..n.N.#$..E..f.F.........f.F............;...;...H...4... ...........-...\.......................5...U...}...................A...i...................1...n...............O...................O...~...............&...O...|...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-O4ELI.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5377144
                                                                                                                                                                                                        Entropy (8bit):6.853679063871745
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:eLlOKYcFr4K9pJsv6tWKFdu9CjvpzjgwWe:eLDrlJsv6tWKFdu9CjRvFWe
                                                                                                                                                                                                        MD5:316FB94DA47EAC5933F3007A8CCA4356
                                                                                                                                                                                                        SHA1:4C17A1A8E21940066BCBB5A0F09F6DA9C26039DA
                                                                                                                                                                                                        SHA-256:0DED0E1CDB33B58CCB8FA20837EBFA9D17A9737BCEB078D0D16F3EF4AC349C5D
                                                                                                                                                                                                        SHA-512:B791A9DC14CB852344D33A7F0DFA5C3C7AC54E50B888024E6795A9FF5372B8554E464C9AF9280289652981B58723C9E4BC72C514D3C346CD020998F67AB84D95
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........A.mC o>C o>C o>JX.>W o>.Mn?E o>..>G o>.Mj?^ o>.Mk?I o>.Ml?N o>.Hk?A o>.Hi?B o>.Hn?T o>C n>.!o>.Nk?n o>.Nj?. o>.No?B o>.N.>B o>C .>B o>.Nm?B o>RichC o>................PE..L...gkP_...........!......(...).......&.......(....g..........................R......ER...@......................... .C.H...h.K.......P...............Q.x.....P.....peA.T...................lfA......eA.@.............(..............................text...'.(.......(................. ..`.rdata..*i"...(..j"...(.............@..@.data.......@K..J...,K.............@....qtmimed......K......vK.............@..P.rsrc.........P......dP.............@..@.reloc........P......jP.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-OCGTL.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11208
                                                                                                                                                                                                        Entropy (8bit):6.914984712440467
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:UC/b2WYhWIWWFYg7VWQ4eW5AZa8p2kacqnajYhx:UC/b2WYhWoY8pUclMH
                                                                                                                                                                                                        MD5:B181124928D8EB7B6CAA0C2C759155CB
                                                                                                                                                                                                        SHA1:1AADBBD43EFF2DF7BAB51C6F3BDA2EB2623B281A
                                                                                                                                                                                                        SHA-256:24EA638DFA9F40E2F395E26E36D308DB2AB25ED1BAA5C796AC2C560AD4C89D77
                                                                                                                                                                                                        SHA-512:2A43BF4D50D47924374CDE689BE24799C4E1C132C0BC981F5109952D3322E91DD5A9352B53BB55CA79A6EA92E2C387E87C064B9D8C8F519B77FFF973D752DC8F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@................8...T...T...................d...........................$...........RSDS.0.O..}_.1..j~n....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....0.O..}_.1..j~n...D....................................................H...t...............'...S...................A...k...................C...l...............6...U.............................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-PHFLI.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.869160264874051
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:iWYhWFGWWFYg7VWQ4eWd3BSB8p2kacqnajYu4x:iWYhWkWxSB8pUclMuY
                                                                                                                                                                                                        MD5:50B721A0C945ABE3EDCA6BCEE2A70C6C
                                                                                                                                                                                                        SHA1:F35B3157818D4A5AF3486B5E2E70BB510AC05EFF
                                                                                                                                                                                                        SHA-256:DB495C7C4AD2072D09B2D4506B3A50F04487AD8B27D656685EA3FA5D9653A21D
                                                                                                                                                                                                        SHA-512:EF2F6D28D01A5BAD7C494851077D52F22A11514548C287E513F4820C23F90020A0032E2DA16CC170AE80897AE45FC82BFFC9D18AFB2AE1A7B1DA6EEF56240840
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....JI...........!......................... ...............................0......'4....@.........................0...e............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................JI........9...d...d.........JI........d.................JI........$...........RSDS$.,...E.b..,...g....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0...e....edata... ..`....rsrc$01....` .......rsrc$02.... ...$.,...E.b..,...g.>]......S....JI..............JI.... ...............X...........U..............."...e...................D...n.......................D...d.......A...r...............@...................7...Z...................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-PLRSO.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5929592
                                                                                                                                                                                                        Entropy (8bit):6.794857574868927
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:7XWX+slNUrE5ZiXVSTsxkHDl3HHx4oRZ0ggBEFslA6A5ORbkVIa+r8ZJU/tNN4gG:752gcsxUl3HN0VUVCr8Ib6mLV9+
                                                                                                                                                                                                        MD5:253C8B17A1476DC182C31B75E98B6A0E
                                                                                                                                                                                                        SHA1:49A511A017EE77FFAC72AF8B007C67C9F6637D53
                                                                                                                                                                                                        SHA-256:55B26B1236A79A6985DC9B6114DD227F5DFF06D6932223DDA02D9ED95968B779
                                                                                                                                                                                                        SHA-512:A5110FDB18DA6D87641B0299EA947F149030B61779EBEEA300F75A555F3F2AB61BFA79204593D3A84F2BE41945A3E82472002F876A3BAC845BADAB871897754C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v.j.2..Q2..Q2..Q;.Q$..Q...P8..Q...P>..Q...P+..Q...P6..Q...P0..Qi..P3..Qi..P?..Q2..Q^..Q...P"..Q...P[..Q...P3..Q...Q3..Q2..Q3..Q...P3..QRich2..Q................PE..L....kP_...........!......6...$.......6.......6...............................[.......Z...@.........................P.=.."...PV.h.....X..............dZ.x.....X..:....<.T...................|.<......<.@.............6..............................text.....6.......6................. ..`.rdata...N ...6..P ...6.............@..@.data....r...@W......0W.............@....rsrc.........X......"X.............@..@.reloc...:....X..<...(X.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-PO3O3.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1062520
                                                                                                                                                                                                        Entropy (8bit):6.681028028686963
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:BqjkFWDYqDVCDIkRhMq33zROfSRW88W8mg:wcD9TEf1Wo
                                                                                                                                                                                                        MD5:0FD8AD9B5FE25811E9FA9125E791E083
                                                                                                                                                                                                        SHA1:680FDA9F8B4EBEE870C5DEA0E9DFEE0A918E4E5E
                                                                                                                                                                                                        SHA-256:C9A7571426BB7D0F0939DC4D39D22329373FBD0320708EC6B99C0F516FF77D78
                                                                                                                                                                                                        SHA-512:60899B2FD00D7AC3B34639891664F2F280FD32AF1B0ADB2DED09DB87336243BCDCD731F8D30CFFA665A2BCEAC83771622E755EDAA8DDF5889539B66ABB842E8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........#.t;B.';B.';B.'2:Q'7B.'`*.&:B.'./.&1B.'./.&>B.'./.&"B.'./.&?B.'`*.&5B.'.,.&8B.';B.'.A.'.,.&.B.'.,.&:B.'.,=':B.';BU':B.'.,.&:B.'Rich;B.'........................PE..L....kP_...........!..... ..........<!.......0.....d.........................`......~.....@..........................$...e......T....p............... ..x...........P...T...................L...........@............0..8............................text............ .................. ..`.rdata..L....0.......$..............@..@.data....9...0......."..............@....rsrc........p.......<..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-PSCCV.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1062520
                                                                                                                                                                                                        Entropy (8bit):6.681028028686963
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:BqjkFWDYqDVCDIkRhMq33zROfSRW88W8mg:wcD9TEf1Wo
                                                                                                                                                                                                        MD5:0FD8AD9B5FE25811E9FA9125E791E083
                                                                                                                                                                                                        SHA1:680FDA9F8B4EBEE870C5DEA0E9DFEE0A918E4E5E
                                                                                                                                                                                                        SHA-256:C9A7571426BB7D0F0939DC4D39D22329373FBD0320708EC6B99C0F516FF77D78
                                                                                                                                                                                                        SHA-512:60899B2FD00D7AC3B34639891664F2F280FD32AF1B0ADB2DED09DB87336243BCDCD731F8D30CFFA665A2BCEAC83771622E755EDAA8DDF5889539B66ABB842E8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........#.t;B.';B.';B.'2:Q'7B.'`*.&:B.'./.&1B.'./.&>B.'./.&"B.'./.&?B.'`*.&5B.'.,.&8B.';B.'.A.'.,.&.B.'.,.&:B.'.,=':B.';BU':B.'.,.&:B.'Rich;B.'........................PE..L....kP_...........!..... ..........<!.......0.....d.........................`......~.....@..........................$...e......T....p............... ..x...........P...T...................L...........@............0..8............................text............ .................. ..`.rdata..L....0.......$..............@..@.data....9...0......."..............@....rsrc........p.......<..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-RMKFS.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):264312
                                                                                                                                                                                                        Entropy (8bit):6.715338352324104
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:dO73uRNCsNic+peLSWOvY0VdWOEDuFcXxwIpunEJr2ty+yUIEDvwrPmaiK+iA0c8:dOsB+peLNMLEDukunEJr2tyRrPTf
                                                                                                                                                                                                        MD5:2974485E58533B9BFC4061E11C0174C7
                                                                                                                                                                                                        SHA1:9A8E9CDEC284B865C76CCA129E7BD44885BABB55
                                                                                                                                                                                                        SHA-256:CD1950F423381E5654EB92E5A77EE19AA6E0212FC3729D5710A9EDF57746C2B0
                                                                                                                                                                                                        SHA-512:CE0EF433D7E8D52EC513725327A7A8DCACAE831704CCD4F2B9B243431A408DE40ABFA846D0BBDBBBDF70B6294439392BD8F4723D465E324A4BBF272727E5B43D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D.h.D.h.D.h.M...B.h...i.F.h...i.F.h...m.Q.h...l.N.h...k.G.h..i.C.h.D.i...h..m.I.h..h.E.h....E.h.D...E.h..j.E.h.RichD.h.................PE..L...d.P_...........!.....^..........4f.......p.....f.........................0.......a....@.............................@}..0?..........................x........0......T...........................X...@............p..H............................text....].......^.................. ..`.rdata...M...p...N...b..............@..@.data...D...........................@....rsrc...............................@..@.reloc...0.......2..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-SCUOF.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12232
                                                                                                                                                                                                        Entropy (8bit):6.72993280581241
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:h7aY17aFBRAWYhW4WWFYg7VWQ4eW1R7N8xqnajFzL:J9WYhWYy7MlZ
                                                                                                                                                                                                        MD5:A6A9DFB31BE2510F6DBFEDD476C6D15A
                                                                                                                                                                                                        SHA1:CDB6D8BD1FBD1C71D85437CFF55DDEB76139DBE7
                                                                                                                                                                                                        SHA-256:150D32B77B2D7F49C8D4F44B64A90D7A0F9DF0874A80FC925DAF298B038A8E4C
                                                                                                                                                                                                        SHA-512:B4F0E8FA148FAC8A94E04BF4B44F2A26221D943CC399E7F48745ED46E8B58C52D9126110CDF868EBB723423FB0E304983D24FE6608D3757A43AD741BDDB3B7EC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.................!......................... ...............................0......(.....@.........................0................ ...................!..............T............................................................................text...F........................... ..`.rsrc........ ......................@..@v..............................7...d...d..................d..........................$...........RSDSa;PZ.1......."......api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...a;PZ.1......."..f.p.r.7....C..........................f...............X.......0...................I...................'...E...a...........................@...l...........................5...................1...j...............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-SP875.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11720
                                                                                                                                                                                                        Entropy (8bit):6.761525250479804
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:CKNMWYhWtWWFYg7VWQ4eWSwRrHN8xqnajFW:CKNMWYhWrYHMlZW
                                                                                                                                                                                                        MD5:0979785E3EF8137CDD47C797ADCB96E3
                                                                                                                                                                                                        SHA1:4051C6EB37A4C0DBA47B58301E63DF76BFF347DD
                                                                                                                                                                                                        SHA-256:D5164AECDE4523FFA2DCFD0315B49428AC220013132AD48422A8EA4CA2361257
                                                                                                                                                                                                        SHA-512:E369BC53BABD327F5D1B9833C0B8D6C7E121072AD81D4BA1FB3E2679F161FB6A9FA2FCA0DF0BAC532FD439BEB0D754583582D1DBFECCF2D38CC4F3BDCA39B52D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L.....][...........!......................... ...............................0............@.........................0..."............ ...................!..............T............................................................................text...R........................... ..`.rsrc........ ......................@..@v.....................][........>...d...d.........][........d.................][........$...........RSDS.,.A..\...R..=v....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0..."....edata... ..`....rsrc$01....` .......rsrc$02.... ....,.A..\...R..=v....N..{?M8d..][..........][....................X...........?...c...........................7...S...o.......................'...@...2...U...z...........................I...f....................... ...7...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-T3UFK.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):450952
                                                                                                                                                                                                        Entropy (8bit):6.636302273840038
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ho0HQo+Oem3turAvbA2VOt4avcG9u5sl1nhUgiW6QR7t5s03Ooc8dHkC2esA1s:W0HQXm3turm9VOtTvc/03Ooc8dHkC2es
                                                                                                                                                                                                        MD5:D3CE785725FFFAB73DB212D0E943A788
                                                                                                                                                                                                        SHA1:74E8E951BE171B434C6DDC1BA7681BC15C8374BC
                                                                                                                                                                                                        SHA-256:08A47A1B10C4BCBAAC64B49ADF4B8F19B37F5B5820416F2D83F2D71B16BB5F93
                                                                                                                                                                                                        SHA-512:8888560DF96776C275C9CB46E379F17E709FEBBA52EEE49DBFBDB72665FF656F6242B498E5B2737FEE6CA92370361F0D853065C1A0C0382665A7015EBE1156EE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........MfA.#5A.#5A.#5./.5C.#5H.5W.#5A."5..#5.."4B.#5..'4J.#5.. 4I.#5..&4.#5..#4@.#5...5@.#5..!4@.#5RichA.#5........................PE..L....m_.........."!.....H...................`.......................................?....@A........................@....................................#......4<...y..8............................x..@......................@....................text....F.......H.................. ..`.data....(...`.......L..............@....idata...............d..............@..@.didat..4............z..............@....rsrc................|..............@..@.reloc..4<.......>..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-T8QF6.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1168840
                                                                                                                                                                                                        Entropy (8bit):6.796126828525289
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:tCjjeiNFnAp+O+R2l2WDPc/9qHrX0cJ/gAp0ei5mcvIZPoy4aVvFjDp:4jyuRR2l2WD6I/bp0erVL
                                                                                                                                                                                                        MD5:2040CDCD779BBEBAD36D36035C675D99
                                                                                                                                                                                                        SHA1:918BC19F55E656F6D6B1E4713604483EB997EA15
                                                                                                                                                                                                        SHA-256:2AD9A105A9CAA24F41E7B1A6F303C07E6FAECEAF3AAF43EBD644D9D5746A4359
                                                                                                                                                                                                        SHA-512:83DC3C7E35F0F83E1224505D04CDBAEE12B7EA37A2C3367CB4FCCC4FFF3E5923CF8A79DD513C33A667D8231B1CC6CFB1E33F957D92E195892060A22F53C7532F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>2._\.._\.._\..'.._\.._].)_\..7..._\..7\.._\..7_.._\..7Y.._\..7R..]\..7X.._\..7..._\..7^.._\.Rich._\.................PE..L.....t...........!......................................................................@A................................p........0...................!...@..T...P...T...........................p...@...............l............................text...p........................... ..`.data...$...........................@....idata..............................@..@.rsrc........0......................@..@.reloc..T....@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-TE02E.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21960
                                                                                                                                                                                                        Entropy (8bit):6.271316004393454
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:nt1MCbM4Oe5grykfIgTmLSWYhWZjMlZi:t6gMq5grxfInsYL
                                                                                                                                                                                                        MD5:461D5AF3277EFB5F000B9DF826581B80
                                                                                                                                                                                                        SHA1:935B00C88C2065F98746E2B4353D4369216F1812
                                                                                                                                                                                                        SHA-256:F9CE464B89DD8EA1D5E0B852369FE3A8322B4B9860E5AE401C9A3B797AED17BF
                                                                                                                                                                                                        SHA-512:229BF31A1DE1E84CF238A0DFE0C3A13FEE86DA94D611FBC8FDB65086DEE6A8B1A6BA37C44C5826C3D8CFA120D0FBA9E690D31C5B4E73F98C8362B98BE1EE9600
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....T.>...........!.........................@...............................P............@.........................0....+...........@...............4...!..............T............................................................................text....-.......................... ..`.rsrc........@.......0..............@..@v....................T.>........7...d...d........T.>........d................T.>........$...........RSDS....1...9......E....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0....+...edata...@..`....rsrc$01....`@.......rsrc$02.... .......1...9......E...s.......T.>.................T.>............:...:...X...@...(...................(...@...X...p...............................2...K...d...}.................... ... ..A ..m ... ... ... ...!..J!..u!...!...!...!..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-TH7JO.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17352
                                                                                                                                                                                                        Entropy (8bit):6.499657236461651
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:exUO+1pPLNPjFuWYFxEpahTWYhWWWWFYg7VWQ4eWNuvwN8xqnajFD:exUX119OFVhTWYhW2bwMlZ
                                                                                                                                                                                                        MD5:5765103E1F5412C43295BD752CCAEA03
                                                                                                                                                                                                        SHA1:6913BF1624599E55680A0292E22C89CAB559DB81
                                                                                                                                                                                                        SHA-256:8F7ACE43040FA86E972CC74649D3E643D21E4CAD6CB86BA78D4C059ED35D95E4
                                                                                                                                                                                                        SHA-512:5844AC30BC73B7FFBA75016ABEFB8A339E2F2822FC6E1441F33F70B6EB7114F828167DFC34527B0FB5460768C4DE7250C655BC56EFD8BA03115CD2DD6F6C91C0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...I.o?...........!.........................0...............................@......O.....@.........................0...a............0..............."...!..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................I.o?........8...d...d.......I.o?........d...............I.o?........$...........RSDS.../L...{;[3.m5.....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0...a....edata...0..`....rsrc$01....`0.......rsrc$02.... ....../L...{;[3.m5.4.W.6.......I.o?................I.o?....................X.......P...............1...l...............Y...............P...............?...x...........0...Y...t...............................;...^...................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-U0GF3.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):157208
                                                                                                                                                                                                        Entropy (8bit):6.1934682249941115
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:zKEv+wyTqNr2Z+7UXkvrZexxuF0tBzwuXh47ht0OiJPex01d54aJ:zPv+5qB2ZwKkvrmu6tJ16lg1dRJ
                                                                                                                                                                                                        MD5:D4DB02A96B703FDBFAD4443AB8FA504F
                                                                                                                                                                                                        SHA1:39AD32AE327789C62FD32FCB6C1F4471F1DCE47F
                                                                                                                                                                                                        SHA-256:21171F394862D2342F5AF507A54655B454F510D0B8800E6A4929829EB28F830E
                                                                                                                                                                                                        SHA-512:D5FCB52ACE86D863B822E06070CF34577BC15BA19CB9CFB2D4C1C16705521E779B8B42ECD2EC9E783B06B2A89C92C259015D88E255FCFBCF19D78D2F276B4009
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a[.v...v...v...'...v...'...v...'...v...'...v.......v...v..pv...$...v...$...v...$...v...v...v...$...v..Rich.v..........PE..L.....U...........!.........h......n........................................p.......O....@..........................(..q....+.......P...............F... ...`..........8...........................8...@............................................text............................... ..`.rdata..hJ.......L..................@..@.data...0....@......................@....rsrc........P.......0..............@..@.reloc.......`.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-U33GO.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):433272
                                                                                                                                                                                                        Entropy (8bit):6.406577939449063
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:VuWoR2Bwb8HHEgIjBN4SlBZr5j7E8doP+kTRzbh10rNus/vUS+B+/iSMk:VuWODb8nYBN4wBl5M8qPf3wNNmk
                                                                                                                                                                                                        MD5:E368A66AD5114ADF1F43790AB728CED2
                                                                                                                                                                                                        SHA1:C6E86F5B71D628B2556249CC96FDC2884B833143
                                                                                                                                                                                                        SHA-256:5CCA88F525E8B371EB579DA114C26F1EC570157A95EB83A6CC38EA888FF400EA
                                                                                                                                                                                                        SHA-512:D801024C78F986B00CD16E94903057B4D41B72E0C04497A50E70C7CC65F9DA54C347B46D234C26894D9FC7DE6574D5086D2B2E97E66DF0AD1F958438A109BFAF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h...,.G,.G,.G%..G*.G...F..G...F:.G...F&.G...F/.Gw..F-.Gw..F .G...F).G,.G..G...F#.G...F-.G..}G-.G,..G-.G...F-.GRich,.G................PE..L.....P_...........!.....N...t......8R.......`............................................@..........................j..09........... ..................x....0..T...@_..T...................<`......._..@............`...............................text....M.......N.................. ..`.rdata...h...`...j...R..............@..@.data....B..........................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-U9H98.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11208
                                                                                                                                                                                                        Entropy (8bit):6.914984712440467
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:UC/b2WYhWIWWFYg7VWQ4eW5AZa8p2kacqnajYhx:UC/b2WYhWoY8pUclMH
                                                                                                                                                                                                        MD5:B181124928D8EB7B6CAA0C2C759155CB
                                                                                                                                                                                                        SHA1:1AADBBD43EFF2DF7BAB51C6F3BDA2EB2623B281A
                                                                                                                                                                                                        SHA-256:24EA638DFA9F40E2F395E26E36D308DB2AB25ED1BAA5C796AC2C560AD4C89D77
                                                                                                                                                                                                        SHA-512:2A43BF4D50D47924374CDE689BE24799C4E1C132C0BC981F5109952D3322E91DD5A9352B53BB55CA79A6EA92E2C387E87C064B9D8C8F519B77FFF973D752DC8F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L..................!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@................8...T...T...................d...........................$...........RSDS.0.O..}_.1..j~n....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....0.O..}_.1..j~n...D....................................................H...t...............'...S...................A...k...................C...l...............6...U.............................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-VE7S6.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21960
                                                                                                                                                                                                        Entropy (8bit):6.271316004393454
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:nt1MCbM4Oe5grykfIgTmLSWYhWZjMlZi:t6gMq5grxfInsYL
                                                                                                                                                                                                        MD5:461D5AF3277EFB5F000B9DF826581B80
                                                                                                                                                                                                        SHA1:935B00C88C2065F98746E2B4353D4369216F1812
                                                                                                                                                                                                        SHA-256:F9CE464B89DD8EA1D5E0B852369FE3A8322B4B9860E5AE401C9A3B797AED17BF
                                                                                                                                                                                                        SHA-512:229BF31A1DE1E84CF238A0DFE0C3A13FEE86DA94D611FBC8FDB65086DEE6A8B1A6BA37C44C5826C3D8CFA120D0FBA9E690D31C5B4E73F98C8362B98BE1EE9600
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L....T.>...........!.........................@...............................P............@.........................0....+...........@...............4...!..............T............................................................................text....-.......................... ..`.rsrc........@.......0..............@..@v....................T.>........7...d...d........T.>........d................T.>........$...........RSDS....1...9......E....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0....+...edata...@..`....rsrc$01....`@.......rsrc$02.... .......1...9......E...s.......T.>.................T.>............:...:...X...@...(...................(...@...X...p...............................2...K...d...}.................... ... ..A ..m ... ... ... ...!..J!..u!...!...!...!..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-VLJUB.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11712
                                                                                                                                                                                                        Entropy (8bit):6.87820352511638
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:JDQtZ34WYhWVWWFYg7VWQ4uW+Jf8p2kacqnajY2xyU:JDQtZ34WYhWT/f8pUclMqx
                                                                                                                                                                                                        MD5:EB6F7AF7EED6AA9AB03495B62FD3563F
                                                                                                                                                                                                        SHA1:5A60EEBE67ED90F3171970F8339E1404CA1BB311
                                                                                                                                                                                                        SHA-256:148ADEF6A34269E403BB509F9D5260ABE52F413A6C268E8BD9869841D5F2BD02
                                                                                                                                                                                                        SHA-512:A9961212B40EFC12FD1AB3CC6551C97C987E73B6E409C9AB8A5E1B24542F9E5884811F06883BD31D2585219C4F60C30DE2D188788513C01B6CBFE22D539D7875
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.PE..L...\@,............!......................... ...............................0.......l....@......................... ...v............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\@,.........9...T...T.......\@,.........d...............\@,.........$...........RSDS......4.>{{..S.u....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg... ...v....edata... ..`....rsrc$01....` .......rsrc$02.... .........4.>{{..S.usFA..a...c./\@,.............\@,.....................H...........0...r...............?...w...............F...................D...w.......V...............,...[...............-...h...............0...a...........................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\is-VR24E.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):971064
                                                                                                                                                                                                        Entropy (8bit):6.965132668528083
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:wmFyjHVMxBuwQLYucGp4iiqgNb3HoIbiIw:2My2yRgFoIbnw
                                                                                                                                                                                                        MD5:2FB20C782C237F8B23DF112326048479
                                                                                                                                                                                                        SHA1:B2D5A8B5C0FD735038267914B5080AAB57B78243
                                                                                                                                                                                                        SHA-256:E0305AA54823E6F39D847F8B651B7BD08C085F1DBBCB5C3C1CE1942C0FA1E9FA
                                                                                                                                                                                                        SHA-512:4C1A67DA2A56BC910436F9E339203D939F0BF854B589E26D3F4086277F2BEC3DFCE8B1F60193418C2544EF0C55713C90F6997DF2BFB43F1429F3D00BA46B39B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0iP.^:P.^:P.^:..:S.^:P._:..^:]L.:..^:]L.:1.^:]L.:f.^:]L.:..^:]L.:Q.^:]L.:Q.^:]L.:Q.^:RichP.^:........PE..L.....~W.........."!.....................................................................@.........................`........R..(....p..................8?......D]......8...............................@............P...............................text...y........................... ..`.data...<e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..D].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\libcrypto-1_1.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2529816
                                                                                                                                                                                                        Entropy (8bit):6.2349774154874025
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:nS+Pyrz6zwISvMezG5886F1CPwDv3uFfJPPyEii/:S+PypIJezD8K1CPwDv3uFfJZ
                                                                                                                                                                                                        MD5:9B0C4FA8171D2EE4BBD0D46EC70184A0
                                                                                                                                                                                                        SHA1:E5A1A605F14FA0260038862CB02DD80BA43CCAB1
                                                                                                                                                                                                        SHA-256:F9127F8E9D2E498699007E9A5C7FBF2FD7FC5EADD58B1924EB08242E573E2A95
                                                                                                                                                                                                        SHA-512:A1BCA8ED34839124C0ABC7D33F1CECDB5342BAB8F34767EAAA74FFA17022C7FF60A25DA93FDC462A476A8A8571669B746088D85600DE5124DF04D552B26650C6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C...".}.".}.".}.ZI}.".}.J.|.".}.J.|.".}.J.|.".}.J.|.".}.D.|.".}.".}L".}.".}.".}MK.|. .}MK.|.".}MK%}.".}MK.|.".}Rich.".}................PE..L....0k_...........!.....J...p......;H.......`................................'.....`X'...@..........................."..h..d.%.@.....&.|............z&.. ....&.$...@.".8...........................x.".@.............%.d............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data....Y...p%......P%.............@....idata........%......f%.............@..@.00cfg........%.......%.............@..@.rsrc...|.....&.......%.............@..@.reloc........&.......%.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\libcurl.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):453312
                                                                                                                                                                                                        Entropy (8bit):6.654147150103626
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:J7kdHIZ63+flb/ExW7PWNLhKj5oKHW/Q13O3PL6v6j5qts3nSIOWuEJH9Mz:G+6OflDfWN8NoKy43O3PL6yMqQ6m
                                                                                                                                                                                                        MD5:03CBD3D314E8666079A20909D269B80C
                                                                                                                                                                                                        SHA1:20A0EB6B35853A73C57467727100F1D3E607472E
                                                                                                                                                                                                        SHA-256:A482A64296D6075282114CA764B7D14812D338D1CE56475610BA43CAD41C27AE
                                                                                                                                                                                                        SHA-512:67BB82CB2E5ADC140E796897C76BA527B466F41B9D5406A9C93EF777D9F05F8F531A6AD6A6F0716E91D8D6D3E15BBD4EAB21A88B587D83152910F512DF5C7266
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q.{F0.(F0.(F0.(OH.(T0.(.E.)D0.( _|(A0.(.E.)J0.(.E.)L0.(.E.)A0.(F0.(.0.(.H.)I0.(.E.).0.(.E.)G0.(.E~(G0.(.E.)G0.(RichF0.(................PE..L......c...........!.....X...j......o].......p.......................................Z....@......................... ].......f..h.......(................*.......>...Y..............................(Y..@............p..P............................text...?V.......X.................. ..`.rdata..h....p.......\..............@..@.data................d..............@....rsrc...(............z..............@..@.reloc...>.......@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\libssl-1_1.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):539160
                                                                                                                                                                                                        Entropy (8bit):5.767679498376213
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:PksKJlXTd8oLjM54JNv63wwSh3PXU2lvzXv6OV:7IlXp8q230hfXU2lvz/6OV
                                                                                                                                                                                                        MD5:E8B31242BADE80571DE091E389ABCF2B
                                                                                                                                                                                                        SHA1:95CF1683CEBC7EAEE9FCDBA35394FE163F584DB3
                                                                                                                                                                                                        SHA-256:C6ECE484FD7FC0E7FD1BC17B2A1218F0D6E24DDB7F35FBBC0FBFEC0923EE6B45
                                                                                                                                                                                                        SHA-512:0D9D289C007D03E3CB9FB38EBE61E94534432C427B323300066EFA27E0DAB86B18F86C4576F26A15C159131C89790040DEBE1D8635B742E0344D01BF2CEFAC18
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^Y...8.K.8.K.8.K.@uK.8.KHP.J.8.K.^.J.8.KHP.J.8.KHP.J.8.KHP.J.8.K.Q.J.8.K.8.K.9.K.Q.J68.K.Q.J.8.K.Q.K.8.K.Q.J.8.KRich.8.K........................PE..L....0k_...........!.........................................................`.......b....@..............................N..............s................ ... ...5......8...............................@............................................text...L........................... ..`.rdata...g.......h..................@..@.data....;...p...6...Z..............@....idata..[A.......B..................@..@.00cfg..............................@..@.rsrc...s...........................@..@.reloc..2=... ...>..................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\msvcp120.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):454968
                                                                                                                                                                                                        Entropy (8bit):6.702123748477664
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:/VHbDqy90l5yQBggQerfhUgiW6QR7t5ss3Ooc8DHkC2ehSxPA:tbOqQbnrMs3Ooc8DHkC2ehSxo
                                                                                                                                                                                                        MD5:A883C95684EFF25E71C3B644912C73A5
                                                                                                                                                                                                        SHA1:3F541023690680D002A22F64153EA4E000E5561B
                                                                                                                                                                                                        SHA-256:D672FB07A05FB53CC821DA0FDE823FDFD46071854FE8C6C5EA83D7450B978ECB
                                                                                                                                                                                                        SHA-512:5A47C138D50690828303B1A01B28E6EF67CFE48215D16ED8A70F2BC8DBB4A73A42C37D02CCAE416DC5BD12B7ED14FF692369BC294259B46DBF02DC1073F0CB52
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..'U.'U.'U.h.U.'U.&U..'U...U.'U...U.'U...U..'U...U..'U...U.'U...U.'U...U.'U...U.'URich.'U................PE..L.../.~W.........."!.........................0............................................@..........................W..L...@...<.......................8?.......D...................................K..@...............@............................text............................... ..`.data....^...0...0..................@....idata...............N..............@..@.rsrc................h..............@..@.reloc...D.......F...l..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\msvcp140.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):450952
                                                                                                                                                                                                        Entropy (8bit):6.636302273840038
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ho0HQo+Oem3turAvbA2VOt4avcG9u5sl1nhUgiW6QR7t5s03Ooc8dHkC2esA1s:W0HQXm3turm9VOtTvc/03Ooc8dHkC2es
                                                                                                                                                                                                        MD5:D3CE785725FFFAB73DB212D0E943A788
                                                                                                                                                                                                        SHA1:74E8E951BE171B434C6DDC1BA7681BC15C8374BC
                                                                                                                                                                                                        SHA-256:08A47A1B10C4BCBAAC64B49ADF4B8F19B37F5B5820416F2D83F2D71B16BB5F93
                                                                                                                                                                                                        SHA-512:8888560DF96776C275C9CB46E379F17E709FEBBA52EEE49DBFBDB72665FF656F6242B498E5B2737FEE6CA92370361F0D853065C1A0C0382665A7015EBE1156EE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........MfA.#5A.#5A.#5./.5C.#5H.5W.#5A."5..#5.."4B.#5..'4J.#5.. 4I.#5..&4.#5..#4@.#5...5@.#5..!4@.#5RichA.#5........................PE..L....m_.........."!.....H...................`.......................................?....@A........................@....................................#......4<...y..8............................x..@......................@....................text....F.......H.................. ..`.data....(...`.......L..............@....idata...............d..............@..@.didat..4............z..............@....rsrc................|..............@..@.reloc..4<.......>..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\msvcp140_1.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21376
                                                                                                                                                                                                        Entropy (8bit):6.486713548287172
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:2k0HTiHQYmjfFKyaWcw5gWUsadHRN7ya/hl3KS0nyGqU:H2iF0FK4VoySIyRU
                                                                                                                                                                                                        MD5:56F86F08DE73C981031224CDE928DFA8
                                                                                                                                                                                                        SHA1:C009AA8D145276ED5D1FC21F83BF004594B9793F
                                                                                                                                                                                                        SHA-256:8906D59ED097E7B857DD19A5323CB0EAB006AF7D1F20EE233C4C86645C7F3A0B
                                                                                                                                                                                                        SHA-512:6BCF58A60435A90ABC06334FBAE1507015F793760027F75F6696023AF2A88517DC31B87A86984A0B877384BEA73BC444A92293790FDA3420D36CFC0736E4195E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...%..%..%.8i...%....%.2.!..%.2.&..%..$..%.2.$..%.2. ..%.2.%..%.2....%.2.'..%.Rich..%.........................PE..L....m_.........."!................p........0...............................p.......)....@A.........................*..J....@..x....P...............0...#...`..p...X...8...............................@............@...............................text...J........................... ..`.data...8....0....... ..............@....idata.......@......."..............@..@.rsrc........P.......(..............@..@.reloc..p....`.......,..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\msvcr120.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):971064
                                                                                                                                                                                                        Entropy (8bit):6.965132668528083
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:wmFyjHVMxBuwQLYucGp4iiqgNb3HoIbiIw:2My2yRgFoIbnw
                                                                                                                                                                                                        MD5:2FB20C782C237F8B23DF112326048479
                                                                                                                                                                                                        SHA1:B2D5A8B5C0FD735038267914B5080AAB57B78243
                                                                                                                                                                                                        SHA-256:E0305AA54823E6F39D847F8B651B7BD08C085F1DBBCB5C3C1CE1942C0FA1E9FA
                                                                                                                                                                                                        SHA-512:4C1A67DA2A56BC910436F9E339203D939F0BF854B589E26D3F4086277F2BEC3DFCE8B1F60193418C2544EF0C55713C90F6997DF2BFB43F1429F3D00BA46B39B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0iP.^:P.^:P.^:..:S.^:P._:..^:]L.:..^:]L.:1.^:]L.:f.^:]L.:..^:]L.:Q.^:]L.:Q.^:]L.:Q.^:RichP.^:........PE..L.....~W.........."!.....................................................................@.........................`........R..(....p..................8?......D]......8...............................@............P...............................text...y........................... ..`.data...<e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..D].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\pdf-xpansion-cjk.pds (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PDF document, version 1.7 (zip deflate encoded)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2937426
                                                                                                                                                                                                        Entropy (8bit):7.999721009048782
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:49152:gNIbw9+FObeh8Ec/8R70Ndi927yGt0MXtwolPvXbMN2unFpFQnrXunxD45aD4Aj1:gNIb3ObY8ExsdO27R0M9NlPvrMwzyxDt
                                                                                                                                                                                                        MD5:A156BAC67FDCA2A16112B5EE07396B34
                                                                                                                                                                                                        SHA1:CE1B5BE9C96187DECD752705CE8FE30471B30FF3
                                                                                                                                                                                                        SHA-256:DB64A42B1A2D59139C79DE7C13CA6DD9004544611C62396093C72520BA3EC91C
                                                                                                                                                                                                        SHA-512:24494EAAE5BC0E8CFF551A5454203C7689B3F0DC1F509821E762D7CF8015693F379C82EF2A2659CC29333C4894B3A69F92B3146CCAFA56388FA145765FE08254
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:%PDF-1.7.%......2 0 obj<</Storage 3 0 R/Type/Catalog/Version/1.7>>.endobj.4 0 obj<</D(\.\.\.j\.\.5D\.\(\.;\.\.\.[\\jK\..Wx)/Filter/FlateDecode/L 7463/Length 2964/N/83pv-RKSJ-H>>stream..9.....3.....U+.^...6$.....U......$.+...dC..i.."B..X0fZ%...Po........!.$..Y\..5B...T..d......e.r.....L.q.xOC.B.B.#.. ."j..q..W..M.h....W.C..|8$}*...W.....j.....)|.... EE...$h..#..Lb%w=.f5..sU......v(.9#...Wb.Q.s.hQ.r.....g.v.*I[.#..J....X;.'..a....`4...~Z..X..bQ.._!..b..L..../8.d..7.j.m.3.~}.....)p.+*$..)*.&GjV.lB....2.Nb.=.E.r.K...N.K.1../.,.1U.U.?<..2['......`...X..g..).@."....}W"P...K.{..6.1V..g..dI.....p<..]..^..y.D..u...b......!hpQ?...r.W=.<.:..PN..i].H.....N...%u...X|..G5C .........h]>..........RS.W..J..+4#..\.I.D..k#...=.:..{...6%..n..?..`...X.......W..3.+l0.z.y.'d._[.....n.d..R.O......1.Pi..L<.p.).w)R.N>..._mi.8....!..!...m....d.Aq..;v...?.}.{..y...A...."......i6j..aB.../......._3"~./.jD.=.........=Y.Xf.o..r.pn....S...g....#Y.g..L..........3Q...R.V=[.H

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\pdf-xpansion.pds (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PDF document, version 1.7 (zip deflate encoded)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1320391
                                                                                                                                                                                                        Entropy (8bit):7.9992888549386585
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:24576:k4oFw1jwkIQfkME2xnmcQqASBneIDIYSTpRyqsa84JAK5f2g:k4o2jwsfk8xmcTAcIYSqqv8CAs2g
                                                                                                                                                                                                        MD5:54DC9CBDE130682C4C26D7240DF349D7
                                                                                                                                                                                                        SHA1:A85369185808000C2F95D348DD32926F23E70459
                                                                                                                                                                                                        SHA-256:B4C873DB0255D52EB4291A152205CC227AC6DFA5ABF50BFCE8758C0260A160CC
                                                                                                                                                                                                        SHA-512:174AC6840FF91C905695DDA4CFA1620503C80A75877C91A89D79200F4EEC6ACB2373336B0F8E42EBEB6C341FF17F56F9EB2B35A61EDDD72945D95AB9D31359C2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:%PDF-1.7.%......2 0 obj<</Storage 3 0 R/Type/Catalog/Version/1.7>>.endobj.14 0 obj<</D(\..\.\. \.\.u..\."\.n\.r..\.\.\.\.e)/Filter/FlateDecode/L 1409/Length 1420/N/demoWM.xo>>stream......y...Q...z......bD.r..&.......%x.n....Qg.o..J..t..0.|../.L...E.6......Fl._.,...bK.(c3 ...i...LT:;..77e......T...A..>..v9.0..R........2.Gu<..I..9@..rk...ON._.{.@.?...;;..T2...~Q...x....lN.g..*.z.._".j..(G.K...yT&...V3.6"L@M..E.h.z3../.[x.'..K...{.R.v.0.-.......r_..6....o..U.n.W.D.....1.......>..&..TB..."....hSK.zb.saF.0....{..@2.>..[.D..]...G3.%..Nu>q. .I..|....l..V..,.vz......-.Q....c...3...t...n.n...........l.M....^.]3... .{...]...|......=..B.;.w.p..k..Y.;.s..m.... ....a:......v..$9ks............(...l....(..f.......m:Vm.j...(.....8...._#.............`.[i..-..7H...b..sk...t"..r1.,...#.|..h..5aA.....L.n..9.|..+T.m.......b.H.a.S2...^.....Gk8..w%>*...[:z.Od..$3..z.*.|5M..O.b..g<y(3...n.*.w].&.....J...?.Dt.N..+^..~.l.zEO...$...2....'=.(8-......Y.....".c@..;E.x.*

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\pdfcore-x86.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):29308848
                                                                                                                                                                                                        Entropy (8bit):6.429221480087082
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:393216:2KMiAG0wPidFOhuTFx0IkcUZ33uk+aEIPtD:2kzidFOSxat3uk+and
                                                                                                                                                                                                        MD5:4C58277BCB810B7B7F07BAAAF0C4D409
                                                                                                                                                                                                        SHA1:A64EC7B797FDABFA81EE71502C6462AFD836FFDD
                                                                                                                                                                                                        SHA-256:26309184E7986C384AE0BECB6916240E71E139DD2FB1A031D3263B79652B1B7A
                                                                                                                                                                                                        SHA-512:FC973BDF9778CEDB565445FBABDECFA880F6C8218C3F5279CC1F9BC400695828372F7489ED4CB9D404BC945DBF7F14964F6C0A977A4F1EB380E63CB6A8EDD1D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........3;'.RUt.RUt.RUtC.t.RUtC.t7RUtC.t.RUt..Pu.RUt..Vu.RUt..Pu.RUt..Qu.RUt`.Qu.SUt*..t.RUt*..t.RUt.RTt.SUt`.PuLVUt`.Uu.RUte..t.RUt.R.t.RUt`.Wu.RUtRich.RUt........PE..L...,?.Y...........!.....68..`......kF.......P8.....................................}....@.........................p.j.`....j......@............... .......P..T.+.`.^.T.....................^.......^.@............P8..............................text...M58......68................. ..`.rdata..FG2..P8..H2..:8.............@..@.data....i)...j...(...j.............@....gfids..0............r..............@..@.tls......... .......v..............@..._RDATA..0....0.......x..............@..@.rsrc........@.......z..............@..@.reloc..T.+..P....+.................@..B................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\platforms\is-MKJLC.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1248888
                                                                                                                                                                                                        Entropy (8bit):6.841919816679135
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:gXThFe45BxeGLs74ZXmDK5cvG9VsBqIMi/tryKeD9NZfGtqU:g1pBxeGsDKXN+deJGt9
                                                                                                                                                                                                        MD5:261E68A15BD3D3D309427AC8FB96CFCA
                                                                                                                                                                                                        SHA1:A0A7E66C79F22CC7E85C16B64197CA778262FF65
                                                                                                                                                                                                        SHA-256:8A812D9B0EC62DF005DE2D045315B1DE1D42826743BE0C2D29F9BD04803CCA1A
                                                                                                                                                                                                        SHA-512:E94B264E105FF1AB921CC6C395396A691401748D54ECF9E0CDCF51F8E8C951C7AF68E00CA92B92A4FD4398E7DACDDBF6481F680DE3F9031207DCD6DE2F4A7299
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..r..{!..{!..{!v..!k.{!..~ j.{!... u.{!..x w.{!..z {.{!$.. |.{!$.} ~.{!..z {.{!... X.{!$.z j.{!..z!..{!..~ 6.{!..{ ~.{!..!~.{!..y ~.{!Rich..{!........PE..L....lP_...........!.........|...............................................p......U.....@.........................P...x...............H...............x...............T...............................@............................................text............................... ..`.rdata...J.......L..................@..@.data....[... ... ..................@....qtmetad.............$..............@..P.rsrc...H............&..............@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\platforms\qwindows.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1248888
                                                                                                                                                                                                        Entropy (8bit):6.841919816679135
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:gXThFe45BxeGLs74ZXmDK5cvG9VsBqIMi/tryKeD9NZfGtqU:g1pBxeGsDKXN+deJGt9
                                                                                                                                                                                                        MD5:261E68A15BD3D3D309427AC8FB96CFCA
                                                                                                                                                                                                        SHA1:A0A7E66C79F22CC7E85C16B64197CA778262FF65
                                                                                                                                                                                                        SHA-256:8A812D9B0EC62DF005DE2D045315B1DE1D42826743BE0C2D29F9BD04803CCA1A
                                                                                                                                                                                                        SHA-512:E94B264E105FF1AB921CC6C395396A691401748D54ECF9E0CDCF51F8E8C951C7AF68E00CA92B92A4FD4398E7DACDDBF6481F680DE3F9031207DCD6DE2F4A7299
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..r..{!..{!..{!v..!k.{!..~ j.{!... u.{!..x w.{!..z {.{!$.. |.{!$.} ~.{!..z {.{!... X.{!$.z j.{!..z!..{!..~ 6.{!..{ ~.{!..!~.{!..y ~.{!Rich..{!........PE..L....lP_...........!.........|...............................................p......U.....@.........................P...x...............H...............x...............T...............................@............................................text............................... ..`.rdata...J.......L..................@..@.data....[... ... ..................@....qtmetad.............$..............@..P.rsrc...H............&..............@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\styles\is-TP8U8.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):132216
                                                                                                                                                                                                        Entropy (8bit):6.529728833719114
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:2Y8K7wsDv+VehfJChnLdI0w2I7ZL38XG7/zjh4Ge+gejo0ME36coijLX6J6PPgCY:2E1DUvQL3Wizjh4GelYo0ME36coijLXw
                                                                                                                                                                                                        MD5:AF757B9032FDB73815EF427BEBCB3C11
                                                                                                                                                                                                        SHA1:B779DAA523721F947045A4050B7DDCB31A7F5D1E
                                                                                                                                                                                                        SHA-256:4579779711F7346AD1F7D5F6DEF2568E70862CD64E1D511A67E92C210F2AA675
                                                                                                                                                                                                        SHA-512:E95BFF2C5A78906E40542B7F29DF334FD8AA568B880B9AEED50E86B8686A8F5D0D076619F70FA0AC24D6AEDCACC2113956EA72415637E2F4FFE1AB9CADB4BD2B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{f,.............b.......w.~.....w.~.....w.~.....w.~.....r.~....\t.~........!...\t.~....\t.~....\t......\t.~....Rich....................PE..L....lP_...........!.....P..........ZV.......`...............................0.......x....@.................................@...........X...............x...........0s..T...................,t.......s..@............`..d............................text...DO.......P.................. ..`.rdata...s...`...t...T..............@..@.data...............................@....qtmetadm...........................@..P.rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\styles\qwindowsvistastyle.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):132216
                                                                                                                                                                                                        Entropy (8bit):6.529728833719114
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:2Y8K7wsDv+VehfJChnLdI0w2I7ZL38XG7/zjh4Ge+gejo0ME36coijLX6J6PPgCY:2E1DUvQL3Wizjh4GelYo0ME36coijLXw
                                                                                                                                                                                                        MD5:AF757B9032FDB73815EF427BEBCB3C11
                                                                                                                                                                                                        SHA1:B779DAA523721F947045A4050B7DDCB31A7F5D1E
                                                                                                                                                                                                        SHA-256:4579779711F7346AD1F7D5F6DEF2568E70862CD64E1D511A67E92C210F2AA675
                                                                                                                                                                                                        SHA-512:E95BFF2C5A78906E40542B7F29DF334FD8AA568B880B9AEED50E86B8686A8F5D0D076619F70FA0AC24D6AEDCACC2113956EA72415637E2F4FFE1AB9CADB4BD2B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{f,.............b.......w.~.....w.~.....w.~.....w.~.....r.~....\t.~........!...\t.~....\t.~....\t......\t.~....Rich....................PE..L....lP_...........!.....P..........ZV.......`...............................0.......x....@.................................@...........X...............x...........0s..T...................,t.......s..@............`..d............................text...DO.......P.................. ..`.rdata...s...`...t...T..............@..@.data...............................@....qtmetadm...........................@..P.rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_ar.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):57732
                                                                                                                                                                                                        Entropy (8bit):5.400917862390972
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:naa7Ug5gzL5em09/285D5d6wiNdYhReauMPRnwepe2E:nacUg5Uem09Z6VdYhReapnwepe2E
                                                                                                                                                                                                        MD5:8C955BA4ECAD9F82010D8F4ED5F58FBB
                                                                                                                                                                                                        SHA1:7BD48E206CE89E9EC2A25AD9355356A24B4985CD
                                                                                                                                                                                                        SHA-256:FE2BDC52B4F17DCE22975F97C5C038921557BC5CA2017C1A1C9C356684BBA107
                                                                                                                                                                                                        SHA-512:E659B5213829BC31298BB47F745F5C04ABE39AD27BBCE329A720DEF8546172833A74BBCF5993B39387E06119D113DDDAE2259A725F642965260B0926A497EF7A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..W....A..WD...B..W....C..W....D..X....E..X....F..Y0...G..YZ...H..Y....I..Y........................%.../..=..../..B..../..i..../...Y...;.......;.......;.......;.......;...)...;..+....;..8....;..@....;..F....;..L....O.......O..wj...O..{j.......0...t...F..D@..Wn..E....N..F...Z...G.......I...[[..J.......J.......J.......Sg..*...Uo..tL..]...=...]...mE.._..."_.._...w..._....m../!...L......./...y...x...y...7...y..........K............`...t......t........2.......A.......g...%.......D.......0..........*....T......v... .......9................C...5.............8Y..........%M...$...v.......$......H..#.M...|.(....HK.,....^..,.=.._..,.t.._..-.....).4......6'....[.6......D&z.....FU......G.....Z.HY...ZD.HY...Zq.HY...Z..J6......M.....y.Mb...[..PFE.....P.d.....R.|..]Q.R....L..V}......V.......V.......V.......Z]3.....Z.z.....\.d...m.\.......gc...`P.g.D...|.g.D...z.v...../.v.C..__...$..7............$..:...#M.......C..D....g...7..................H#.......A...)......2..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_de.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):64745
                                                                                                                                                                                                        Entropy (8bit):4.806037676893342
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Ls3Bw0ZS9m6RzPU0vLXTJRfRd42WC0GVax:g3BlS9mOPNvLX9RfRd42WC0GVax
                                                                                                                                                                                                        MD5:E05BE85D044EA71F4BC7140B8EAF21E7
                                                                                                                                                                                                        SHA1:BF89DF34CC8D5F5F604DB1653782FCD70605C37C
                                                                                                                                                                                                        SHA-256:7079AE3F52F85943A7AE17DDE0D9A15F584B9ACC0BAB1843BC8FB96EFBCD9E91
                                                                                                                                                                                                        SHA-512:9C03B8DEE41E275F0CFB504BCB3BBB06292DEE0DEB60BF4BD05694F2D63C1CBB17E6C667F37844E9D8B77FA84E57C48664488851909A0D2C09DCA74A7E07D8A3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..aJ...A..at...B..a....C..a....D..bM...E..c....F..c`...G..c....H..c....I..c................/.......U.../..E..../..I..../..v).../......;.......;...w...;.......;...5...;..#_...;..1....;..@....;..H....;..N....;..U....O..#'...O...T...O...........^...t.....D@..a...E....X..F...d...G....s..I...e...J....|..J.......J....?..Sg../...Uo......]...E...]...y..._...&..._......._....o../!..............y.......y.......y...T......S........S...`...F...............................C...%.......D.......0........../....T...q..v...$.......@....................5...8.........8Y...:......)....$...J..............Q..#.M.....(....P..,....h..,.=..i!.,.t..i..-.......4......6'....9.6....|.D&z.../.FU....k.G.......HY...dt.HY...d..HY...d..J6......M.......Mb...e..PFE.....P.d....R.|..g..R....U..V}......V.....|.V.......V.......Z]3.....Z.z.....\.d..4I.\.......gc...j".g.D...$.g.D.....v.......v.C..iY...$..>........f...$..A...#M.......C..M....g.....................H#......A.........!F..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_en.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):58685
                                                                                                                                                                                                        Entropy (8bit):4.890440342646496
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:AfyrMmj/laUq5ghoU0gDH03oAi47/3PdOIIq4Byjn5DUOl4VC+w+1WCu+eY4f8TU:A6rMmZBq5ghX0/7Iq4BKlPl4VC+wQut
                                                                                                                                                                                                        MD5:EEBC5A7846068D2EDFF17774EC12600F
                                                                                                                                                                                                        SHA1:B2E773E5D63E7FE78E7049081A04F8E34A8BA376
                                                                                                                                                                                                        SHA-256:C25C1C873222011B016CB2CCBFCC7FE98B40FB6612EC9A3F0BF5FE18CE856750
                                                                                                                                                                                                        SHA-512:F324ECE06FB57EADB257D137DF059BCAE11348FE6E63513D34DAA08F78525FF13B1D39B469462E1655E2697E9E2382F226FCC9172E51888BC5A06BD65D6E308C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..X....A..X....B..Y....C..Y;...D..Y....E..ZN...F..Z....G..Z....H..Z....I..[&...............%.......K.../..?..../..C..../..ky.../.......;.......;...[...;.......;.......;.. A...;..,....;..::...;..Al...;..G....;..N....O.. ....O..y*...O..}........T...t......D@..X...E....>..F...\C..G.......I...\...J....*..J.......J.......Sg..,...Uo..u...]...?J..]...n..._...#..._...y..._......./!..............y.......y.......y..........LQ...........`...\......uk.......H...............{...%.......D.......0..........+....T......v...!.......;........j.......c...5.............8Y..........&....$...<..............J..#.M.....(....Io.,....`..,.=..`O.,.t..`..-.......4......6'....3.6......D&z.....FU......G.....f.HY...[..HY...[..HY...\..J6......M.......Mb...]..PFE.....P.d...:.R.|..^..R....M..V}......V.......V.......V.......Z]3.....Z.z.....\.d../..\.....p.gc...aB.g.D...p.g.D.....v.......v.C..`....$..9............$..;...#M.......C..E....g......................H#...;...A...!......X..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_es.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):63475
                                                                                                                                                                                                        Entropy (8bit):4.795438163869372
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:627KbEtBgJLMOiUzl6UhO3I6OdypZU2DK8mRT2kWDYUYvLGzKmvqmA1:6aKoEhM6zlhZuCWDCvCm7
                                                                                                                                                                                                        MD5:B55602949992E50B136C129D9A1B04F9
                                                                                                                                                                                                        SHA1:4ECC62710A4DB1201A6E4EE5E707E20614B97B09
                                                                                                                                                                                                        SHA-256:67E06A77047821445DD3710810EC1EE912CFB084F0645256B3E04E9C4C5E7C38
                                                                                                                                                                                                        SHA-512:0644EE8E0BEA52DC2F014F7A29AC1FEEAF7998124B374A0E27A19B31A23B80D7C7C229F8B58A9C02AE8D28CD68DBB6F8EE659E80F6758F3CA39A9CF8212E138B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..`~...A..`....B..`....C..a'...D..a....E..b:...F..b....G..b....H..b....I..c................).......O.../..E:.../..In.../..tu.../...E...;.......;.......;.......;...+...;..#_...;..0....;..?....;..G....;..No...;..Ug...O..#+...O...(...O...:.......h...t...>..D@..`...E....d..F...d/..G....9..I...d...J....t..J....Q..J.......Sg../...Uo......]...Ep..]...x/.._...&..._......._......./!...T.......w...y.......y.......y..........Sw.......E...`...........m...............?...........%.......D...P...0........../s...T...q..v...$.......@....................5...$.........8Y..........)....$...v..............Q..#.M.....(....Ps.,....h..,.=..hU.,.t..h..-.....?.4......6'..../.6......D&z.....FU....W.G.....z.HY...c..HY...c..HY...d..J6......M.......Mb...d..PFE.....P.d...f.R.|..f..R....U2.V}....S.V.....n.V.......V.......Z]3.....Z.z.....\.d..3..\.......gc...ih.g.D...8.g.D.....v......v.C..h....$..>v...........$..A)..#M.......C..L....g...c..................H#...;...A...e.....!T..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_fr.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):65057
                                                                                                                                                                                                        Entropy (8bit):4.775392635465369
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:Y5R5IlU6sG7dqd6IT29UOtvUBRXdJhKOOSv80lXzzFvz2Vi8bWuSms3QZMqRdL6:2RBOBWOtsTNd8ylus
                                                                                                                                                                                                        MD5:D1C59556DED29D5E268A7A956BCCEE14
                                                                                                                                                                                                        SHA1:D08268DE103B3728C8A88A37B7B761F0AF85476B
                                                                                                                                                                                                        SHA-256:CABAE88C6C4BFD1FEB475C7940ACB38E89201F8122BAEA7FAEDA08385A51FAC3
                                                                                                                                                                                                        SHA-512:05CF84C8E45C193C2ABD236B8B47939D2A349A67D16AE845537DF93095071D430860036E8396F79585E78C59422A6AAC83FCFC45F26BFBDA2050604BA8C3E7AC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..c\...A..c....B..c....C..d....D..d_...E..e....F..er...G..e....H..e....I..e................3.......Y.../..F..../..K$.../..x=.../.......;.......;.......;.......;...!...;..#i...;..1K...;..A....;..IN...;..P-...;..Wm...O..#3...O...|...O...........b...t......D@..c...E....d..F...g...G....s..I...g...J....h..J.......J....Q..Sg..02..Uo......]...F...]...|1.._...'..._......._......./!...........Q...y.......y.......y...h......Uw.......C...`...B.......................q.......7...%.......D.......0..........0....T......v...$.......A........h...........5..........f..8Y.........*+...$.................S..#.M.....(....R[.,....j..,.=..k-.,.t..k..-.......4....o.6'....1.6....p.D&z...S.FU....I.G.......HY...f..HY...f..HY...f..J6......M.....u.Mb...g..PFE.....P.d...0.R.|..i..R....W6.V}......V.....R.V.......V.......Z]3.....Z.z.....\.d..4..\.......gc...l:.g.D...|.g.D...^.v.....m.v.C..kw...$..?............$..Bq..#M......C..N]...g...5..................H#.......A.........!d..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_it.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):63381
                                                                                                                                                                                                        Entropy (8bit):4.779644160958497
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:84IVmQVbV8O76rUB+sqKzU9FmSmSozWkovYPXQQUhFP+DP/EBiZdLxNmdx8:1VQV5J7/BlqRYsP+n
                                                                                                                                                                                                        MD5:B68D3C8B7DFA72D1EC4332EDB78CC4F2
                                                                                                                                                                                                        SHA1:A5772C8969FD1CC9C1D646EBEB5AF138343E9BD4
                                                                                                                                                                                                        SHA-256:88473D4720F1A823B281106653B98BABAC470AC332C019A3623E85D72C6D0D87
                                                                                                                                                                                                        SHA-512:ACA9705418EA26721DC6EEAE353BA3BF4FD44512043D0B53782E77E929E72E2AD6D1B340B04EEBA95B3EED06C3280E347FF704041970614631F797B2EB31D560
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@.._....A.._....B.._....C..`)...D..`....E..a<...F..a....G..a....H..a....I..b................3.......Y.../..C..../..H".../..t..../.......;.......;...y...;...j...;.......;.."....;..0....;..>....;..Fx...;..M....;..T/...O.."....O.......O... ...........t.....D@.._...E.......F...c1..G....g..I...c...J.......J.......J.......Sg......Uo...@..]...D*..]...w..._...&?.._....K.._......./!...............y.......y.......y..........RI...........`...:...................................%...#...D...V...0...............T...O..v...$F......?....................5.............8Y...T......)C...$..................O..#.M.....(....O..,....g..,.=..gW.,.t..g..-.......4....].6'......6......D&z...I.FU......G.......HY...b..HY...b..HY...c..J6......M.......Mb...d..PFE.....P.d.....R.|..e..R....S..V}....G.V.....z.V.......V.......Z]3.....Z.z.....\.d..3I.\.....t.gc...hh.g.D...n.g.D.....v.......v.C..g....$..=............$..@...#M...y...C..KM...g......................H#......A......... ...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_nl.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):64309
                                                                                                                                                                                                        Entropy (8bit):4.7807943343150425
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:JE37pchgvuQUG6OckUzAsPPizZQ56V0HJDRcVkkPabbldvPfF/HR1Bi:WLqhgvEG6OcT+hPabbldvF/g
                                                                                                                                                                                                        MD5:478DD839BF5334C254390B3ADE43E994
                                                                                                                                                                                                        SHA1:D13AC2FD33FD5C1B9C059C63AFF05CF03457343B
                                                                                                                                                                                                        SHA-256:D32043438BA0B249EF5DDE1D411BD07F86E1C332B019E1920F9C0C8CAAE292D6
                                                                                                                                                                                                        SHA-512:DDE95A06706925825E36354D15318DDA0E579C38A84717E8EBB6F4B7BADBA16F87AD422BB485800AA96EE3E742537F1E41E9903F6A6F236C4093FF3B222A2600
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..aR...A..a|...B..a....C..a....D..bU...E..c....F..ch...G..c....H..c....I..c................+.......Q.../..E..../..J(.../..u..../.......;.......;.......;.......;.......;..#....;..0....;..@....;..Hb...;..O7...;..V....O.."....O...n...O...........p...t......D@..a...E.......F...e...G.......I...e...J.......J.......J.......Sg../...Uo......]...E...]...ys.._...&y.._......._....;../!...6..........y.......y...;...y..........T'...........`...................L..................%.......D...(...0..._....../Y...T...?..v...$~......@....................5.............8Y.........)....$..................Q..#.M.....(....Q1.,....h..,.=..i..,.t..i..-.......4.....6'......6......D&z...e.FU....'.G.....$.HY...d|.HY...d..HY...d..J6......M.......Mb...e..PFE.....P.d...B.R.|..g..R....U..V}..../.V.......V.....R.V.....k.Z]3.....Z.z.....\.d..3..\.......gc...j..g.D.....g.D.....v.....{.v.C..iM...$..>............$..Aq..#M......C..Mo...g...A.......a..........H#.......A.........!...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_pl.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):62066
                                                                                                                                                                                                        Entropy (8bit):4.934441152389104
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:u9Ku9eAukifacU2IPTUL7J4DAIiYp7cu1JBPnmm/ACbPSYcaQs3sKgt9xdjbzgBg:qeAea72IPwO3/ACbBnsKg/xdjbzL/
                                                                                                                                                                                                        MD5:2EE023974FB9B122C29C11DEE033323D
                                                                                                                                                                                                        SHA1:26E0B6A676481DE095DF72BC3744BB7F6FC1D16F
                                                                                                                                                                                                        SHA-256:BC137224351AAD3C7CC60F84CE0DBD6CBDE08DE53ABCF945ABDA559D32993B6C
                                                                                                                                                                                                        SHA-512:0B3C8D6EA8D00B33368AD674238E0F4ACF3CC376877B00183F7348F451BBA72E18D0A0993A71E372B59AC96B88C600C74C2C47BF66E8CB38D9C5827AFE8E9266
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..^....A..^-...B..^....C..^....D.._....E.._....F..`....G..`C...H..`m...I..`........................E.../..B..../..G..../..r..../...C...;.......;.......;.......;.......;.."....;../G...;..=....;..E:...;..K....;..R....O..!....O.......O...........N...t......D@..^W..E....*..F...a...G....<..I...bX..J....:..J....,..J....d..Sg...2..Uo..|...]...B...]...u..._...%Q.._......._......./!...L.......$...y.......y.......y..........P............`..........|........................F...%.......D.......0..........-....T......v...#r......>a.......a.......z...5..........3..8Y...7......(a...$..................N..#.M...*.(....M..,....e..,.=..e..,.t..fb.-.....B.4......6'......6......D&z.....FU......G.......HY...a-.HY...aZ.HY...a..J6......M.....2.Mb...b..PFE.....P.d...x.R.|..dN.R....R..V}......V.......V.....}.V.......Z]3...u.Z.z.....\.d..2-.\.......gc...f..g.D...-.g.D...#.v.....?.v.C..f....$..<B...........$..>...#M.......C..J8...g...S...............y..H#.......A...x.........

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_pt.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):62891
                                                                                                                                                                                                        Entropy (8bit):4.823364078120669
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:HM0kVXe1I/LCXU1ZBUH7uUF1kGCvs8eN/0S4Lhh7a9nKoJ+MVSLze:HKZgI/H1ZuCTh7g7
                                                                                                                                                                                                        MD5:B2157DA8DD5BF92C15AA1F71791C9EFB
                                                                                                                                                                                                        SHA1:BBD31B6B6A84ADA045C9525C35F14234D4768866
                                                                                                                                                                                                        SHA-256:1059322DFFE9E89A3AC30DD6909BB557A7A4ED846964E4CBDC61B9CAD1C09ADC
                                                                                                                                                                                                        SHA-512:C10538AF718448D2DA5E6DB8884C207FB71984A499FE61B3F9060F5F5CE282F9AF0A86F15FCC7D2CDBCCAC423796CF5B891D1D12E2AFAF520B5AC90E765AC3C4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..^N...A..^x...B..^....C..^....D.._Q...E..`....F..`d...G..`....H..`....I..`........................9.../..Cd.../..G..../..r'.../.......;.......;...%...;.......;...k...;.."....;../....;..>B...;..E....;..Lq...;..S1...O.."[...O.......O...........B...t.....D@..^...E.......F...a...G....5..I...b...J....T..J....Y..J.......Sg......Uo..}...]...C...]...u..._...&..._...._.._....5../!...............y.......y.......y..........Qc...........`..........}K.......~...................%.......D...0...0...g...........T......v...$.......?)...................5...^.........8Y...J......)!...$...:.......d......O..#.M.....(....Nk.,....e..,.=..f..,.t..f..-.......4....c.6'....i.6......D&z...A.FU......G.....h.HY...ax.HY...a..HY...a..J6......M.......Mb...b..PFE.....P.d.....R.|..d..R....S..V}....#.V.....N.V.......V.....].Z]3.....Z.z...&.\.d..2..\.......gc...g..g.D...$.g.D.....v.......v.C..fU...$..=............$..?...#M......C..J....g......................H#.......A...c..... ...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_ru.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):62763
                                                                                                                                                                                                        Entropy (8bit):5.455115657023205
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:FNJnsaI8wma3Y/wG4mnDhkisaDpT42OuweoJ1H1LYJ:FfnsiDzoisH8
                                                                                                                                                                                                        MD5:1E7324A5A009133A83ECD4ECD2942F04
                                                                                                                                                                                                        SHA1:FD85F1E55CABBA7D3FEE7860529FB30CBB93677B
                                                                                                                                                                                                        SHA-256:6A01D8E8013BF6DA4A5DB0351C1307A3E18830B00BEE5B348BBC0F51E2209747
                                                                                                                                                                                                        SHA-512:3C105DB44A6FEBE5252EA35B8B4B9930B30BAC3275EFD0AA7A771EDFEE34235CCA31AD1AE16F0C3B2461E9C9A0D0D2FE26674C6D706E1E1DE1D42F45169E50D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B...w...@..^?...A..^i...B..^....C..^....D.._B...E.._....F..`U...G..`....H..`....I..`............................/..C .../..G=.../..rt.../......;.......;...a...;...D...;...y...;.."....;../....;..>*...;..E....;..L8...;..R....O.."i...O.......O...........,...t.....D@..^...E.......F...a...G.......I...b...J....P..J....:..J.......Sg......Uo..}...]...CX..]...v..._...%..._....B.._......./!...............y.......y.......y..........Q............`..........}J...........................%...B...D...u...0...............T...D..v...$.......?........1.......P...5.............8Y...c......)....$...-.......m......N..#.M.....(....N..,....e..,.=..fE.,.t..f..-.....0.4..../.6'......6....'.D&z.....FU......G.....s.HY...ai.HY...a..HY...a..J6......M.......Mb...b..PFE.....P.d....R.|..d..R....R..V}....x.V.....H.V.......V.......Z]3...E.Z.z...N.\.d..2..\.....F.gc...g..g.D...!.g.D.....v.......v.C..f....$..<............$..?...#M...+...C..Jb...g......................H#.......A...R..... ...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_th.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):57617
                                                                                                                                                                                                        Entropy (8bit):5.544709954027822
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:8nygJLT9D7CxAAVLPdWsdJONjqSERWYZjqyaf:8XlCmqPxvif
                                                                                                                                                                                                        MD5:7255EF532F10A3C31ABA62F94D5B80FB
                                                                                                                                                                                                        SHA1:93AEF95E55F592FEE6EB45C1E4EC903F5FDD6288
                                                                                                                                                                                                        SHA-256:F0C478A1263EFCD00F6E3A307A46CF2B033AAF6CAF6241DC88A265AD89139573
                                                                                                                                                                                                        SHA-512:89C579CACB866E4A8FE8E8BF235751A0034C9B588289CC4C914A01009E84E291FDB1C21DDC82FF2C931CEC9C3C6CFF9F65021E1E65F3172EE39937EFCB3A2593
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..WS...A..W}...B..W....C..W....D..XV...E..Y....F..Yi...G..Y....H..Y....I..Y........................1.../..>..../..BY.../..i|.../...a...;.......;.......;...X...;.......;.. ....;..,....;..9|...;..A....;..F....;..M....O.......O..v....O..z........@...t...A..D@..W...E.......F...[...G....6..I...[...J....(..J.......J.......Sg..+...Uo..sq..]...>...]...m..._...#q.._...w\.._...~.../!...V...........y.......y.......y.../......KT...........`..........s<...........................%.......D...'...0...V......+....T...L..v...!d......:a...................5..........+..8Y..........&i...$...5......._......I0.#.M.....(....H..,....^..,.=.._..,.t.._v.-.......4....a.6'......6......D&z...~.FU......G.......HY...Z}.HY...Z..HY...Z..J6......M.......Mb...[..PFE.....P.d.....R.|..]..R....L..V}......V.......V.....K.V.......Z]3...=.Z.z...V.\.d../7.\.....N.gc..._..g.D.....g.D.....v.......v.C.._:...$..8Z...........$..:...#M.......C..E6...g...O.......\..........H#.......A..........(..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_tr.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):60425
                                                                                                                                                                                                        Entropy (8bit):4.949401711913344
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Qa6nrcBoMKRiPlwnCghUeepp0T6socBXoYKwVjbgf7PGjO:QLQBoMK+wnCghUeeMT6ZgXXKwVbgf7PZ
                                                                                                                                                                                                        MD5:14DDA725FFEC576D355634283DC77025
                                                                                                                                                                                                        SHA1:48126BDE0ABCB6A12EA9051B312B9A2F428AA2EC
                                                                                                                                                                                                        SHA-256:C16B3985C0399CD668246DD58915F6C356C849176CB84AAE7D8A3D5F5B6392BB
                                                                                                                                                                                                        SHA-512:3FF0705A08E5548200D7917BB1E773F703340E8CDF75173FCC0B6710369952BECD05C684A2D1495259C06AF033A22B817A6428EFAD4CBF955A62D821E43ABBB5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..\;...A..\e...B..\....C..\....D..]>...E..]....F..^Q...G..^{...H..^....I..^........................?.../..Ax.../..E..../..o..../.......;.......;.......;...v...;.......;..!E...;...M...;..;....;..D|...;..J|...;..Q0...O..!....O..}9...O...g.......H...t......D@..\...E.......F..._...G.......I...`|..J.... ..J.......J.......Sg..-^..Uo..y...]...A...]...r..._...$..._...}..._......./!.............y.......y.......y...'......OZ...........`...s......y...........................%.......D...A...0...r......-+...T...|..v...".......<....................5.............8Y...o......'....$..................M..#.M.....(....LV.,....c..,.=..c..,.t..dT.-.....0.4......6'......6......D&z...j.FU......G.......HY..._e.HY..._..HY..._..J6......M.....z.Mb...`..PFE.....P.d.....R.|..br.R....P..V}....".V.......V.......V.....^.Z]3.....Z.z...f.\.d..1..\.....N.gc...d..g.D...!.g.D...[.v......v.C..d....$..:............$..=_..#M...y...C..H....g..................[..H#.......A.............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\icepdfeditor_zh_cn.qm (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):46377
                                                                                                                                                                                                        Entropy (8bit):5.790331245678028
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:uYcJVbBo0NV4ZURc6Uks0fEjJYkcEyPG4qKpOXAZljrqxKaw5O:uYcnFo0LRch1hAZljm
                                                                                                                                                                                                        MD5:73B734057DFE2B181D3924767B9EF8CF
                                                                                                                                                                                                        SHA1:30C6C0AF41354576D17E663CD88FE13F96A7A050
                                                                                                                                                                                                        SHA-256:BEA559B2E950A9C5A8AE20C7F48C728482AFC2722E12CFD5A03DB7F1EE826F03
                                                                                                                                                                                                        SHA-512:325EC3E1CE754532A00B030BB6FD59F5795E47BB42594FCF45E0270F1064CAE9EB9F1E858FE8E05F72BC934636C658067F6260FE75E260451B58F8267E625139
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B...i...@..Dk...A..D....B..D....C..E....D..En...E..F'...F..F....G..F....H..F....I..F............................/..1..../..4..../..T..../.......;.......;...3...;...j...;...5...;.......;..$/...;..-n...;..3....;..7....;..<Z...O...k...O..^!...O..a/...........t...y..D@..D...E.......F...H...G...rj..I...H...J....j..J...t...J...x"..Sg..#t..Uo..[...]...14..]...V..._....m.._...^..._...c.../!...........^...y.......y..s....y..ww......:............`..s.......[V......x........*......x....%..y....D..y....0..z&......#K...T..f...v............'......|#......|....5.........~'..8Y...A...........$...Y......kq......9R.#.M.....(....8..,....K..,.=..L..,.t..L..-.....N.4......6'......6...x..D&z.....FU....5.G....w..HY...G..HY...G..HY...G..J6......M.....t.Mb...H..PFE...W.P.d.....R.|..J..R....<-.V}...{..V.......V....u).V....{..Z]3.....Z.z.....\.d..&-.\.......gc...L..g.D..n#.g.D.....v.......v.C..LF...$..,........?...$......#M.......C..6D...g..._......o^......o...H#.......A..q..........

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-1DHPI.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):65057
                                                                                                                                                                                                        Entropy (8bit):4.775392635465369
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:Y5R5IlU6sG7dqd6IT29UOtvUBRXdJhKOOSv80lXzzFvz2Vi8bWuSms3QZMqRdL6:2RBOBWOtsTNd8ylus
                                                                                                                                                                                                        MD5:D1C59556DED29D5E268A7A956BCCEE14
                                                                                                                                                                                                        SHA1:D08268DE103B3728C8A88A37B7B761F0AF85476B
                                                                                                                                                                                                        SHA-256:CABAE88C6C4BFD1FEB475C7940ACB38E89201F8122BAEA7FAEDA08385A51FAC3
                                                                                                                                                                                                        SHA-512:05CF84C8E45C193C2ABD236B8B47939D2A349A67D16AE845537DF93095071D430860036E8396F79585E78C59422A6AAC83FCFC45F26BFBDA2050604BA8C3E7AC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..c\...A..c....B..c....C..d....D..d_...E..e....F..er...G..e....H..e....I..e................3.......Y.../..F..../..K$.../..x=.../.......;.......;.......;.......;...!...;..#i...;..1K...;..A....;..IN...;..P-...;..Wm...O..#3...O...|...O...........b...t......D@..c...E....d..F...g...G....s..I...g...J....h..J.......J....Q..Sg..02..Uo......]...F...]...|1.._...'..._......._......./!...........Q...y.......y.......y...h......Uw.......C...`...B.......................q.......7...%.......D.......0..........0....T......v...$.......A........h...........5..........f..8Y.........*+...$.................S..#.M.....(....R[.,....j..,.=..k-.,.t..k..-.......4....o.6'....1.6....p.D&z...S.FU....I.G.......HY...f..HY...f..HY...f..J6......M.....u.Mb...g..PFE.....P.d...0.R.|..i..R....W6.V}......V.....R.V.......V.......Z]3.....Z.z.....\.d..4..\.......gc...l:.g.D...|.g.D...^.v.....m.v.C..kw...$..?............$..Bq..#M......C..N]...g...5..................H#.......A.........!d..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-31G5M.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):63381
                                                                                                                                                                                                        Entropy (8bit):4.779644160958497
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:84IVmQVbV8O76rUB+sqKzU9FmSmSozWkovYPXQQUhFP+DP/EBiZdLxNmdx8:1VQV5J7/BlqRYsP+n
                                                                                                                                                                                                        MD5:B68D3C8B7DFA72D1EC4332EDB78CC4F2
                                                                                                                                                                                                        SHA1:A5772C8969FD1CC9C1D646EBEB5AF138343E9BD4
                                                                                                                                                                                                        SHA-256:88473D4720F1A823B281106653B98BABAC470AC332C019A3623E85D72C6D0D87
                                                                                                                                                                                                        SHA-512:ACA9705418EA26721DC6EEAE353BA3BF4FD44512043D0B53782E77E929E72E2AD6D1B340B04EEBA95B3EED06C3280E347FF704041970614631F797B2EB31D560
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@.._....A.._....B.._....C..`)...D..`....E..a<...F..a....G..a....H..a....I..b................3.......Y.../..C..../..H".../..t..../.......;.......;...y...;...j...;.......;.."....;..0....;..>....;..Fx...;..M....;..T/...O.."....O.......O... ...........t.....D@.._...E.......F...c1..G....g..I...c...J.......J.......J.......Sg......Uo...@..]...D*..]...w..._...&?.._....K.._......./!...............y.......y.......y..........RI...........`...:...................................%...#...D...V...0...............T...O..v...$F......?....................5.............8Y...T......)C...$..................O..#.M.....(....O..,....g..,.=..gW.,.t..g..-.......4....].6'......6......D&z...I.FU......G.......HY...b..HY...b..HY...c..J6......M.......Mb...d..PFE.....P.d.....R.|..e..R....S..V}....G.V.....z.V.......V.......Z]3.....Z.z.....\.d..3I.\.....t.gc...hh.g.D...n.g.D.....v.......v.C..g....$..=............$..@...#M...y...C..KM...g......................H#......A......... ...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-43HOQ.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):64745
                                                                                                                                                                                                        Entropy (8bit):4.806037676893342
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Ls3Bw0ZS9m6RzPU0vLXTJRfRd42WC0GVax:g3BlS9mOPNvLX9RfRd42WC0GVax
                                                                                                                                                                                                        MD5:E05BE85D044EA71F4BC7140B8EAF21E7
                                                                                                                                                                                                        SHA1:BF89DF34CC8D5F5F604DB1653782FCD70605C37C
                                                                                                                                                                                                        SHA-256:7079AE3F52F85943A7AE17DDE0D9A15F584B9ACC0BAB1843BC8FB96EFBCD9E91
                                                                                                                                                                                                        SHA-512:9C03B8DEE41E275F0CFB504BCB3BBB06292DEE0DEB60BF4BD05694F2D63C1CBB17E6C667F37844E9D8B77FA84E57C48664488851909A0D2C09DCA74A7E07D8A3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..aJ...A..at...B..a....C..a....D..bM...E..c....F..c`...G..c....H..c....I..c................/.......U.../..E..../..I..../..v).../......;.......;...w...;.......;...5...;..#_...;..1....;..@....;..H....;..N....;..U....O..#'...O...T...O...........^...t.....D@..a...E....X..F...d...G....s..I...e...J....|..J.......J....?..Sg../...Uo......]...E...]...y..._...&..._......._....o../!..............y.......y.......y...T......S........S...`...F...............................C...%.......D.......0........../....T...q..v...$.......@....................5...8.........8Y...:......)....$...J..............Q..#.M.....(....P..,....h..,.=..i!.,.t..i..-.......4......6'....9.6....|.D&z.../.FU....k.G.......HY...dt.HY...d..HY...d..J6......M.......Mb...e..PFE.....P.d....R.|..g..R....U..V}......V.....|.V.......V.......Z]3.....Z.z.....\.d..4I.\.......gc...j".g.D...$.g.D.....v.......v.C..iY...$..>........f...$..A...#M.......C..M....g.....................H#......A.........!F..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-6QBM8.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):62891
                                                                                                                                                                                                        Entropy (8bit):4.823364078120669
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:HM0kVXe1I/LCXU1ZBUH7uUF1kGCvs8eN/0S4Lhh7a9nKoJ+MVSLze:HKZgI/H1ZuCTh7g7
                                                                                                                                                                                                        MD5:B2157DA8DD5BF92C15AA1F71791C9EFB
                                                                                                                                                                                                        SHA1:BBD31B6B6A84ADA045C9525C35F14234D4768866
                                                                                                                                                                                                        SHA-256:1059322DFFE9E89A3AC30DD6909BB557A7A4ED846964E4CBDC61B9CAD1C09ADC
                                                                                                                                                                                                        SHA-512:C10538AF718448D2DA5E6DB8884C207FB71984A499FE61B3F9060F5F5CE282F9AF0A86F15FCC7D2CDBCCAC423796CF5B891D1D12E2AFAF520B5AC90E765AC3C4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..^N...A..^x...B..^....C..^....D.._Q...E..`....F..`d...G..`....H..`....I..`........................9.../..Cd.../..G..../..r'.../.......;.......;...%...;.......;...k...;.."....;../....;..>B...;..E....;..Lq...;..S1...O.."[...O.......O...........B...t.....D@..^...E.......F...a...G....5..I...b...J....T..J....Y..J.......Sg......Uo..}...]...C...]...u..._...&..._...._.._....5../!...............y.......y.......y..........Qc...........`..........}K.......~...................%.......D...0...0...g...........T......v...$.......?)...................5...^.........8Y...J......)!...$...:.......d......O..#.M.....(....Nk.,....e..,.=..f..,.t..f..-.......4....c.6'....i.6......D&z...A.FU......G.....h.HY...ax.HY...a..HY...a..J6......M.......Mb...b..PFE.....P.d.....R.|..d..R....S..V}....#.V.....N.V.......V.....].Z]3.....Z.z...&.\.d..2..\.......gc...g..g.D...$.g.D.....v.......v.C..fU...$..=............$..?...#M......C..J....g......................H#.......A...c..... ...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-7QN4N.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):60425
                                                                                                                                                                                                        Entropy (8bit):4.949401711913344
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Qa6nrcBoMKRiPlwnCghUeepp0T6socBXoYKwVjbgf7PGjO:QLQBoMK+wnCghUeeMT6ZgXXKwVbgf7PZ
                                                                                                                                                                                                        MD5:14DDA725FFEC576D355634283DC77025
                                                                                                                                                                                                        SHA1:48126BDE0ABCB6A12EA9051B312B9A2F428AA2EC
                                                                                                                                                                                                        SHA-256:C16B3985C0399CD668246DD58915F6C356C849176CB84AAE7D8A3D5F5B6392BB
                                                                                                                                                                                                        SHA-512:3FF0705A08E5548200D7917BB1E773F703340E8CDF75173FCC0B6710369952BECD05C684A2D1495259C06AF033A22B817A6428EFAD4CBF955A62D821E43ABBB5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..\;...A..\e...B..\....C..\....D..]>...E..]....F..^Q...G..^{...H..^....I..^........................?.../..Ax.../..E..../..o..../.......;.......;.......;...v...;.......;..!E...;...M...;..;....;..D|...;..J|...;..Q0...O..!....O..}9...O...g.......H...t......D@..\...E.......F..._...G.......I...`|..J.... ..J.......J.......Sg..-^..Uo..y...]...A...]...r..._...$..._...}..._......./!.............y.......y.......y...'......OZ...........`...s......y...........................%.......D...A...0...r......-+...T...|..v...".......<....................5.............8Y...o......'....$..................M..#.M.....(....LV.,....c..,.=..c..,.t..dT.-.....0.4......6'......6......D&z...j.FU......G.......HY..._e.HY..._..HY..._..J6......M.....z.Mb...`..PFE.....P.d.....R.|..br.R....P..V}....".V.......V.......V.....^.Z]3.....Z.z...f.\.d..1..\.....N.gc...d..g.D...!.g.D...[.v......v.C..d....$..:............$..=_..#M...y...C..H....g..................[..H#.......A.............

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-D9KM2.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):57617
                                                                                                                                                                                                        Entropy (8bit):5.544709954027822
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:8nygJLT9D7CxAAVLPdWsdJONjqSERWYZjqyaf:8XlCmqPxvif
                                                                                                                                                                                                        MD5:7255EF532F10A3C31ABA62F94D5B80FB
                                                                                                                                                                                                        SHA1:93AEF95E55F592FEE6EB45C1E4EC903F5FDD6288
                                                                                                                                                                                                        SHA-256:F0C478A1263EFCD00F6E3A307A46CF2B033AAF6CAF6241DC88A265AD89139573
                                                                                                                                                                                                        SHA-512:89C579CACB866E4A8FE8E8BF235751A0034C9B588289CC4C914A01009E84E291FDB1C21DDC82FF2C931CEC9C3C6CFF9F65021E1E65F3172EE39937EFCB3A2593
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..WS...A..W}...B..W....C..W....D..XV...E..Y....F..Yi...G..Y....H..Y....I..Y........................1.../..>..../..BY.../..i|.../...a...;.......;.......;...X...;.......;.. ....;..,....;..9|...;..A....;..F....;..M....O.......O..v....O..z........@...t...A..D@..W...E.......F...[...G....6..I...[...J....(..J.......J.......Sg..+...Uo..sq..]...>...]...m..._...#q.._...w\.._...~.../!...V...........y.......y.......y.../......KT...........`..........s<...........................%.......D...'...0...V......+....T...L..v...!d......:a...................5..........+..8Y..........&i...$...5......._......I0.#.M.....(....H..,....^..,.=.._..,.t.._v.-.......4....a.6'......6......D&z...~.FU......G.......HY...Z}.HY...Z..HY...Z..J6......M.......Mb...[..PFE.....P.d.....R.|..]..R....L..V}......V.......V.....K.V.......Z]3...=.Z.z...V.\.d../7.\.....N.gc..._..g.D.....g.D.....v.......v.C.._:...$..8Z...........$..:...#M.......C..E6...g...O.......\..........H#.......A..........(..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-H0MG7.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):46377
                                                                                                                                                                                                        Entropy (8bit):5.790331245678028
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:uYcJVbBo0NV4ZURc6Uks0fEjJYkcEyPG4qKpOXAZljrqxKaw5O:uYcnFo0LRch1hAZljm
                                                                                                                                                                                                        MD5:73B734057DFE2B181D3924767B9EF8CF
                                                                                                                                                                                                        SHA1:30C6C0AF41354576D17E663CD88FE13F96A7A050
                                                                                                                                                                                                        SHA-256:BEA559B2E950A9C5A8AE20C7F48C728482AFC2722E12CFD5A03DB7F1EE826F03
                                                                                                                                                                                                        SHA-512:325EC3E1CE754532A00B030BB6FD59F5795E47BB42594FCF45E0270F1064CAE9EB9F1E858FE8E05F72BC934636C658067F6260FE75E260451B58F8267E625139
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B...i...@..Dk...A..D....B..D....C..E....D..En...E..F'...F..F....G..F....H..F....I..F............................/..1..../..4..../..T..../.......;.......;...3...;...j...;...5...;.......;..$/...;..-n...;..3....;..7....;..<Z...O...k...O..^!...O..a/...........t...y..D@..D...E.......F...H...G...rj..I...H...J....j..J...t...J...x"..Sg..#t..Uo..[...]...14..]...V..._....m.._...^..._...c.../!...........^...y.......y..s....y..ww......:............`..s.......[V......x........*......x....%..y....D..y....0..z&......#K...T..f...v............'......|#......|....5.........~'..8Y...A...........$...Y......kq......9R.#.M.....(....8..,....K..,.=..L..,.t..L..-.....N.4......6'......6...x..D&z.....FU....5.G....w..HY...G..HY...G..HY...G..J6......M.....t.Mb...H..PFE...W.P.d.....R.|..J..R....<-.V}...{..V.......V....u).V....{..Z]3.....Z.z.....\.d..&-.\.......gc...L..g.D..n#.g.D.....v.......v.C..LF...$..,........?...$......#M.......C..6D...g..._......o^......o...H#.......A..q..........

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-HVIKT.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):62066
                                                                                                                                                                                                        Entropy (8bit):4.934441152389104
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:u9Ku9eAukifacU2IPTUL7J4DAIiYp7cu1JBPnmm/ACbPSYcaQs3sKgt9xdjbzgBg:qeAea72IPwO3/ACbBnsKg/xdjbzL/
                                                                                                                                                                                                        MD5:2EE023974FB9B122C29C11DEE033323D
                                                                                                                                                                                                        SHA1:26E0B6A676481DE095DF72BC3744BB7F6FC1D16F
                                                                                                                                                                                                        SHA-256:BC137224351AAD3C7CC60F84CE0DBD6CBDE08DE53ABCF945ABDA559D32993B6C
                                                                                                                                                                                                        SHA-512:0B3C8D6EA8D00B33368AD674238E0F4ACF3CC376877B00183F7348F451BBA72E18D0A0993A71E372B59AC96B88C600C74C2C47BF66E8CB38D9C5827AFE8E9266
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..^....A..^-...B..^....C..^....D.._....E.._....F..`....G..`C...H..`m...I..`........................E.../..B..../..G..../..r..../...C...;.......;.......;.......;.......;.."....;../G...;..=....;..E:...;..K....;..R....O..!....O.......O...........N...t......D@..^W..E....*..F...a...G....<..I...bX..J....:..J....,..J....d..Sg...2..Uo..|...]...B...]...u..._...%Q.._......._......./!...L.......$...y.......y.......y..........P............`..........|........................F...%.......D.......0..........-....T......v...#r......>a.......a.......z...5..........3..8Y...7......(a...$..................N..#.M...*.(....M..,....e..,.=..e..,.t..fb.-.....B.4......6'......6......D&z.....FU......G.......HY...a-.HY...aZ.HY...a..J6......M.....2.Mb...b..PFE.....P.d...x.R.|..dN.R....R..V}......V.......V.....}.V.......Z]3...u.Z.z.....\.d..2-.\.......gc...f..g.D...-.g.D...#.v.....?.v.C..f....$..<B...........$..>...#M.......C..J8...g...S...............y..H#.......A...x.........

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-I1UKI.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):63475
                                                                                                                                                                                                        Entropy (8bit):4.795438163869372
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:627KbEtBgJLMOiUzl6UhO3I6OdypZU2DK8mRT2kWDYUYvLGzKmvqmA1:6aKoEhM6zlhZuCWDCvCm7
                                                                                                                                                                                                        MD5:B55602949992E50B136C129D9A1B04F9
                                                                                                                                                                                                        SHA1:4ECC62710A4DB1201A6E4EE5E707E20614B97B09
                                                                                                                                                                                                        SHA-256:67E06A77047821445DD3710810EC1EE912CFB084F0645256B3E04E9C4C5E7C38
                                                                                                                                                                                                        SHA-512:0644EE8E0BEA52DC2F014F7A29AC1FEEAF7998124B374A0E27A19B31A23B80D7C7C229F8B58A9C02AE8D28CD68DBB6F8EE659E80F6758F3CA39A9CF8212E138B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..`~...A..`....B..`....C..a'...D..a....E..b:...F..b....G..b....H..b....I..c................).......O.../..E:.../..In.../..tu.../...E...;.......;.......;.......;...+...;..#_...;..0....;..?....;..G....;..No...;..Ug...O..#+...O...(...O...:.......h...t...>..D@..`...E....d..F...d/..G....9..I...d...J....t..J....Q..J.......Sg../...Uo......]...Ep..]...x/.._...&..._......._......./!...T.......w...y.......y.......y..........Sw.......E...`...........m...............?...........%.......D...P...0........../s...T...q..v...$.......@....................5...$.........8Y..........)....$...v..............Q..#.M.....(....Ps.,....h..,.=..hU.,.t..h..-.....?.4......6'..../.6......D&z.....FU....W.G.....z.HY...c..HY...c..HY...d..J6......M.......Mb...d..PFE.....P.d...f.R.|..f..R....U2.V}....S.V.....n.V.......V.......Z]3.....Z.z.....\.d..3..\.......gc...ih.g.D...8.g.D.....v......v.C..h....$..>v...........$..A)..#M.......C..L....g...c..................H#...;...A...e.....!T..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-OPHF7.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):58685
                                                                                                                                                                                                        Entropy (8bit):4.890440342646496
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:AfyrMmj/laUq5ghoU0gDH03oAi47/3PdOIIq4Byjn5DUOl4VC+w+1WCu+eY4f8TU:A6rMmZBq5ghX0/7Iq4BKlPl4VC+wQut
                                                                                                                                                                                                        MD5:EEBC5A7846068D2EDFF17774EC12600F
                                                                                                                                                                                                        SHA1:B2E773E5D63E7FE78E7049081A04F8E34A8BA376
                                                                                                                                                                                                        SHA-256:C25C1C873222011B016CB2CCBFCC7FE98B40FB6612EC9A3F0BF5FE18CE856750
                                                                                                                                                                                                        SHA-512:F324ECE06FB57EADB257D137DF059BCAE11348FE6E63513D34DAA08F78525FF13B1D39B469462E1655E2697E9E2382F226FCC9172E51888BC5A06BD65D6E308C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..X....A..X....B..Y....C..Y;...D..Y....E..ZN...F..Z....G..Z....H..Z....I..[&...............%.......K.../..?..../..C..../..ky.../.......;.......;...[...;.......;.......;.. A...;..,....;..::...;..Al...;..G....;..N....O.. ....O..y*...O..}........T...t......D@..X...E....>..F...\C..G.......I...\...J....*..J.......J.......Sg..,...Uo..u...]...?J..]...n..._...#..._...y..._......./!..............y.......y.......y..........LQ...........`...\......uk.......H...............{...%.......D.......0..........+....T......v...!.......;........j.......c...5.............8Y..........&....$...<..............J..#.M.....(....Io.,....`..,.=..`O.,.t..`..-.......4......6'....3.6......D&z.....FU......G.....f.HY...[..HY...[..HY...\..J6......M.......Mb...]..PFE.....P.d...:.R.|..^..R....M..V}......V.......V.......V.......Z]3.....Z.z.....\.d../..\.....p.gc...aB.g.D...p.g.D.....v.......v.C..`....$..9............$..;...#M.......C..E....g......................H#...;...A...!......X..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-P292M.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):64309
                                                                                                                                                                                                        Entropy (8bit):4.7807943343150425
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:JE37pchgvuQUG6OckUzAsPPizZQ56V0HJDRcVkkPabbldvPfF/HR1Bi:WLqhgvEG6OcT+hPabbldvF/g
                                                                                                                                                                                                        MD5:478DD839BF5334C254390B3ADE43E994
                                                                                                                                                                                                        SHA1:D13AC2FD33FD5C1B9C059C63AFF05CF03457343B
                                                                                                                                                                                                        SHA-256:D32043438BA0B249EF5DDE1D411BD07F86E1C332B019E1920F9C0C8CAAE292D6
                                                                                                                                                                                                        SHA-512:DDE95A06706925825E36354D15318DDA0E579C38A84717E8EBB6F4B7BADBA16F87AD422BB485800AA96EE3E742537F1E41E9903F6A6F236C4093FF3B222A2600
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..aR...A..a|...B..a....C..a....D..bU...E..c....F..ch...G..c....H..c....I..c................+.......Q.../..E..../..J(.../..u..../.......;.......;.......;.......;.......;..#....;..0....;..@....;..Hb...;..O7...;..V....O.."....O...n...O...........p...t......D@..a...E.......F...e...G.......I...e...J.......J.......J.......Sg../...Uo......]...E...]...ys.._...&y.._......._....;../!...6..........y.......y...;...y..........T'...........`...................L..................%.......D...(...0..._....../Y...T...?..v...$~......@....................5.............8Y.........)....$..................Q..#.M.....(....Q1.,....h..,.=..i..,.t..i..-.......4.....6'......6......D&z...e.FU....'.G.....$.HY...d|.HY...d..HY...d..J6......M.......Mb...e..PFE.....P.d...B.R.|..g..R....U..V}..../.V.......V.....R.V.....k.Z]3.....Z.z.....\.d..3..\.......gc...j..g.D.....g.D.....v.....{.v.C..iM...$..>............$..Aq..#M......C..Mo...g...A.......a..........H#.......A.........!...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-RNUS6.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):62763
                                                                                                                                                                                                        Entropy (8bit):5.455115657023205
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:FNJnsaI8wma3Y/wG4mnDhkisaDpT42OuweoJ1H1LYJ:FfnsiDzoisH8
                                                                                                                                                                                                        MD5:1E7324A5A009133A83ECD4ECD2942F04
                                                                                                                                                                                                        SHA1:FD85F1E55CABBA7D3FEE7860529FB30CBB93677B
                                                                                                                                                                                                        SHA-256:6A01D8E8013BF6DA4A5DB0351C1307A3E18830B00BEE5B348BBC0F51E2209747
                                                                                                                                                                                                        SHA-512:3C105DB44A6FEBE5252EA35B8B4B9930B30BAC3275EFD0AA7A771EDFEE34235CCA31AD1AE16F0C3B2461E9C9A0D0D2FE26674C6D706E1E1DE1D42F45169E50D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B...w...@..^?...A..^i...B..^....C..^....D.._B...E.._....F..`U...G..`....H..`....I..`............................/..C .../..G=.../..rt.../......;.......;...a...;...D...;...y...;.."....;../....;..>*...;..E....;..L8...;..R....O.."i...O.......O...........,...t.....D@..^...E.......F...a...G.......I...b...J....P..J....:..J.......Sg......Uo..}...]...CX..]...v..._...%..._....B.._......./!...............y.......y.......y..........Q............`..........}J...........................%...B...D...u...0...............T...D..v...$.......?........1.......P...5.............8Y...c......)....$...-.......m......N..#.M.....(....N..,....e..,.=..fE.,.t..f..-.....0.4..../.6'......6....'.D&z.....FU......G.....s.HY...ai.HY...a..HY...a..J6......M.......Mb...b..PFE.....P.d....R.|..d..R....R..V}....x.V.....H.V.......V.......Z]3...E.Z.z...N.\.d..2..\.....F.gc...g..g.D...!.g.D.....v.......v.C..f....$..<............$..?...#M...+...C..Jb...g......................H#.......A...R..... ...

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\translations\is-RUE8C.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:Qt Translation file
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):57732
                                                                                                                                                                                                        Entropy (8bit):5.400917862390972
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:naa7Ug5gzL5em09/285D5d6wiNdYhReauMPRnwepe2E:nacUg5Uem09Z6VdYhReapnwepe2E
                                                                                                                                                                                                        MD5:8C955BA4ECAD9F82010D8F4ED5F58FBB
                                                                                                                                                                                                        SHA1:7BD48E206CE89E9EC2A25AD9355356A24B4985CD
                                                                                                                                                                                                        SHA-256:FE2BDC52B4F17DCE22975F97C5C038921557BC5CA2017C1A1C9C356684BBA107
                                                                                                                                                                                                        SHA-512:E659B5213829BC31298BB47F745F5C04ABE39AD27BBCE329A720DEF8546172833A74BBCF5993B39387E06119D113DDDAE2259A725F642965260B0926A497EF7A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<.d....!..`...B...(...B.......@..W....A..WD...B..W....C..W....D..X....E..X....F..Y0...G..YZ...H..Y....I..Y........................%.../..=..../..B..../..i..../...Y...;.......;.......;.......;.......;...)...;..+....;..8....;..@....;..F....;..L....O.......O..wj...O..{j.......0...t...F..D@..Wn..E....N..F...Z...G.......I...[[..J.......J.......J.......Sg..*...Uo..tL..]...=...]...mE.._..."_.._...w..._....m../!...L......./...y...x...y...7...y..........K............`...t......t........2.......A.......g...%.......D.......0..........*....T......v... .......9................C...5.............8Y..........%M...$...v.......$......H..#.M...|.(....HK.,....^..,.=.._..,.t.._..-.....).4......6'....[.6......D&z.....FU......G.....Z.HY...ZD.HY...Zq.HY...Z..J6......M.....y.Mb...[..PFE.....P.d.....R.|..]Q.R....L..V}......V.......V.......V.......Z]3.....Z.z.....\.d...m.\.......gc...`P.g.D...|.g.D...z.v...../.v.C..__...$..7............$..:...#M.......C..D....g...7..................H#.......A...)......2..

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\ucrtbase.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1168840
                                                                                                                                                                                                        Entropy (8bit):6.796126828525289
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:tCjjeiNFnAp+O+R2l2WDPc/9qHrX0cJ/gAp0ei5mcvIZPoy4aVvFjDp:4jyuRR2l2WD6I/bp0erVL
                                                                                                                                                                                                        MD5:2040CDCD779BBEBAD36D36035C675D99
                                                                                                                                                                                                        SHA1:918BC19F55E656F6D6B1E4713604483EB997EA15
                                                                                                                                                                                                        SHA-256:2AD9A105A9CAA24F41E7B1A6F303C07E6FAECEAF3AAF43EBD644D9D5746A4359
                                                                                                                                                                                                        SHA-512:83DC3C7E35F0F83E1224505D04CDBAEE12B7EA37A2C3367CB4FCCC4FFF3E5923CF8A79DD513C33A667D8231B1CC6CFB1E33F957D92E195892060A22F53C7532F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>2._\.._\.._\..'.._\.._].)_\..7..._\..7\.._\..7_.._\..7Y.._\..7R..]\..7X.._\..7..._\..7^.._\.Rich._\.................PE..L.....t...........!......................................................................@A................................p........0...................!...@..T...P...T...........................p...@...............l............................text...p........................... ..`.data...$...........................@....idata..............................@..@.rsrc........0......................@..@.reloc..T....@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\unins000.dat

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:InnoSetup Log Icecream PDF Editor 3 {015AF6C3-CE60-4307-88EF-3D59C8B515FE}, version 0x418, 22266 bytes, 701188\37\user\37, C:\Program Files (x86)\Icecream PDF Editor
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22266
                                                                                                                                                                                                        Entropy (8bit):3.5834863142117053
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:9lS+3bP4DSmi6xEDr8umnd1S7Cq/zfrNiFs8m9MH3:9ld3bPIpxtdBqNjD9MH3
                                                                                                                                                                                                        MD5:C71D70DC34A5892434921701AD923650
                                                                                                                                                                                                        SHA1:C6067E31DDDEF3D7E5DF5FA9DEB3FE9D421E5140
                                                                                                                                                                                                        SHA-256:8FDE866516C98AD7C477F48BF81B67930669BA9C4C7E9A2381BF63A30A9FF8C1
                                                                                                                                                                                                        SHA-512:9348BDCD26FB0281CBF01803D7A037660D68EEFB6378ADD86528E74D3BF2570DAF4196BD357101AD93A3D21D2FC7BFD82298C9A2BEA2BED2B49E97E572F202D3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Inno Setup Uninstall Log (b)....................................{015AF6C3-CE60-4307-88EF-3D59C8B515FE}..........................................................................................Icecream PDF Editor 3...............................................................................................................w....V..%................................................................................................................"Sh...........................7.0.1.1.8.8......t.o.r.r.e.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.c.e.c.r.e.a.m. .P.D.F. .E.d.i.t.o.r. .3................+...... .....d........IFPS....................................................................................................................................................................BOOLEAN..............TEXECWAIT.....X...........!MAIN....-1.Y...........DEINITIALIZEUNINSTALL....-1..SHELLEXEC.............a...........INITIALIZEUNINSTALLPROGRESSFORM....-1......................`....

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\unins000.exe (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1309248
                                                                                                                                                                                                        Entropy (8bit):6.527529456231143
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:8tdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5xax0vTx96e7C:kqTytRFk6ek1x3O
                                                                                                                                                                                                        MD5:4BE9718959029220FC534542CB891006
                                                                                                                                                                                                        SHA1:B205217CEAC2E6F583B250EBC55106001F59EB87
                                                                                                                                                                                                        SHA-256:DB8B0C53B3CF466F055325513273671773A138BCAE59B84E4C78DC7DEE393452
                                                                                                                                                                                                        SHA-512:B21A946BC700988773BE610787B4C4D26F994369742D0293AC74457CFEEE727D7B8F7B7101C8A36C62488B32A1E4D0F85349F8F16A74100D530BE8534FF5658B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................6.....@......@..............................@8...0...\..............@0................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc....\...0...^...l..............@..@....................................@..@........................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\unins000.msg

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22709
                                                                                                                                                                                                        Entropy (8bit):3.2704486925356004
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:Q41EjXgkg3Sqf8sfr69FT0AKanzLYfMa1tzvL7Vzo+Fc51USQDztXfbKJUfvo:Q41Elvqf9r6fKVfMmRo+y1USQDztP3o
                                                                                                                                                                                                        MD5:79173DA528082489A43F39CF200A7647
                                                                                                                                                                                                        SHA1:AA253B477CE2BF9D886D07694CD5DDB7C7FE9EEC
                                                                                                                                                                                                        SHA-256:4F36E6BE09CD12E825C2A12AB33544744E7256C9094D7149258EA926705E8FFD
                                                                                                                                                                                                        SHA-512:C46EB9DD3D03A993FDC4F65AE2751ECFDCB1FB6E1FB69A119105FD40290CE5EC4427B04F813EED47415390689943D05B5432D4571B1ACA0CE37EE52391790D18
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Inno Setup Messages (5.5.3) (u).....................................hX..........&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s... .A.f.

                                                                                                                                                                                                        C:\Program Files (x86)\Icecream PDF Editor 3\vcruntime140.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):76152
                                                                                                                                                                                                        Entropy (8bit):6.779355547596994
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:igTqURG2vo0RwvI7sjBH+cOKXc36r23vEecbiOkNAPy:idURhvZ6vIQVrPysecbiOkKy
                                                                                                                                                                                                        MD5:9E532403774906F0D1E3179D8840674D
                                                                                                                                                                                                        SHA1:DAC4A653D468F873D5F5533E0C91C93FE5BE1E5B
                                                                                                                                                                                                        SHA-256:E30380FB3301B114F4DD4D09A83C8F2B1C0D6885412065F0D163B0FB342D86C0
                                                                                                                                                                                                        SHA-512:9DED622AD9101EBBD7C4447B11FB1AAFA4DDA47BEE76585A6090B2D756D721AD59CF8B6B3D1B40945FDFA27C9C409283BAA5A0D435B1F351AE4BE9675B577706
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ix..-...-...-....|./...$a..&...-.......h..>...h..8...h..1...h..,...hl.,...h..,...Rich-...................PE..L....m_.........."!.........................................................@............@A......................................... ..................x#...0..x....#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc..x....0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream PDF Editor 3.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 24 11:43:10 2024, mtime=Thu Oct 24 11:43:14 2024, atime=Fri Sep 20 15:00:22 2024, length=4369472, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1203
                                                                                                                                                                                                        Entropy (8bit):4.592040907967989
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:8mtLSc2jOEm2dOERDJCGlKZK/Ke+Ay5MdalKZ3DdalKZIUU1lpzqygm:8mtec2Vm2dOrBZK//gMd9Zzd9ZdOlwyg
                                                                                                                                                                                                        MD5:EE1B9925D820C88A50E791342E31AB39
                                                                                                                                                                                                        SHA1:F3B44A0E1E98CC42AA88EA8BA8EDC258FD57F80D
                                                                                                                                                                                                        SHA-256:E1E71E7FF2ACF10B96333D42B5439EED99A47BC223A2CA7CB6B86D3BBB8BB6F6
                                                                                                                                                                                                        SHA-512:4584A664FC4832F6DAC32C2594C4EC8376602055584F1A9C7298CEC08D1111F975A49F11C0F3C54E634947F9FD4EE3026A32B6D4A2A11C5C22E3CD1C59EC58DF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.... ...1~5H.&..N..J.&...o.2v...@.B..........................P.O. .:i.....+00.../C:\.....................1.....XYee..PROGRA~2.........O.IXYee....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....t.1.....XYie..ICECRE~1..\......XYeeXYie..............................I.c.e.c.r.e.a.m. .P.D.F. .E.d.i.t.o.r. .3.....n.2.@.B.4Y.. .ICEPDF~1.EXE..R......XYfeXYhe....".........................i.c.e.p.d.f.e.d.i.t.o.r...e.x.e.......l...............-.......k..............X.....C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe..I.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.c.e.c.r.e.a.m. .P.D.F. .E.d.i.t.o.r. .3.\.i.c.e.p.d.f.e.d.i.t.o.r...e.x.e.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.c.e.c.r.e.a.m. .P.D.F. .E.d.i.t.o.r. .3.........*................@Z|...K.J.........`.......X.......701188...........hT..CrF.f4... ..Hy...../....%..hT..CrF.f4... ..Hy...../....%............

                                                                                                                                                                                                        C:\ProgramData\sx.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6600
                                                                                                                                                                                                        Entropy (8bit):3.621973653318646
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:tLbZLhOYGg2zJvAhvWhBOWGe5Dq9JgDKf+oW6fPfnO9GOOwEywEytttHIHIHIttr:Xv243yq66W7K2
                                                                                                                                                                                                        MD5:3CCC9FC04A74C0868A98F44612307926
                                                                                                                                                                                                        SHA1:9FA35D4699B96C3958839779FCD0935344A8551E
                                                                                                                                                                                                        SHA-256:0EEA09E738664043D8363CD33AB33B3761E232D7DC6A019CA7BD431E97032183
                                                                                                                                                                                                        SHA-512:0A7988966EFDAAE716499E60B2087A36228C25CEA525D664B956808CACB40C9F1A14CE8AC2FE924457030254BE9067F37477D711E5DEF57D5F1E9A7829AB61DB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..S.X.:. .P.D.F. .X.p.a.n.s.i.o.n.,. .V.e.r.s.i.o.n. .1.2...0...3...3.;. .t.i.m.e. .2.4...1.0...2.0.2.4. .1.6.:.4.3.;. .l.e.v.e.l. .3. ...S.X.:. .A.u.t.h.o.r.i.z.e.:. .C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.I.c.e.c.r.e.a.m.\.I.c.e.c.r.e.a.m. .P.D.F. .E.d.i.t.o.r.\.s.x...d.a.t...S.X.:. .L.i.c.e.n.s.e. .i.s. .v.a.l.i.d...S.X.:. .S.y.s.t.e.m.F.o.n.t.S.u.b.s.t.:. .B.a.h.n.s.c.h.r.i.f.t.-.L.i.g.h.t.-.S.e.m.i.C.o.n.d.e.n.s.e.d. .#. .B.a.h.n.s.c.h.r.i.f.t...S.X.:. .S.y.s.t.e.m.F.o.n.t.S.u.b.s.t.:. .B.a.h.n.s.c.h.r.i.f.t.-.S.e.m.i.L.i.g.h.t. .#. .B.a.h.n.s.c.h.r.i.f.t...S.X.:. .S.y.s.t.e.m.F.o.n.t.S.u.b.s.t.:. .B.a.h.n.s.c.h.r.i.f.t.-.S.e.m.i.L.i.g.h.t.-.C.o.n.d.e.n.s.e.d. .#. .B.a.h.n.s.c.h.r.i.f.t...S.X.:. .S.y.s.t.e.m.F.o.n.t.S.u.b.s.t.:. .B.a.h.n.s.c.h.r.i.f.t.-.S.e.m.i.L.i.g.h.t.-.S.e.m.i.C.o.n.d.e.n.s.e.d. .#. .B.a.h.n.s.c.h.r.i.f.t...S.X.:. .S.y.s.t.e.m.F.o.n.t.S.u.b.s.t.:. .B.a.h.n.s.c.h.r.i.f.t.-.S.e.m.i.C.o.n.d.e.n.s.e.d. .#. .B.a.h.n.s.c.h.r.i.f.t...S.X.:. .S.y.

                                                                                                                                                                                                        C:\Users\Public\Desktop\Icecream PDF Editor 3.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 24 11:43:10 2024, mtime=Thu Oct 24 11:43:16 2024, atime=Fri Sep 20 15:00:22 2024, length=4369472, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1191
                                                                                                                                                                                                        Entropy (8bit):4.594059227023414
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:8mt+c2jOEm2dOERDJiGlKZK/Ke+Ay5zR0dalKZ3DdalKZIUU1lpzqygm:8mt+c2Vm2dOrBZK//gzR0d9Zzd9ZdOlW
                                                                                                                                                                                                        MD5:2840E227AFB8D497187AF886D512B294
                                                                                                                                                                                                        SHA1:7C6FF2064F1DD97B930C40F443D515B25F886B71
                                                                                                                                                                                                        SHA-256:3DFDA500EE3918227CD40EF3DB040898C896EE6F4DB2CAC625F87F780F320751
                                                                                                                                                                                                        SHA-512:44E053FC8B225C1AE861F67464146C69E0FF5F53BDE74225DEAF4F9EDC7037EDFD12FCED5BC863E8D08A93CC2EC2F85D4ACAD50DCB1368883C10C8DF2E848ABE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.... ...1~5H.&.....L.&...o.2v...@.B..........................P.O. .:i.....+00.../C:\.....................1.....XYee..PROGRA~2.........O.IXYee....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....t.1.....XYie..ICECRE~1..\......XYeeXYie..............................I.c.e.c.r.e.a.m. .P.D.F. .E.d.i.t.o.r. .3.....n.2.@.B.4Y.. .ICEPDF~1.EXE..R......XYfeXYhe....".........................i.c.e.p.d.f.e.d.i.t.o.r...e.x.e.......l...............-.......k..............X.....C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe..C.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.c.e.c.r.e.a.m. .P.D.F. .E.d.i.t.o.r. .3.\.i.c.e.p.d.f.e.d.i.t.o.r...e.x.e.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.I.c.e.c.r.e.a.m. .P.D.F. .E.d.i.t.o.r. .3.........*................@Z|...K.J.........`.......X.......701188...........hT..CrF.f4... ..Hy...../....%..hT..CrF.f4... ..Hy...../....%.............1SPS.XF.L8

                                                                                                                                                                                                        C:\Users\user\.Icecream PDF Editor\log\icepdfeditor_2024-10-24_08_43_25.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10546
                                                                                                                                                                                                        Entropy (8bit):5.202725688746233
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:QWZER6g0gdisYgw5xxmIx/aXmRX/TeTX7sw3w2wTw7wvw1qwrwSsAMmbL:1Pg0gdi/gw56QZRTeTX7XUOL
                                                                                                                                                                                                        MD5:6F638EC40C2BDE5383FA81CC2E604FE4
                                                                                                                                                                                                        SHA1:C639309E284B50E6324569623FE5CB6C3A561302
                                                                                                                                                                                                        SHA-256:CADAB3A9B5AA3D88D5F65A03665BE1BC2E73F73831633CB799E8AB498BCBE1EB
                                                                                                                                                                                                        SHA-512:FE659FC9F0D3B9B805B0932A9B3B0EE00B78B9B26CFCE36BC74961A835C899C1158278E2DFFB9D8314061C26962721E9F083676578C9F37D1167016411F737EC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:....------------------------------------------------------------..Application started..08:43:25.618: (I) 2804: Timestamp: QDateTime(2024-10-24 08:43:25.618 Eastern Summer Time Qt::LocalTime)..08:43:25.618: (I) 2804: OS version: "Windows 10 Version 2009"..08:43:25.618: (I) 2804: Kernel version: "10.0.19045"..08:43:25.618: (I) 2804: CPU architecture: "x86_64"..08:43:25.618: (I) 2804: Build ABI: "i386-little_endian-ilp32"..08:43:25.618: (I) 2804: Executable: "C:/Program Files (x86)/Icecream PDF Editor 3/icepdfeditor.exe"..08:43:25.618: (I) 2804: BuildVersion: "3.2.7"..08:43:25.618: (I) 2804: DisplayVersion: "3.27"..08:43:25.618: (I) 2804: PID: 1388..08:43:25.618: (I) 2804: Main thread id: 2804..08:43:25.618: (I) 2804: Qt::AA_EnableHighDpiScaling: true..08:43:25.618: (I) 2804: Qt::AA_DisableHighDpiScaling: false..08:43:25.618: (I) 2804: Qt Screen 0: primary, winScale: 100%, pixelRatio: 1, logDpi: 96, phyDpi: 95.941, log/phy: 100%, geometry: {x:0, y:0, w: 1280, h: 1024}, availa

                                                                                                                                                                                                        C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\Taskmgr.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):65552
                                                                                                                                                                                                        Entropy (8bit):0.012543881408137456
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:mnlllGlll/l/lXp9ZjrPBY06llSl/gX/ZP:mll0dPBY0O0uXJ
                                                                                                                                                                                                        MD5:D2FB266B97CAFF2086BF0FA74EDDB6B2
                                                                                                                                                                                                        SHA1:2F0061CE9C51B5B4FBAB76B37FC6A540BE7F805D
                                                                                                                                                                                                        SHA-256:B09F68B61D9FF5A7C7C8B10EEE9447D4813EE0E866346E629E788CD4ADECB66A
                                                                                                                                                                                                        SHA-512:C3BA95A538C1D266BEB83334AF755C34CE642A4178AB0F2E5F7822FD6821D3B68862A8B58F167A9294E6D913B08C1054A69B5D7AEC2EFDB3CF9796ED84DE21A8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.6.G........................................f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\Taskmgr.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                                        Entropy (8bit):1.5
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:R:R
                                                                                                                                                                                                        MD5:F49655F856ACB8884CC0ACE29216F511
                                                                                                                                                                                                        SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
                                                                                                                                                                                                        SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
                                                                                                                                                                                                        SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:EERF

                                                                                                                                                                                                        C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\Taskmgr.exe
                                                                                                                                                                                                        File Type:Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                        Entropy (8bit):0.020771427571626165
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:9llHlJd2DJqojBdl+Sli5lWyyHk15lxEBldttXllaia9sVQMm6En:i9q0Bn+SkSJkJ+Tdtz2Hrn
                                                                                                                                                                                                        MD5:FAAF81E039656B877722B8771EA6D053
                                                                                                                                                                                                        SHA1:E8C6B9F47130847654DF1AFBE62406E8779B7C56
                                                                                                                                                                                                        SHA-256:30839B97B27F7EC2AD9DEBF5590B0B5CAC4DB2FE5BB86AAD58D623B942D639FC
                                                                                                                                                                                                        SHA-512:F03AE7F7A4AF30FB0131E61003B0068FB9715C0F8989CBF2CE7A64710DB884A89FF9415DB5D57B1D8DD0421F6132F6B5EFEBEE3D1C07CC995018EE540000BFB5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................@...(....x:no.&A.e.u~+..C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.t.a.s.k.m.g.r...e.x.e...............................(...p.DJ!.IL.....Zm.F............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\icepdfeditor.ini (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):35
                                                                                                                                                                                                        Entropy (8bit):4.157854445516395
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1E693:1b3
                                                                                                                                                                                                        MD5:EEC3E8443575BB63FF3653D20EA80EBB
                                                                                                                                                                                                        SHA1:8BA84FAC453EBBC7D78A120312951549EFBF5D05
                                                                                                                                                                                                        SHA-256:766EDF78A19D2BFD593DB32BFD78FD8206E4D0B4EAA7D2A7B4AD9C0A3520CAEC
                                                                                                                                                                                                        SHA-512:E02144B6CA07CC7A81251459313E2AF4EAE178B2237B9524E9A8B6A7C352BF7CA4069C194DE1F2A40027D9B275D88A648BE2CB1D231CC8EA0CE114BAB747021A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[General]..lastStyleId=LightStyle..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\icepdfeditor.ini.UPnNFn

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):293
                                                                                                                                                                                                        Entropy (8bit):4.1250646830232585
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1E69a2u5cit1u3KEXpVLIz5L5n5L5n5L5n5L5n5L5C/jMXWGMfERugHyMVA6Yjyn:1bq5BtM3K+pC+MdtuBMPY2
                                                                                                                                                                                                        MD5:D17655D1806AF09043678AD288625617
                                                                                                                                                                                                        SHA1:C807E9D6D4A960580E97B48C3E3612EA8451B756
                                                                                                                                                                                                        SHA-256:BEC961946A4851770B747A89023F61ED030A40D78F5836A1C5F64CDA3B6F4DBC
                                                                                                                                                                                                        SHA-512:D17ED0DCD9F92F4923ADC365DE9EF1C1B35585EE4CCD88F17E1044F792FE56D0DF644A1929B1B49779A3BE55C5E2F7D31DB397B7A7BA05B2AA2F3024836BFBDD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[General]..lastStyleId=LightStyle..recentColorsList=@Variant(\0\0\0\x7f\0\0\0\xeQList<QColor>\0\0\0\0\x5\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0)..showFirstStartWizard=false..introOverlayWasShowed=true..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\icepdfeditor.ini.ZgiDDO

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):237
                                                                                                                                                                                                        Entropy (8bit):3.6522154446582236
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1E69a2u5cit1u3KEXpVLIz5L5n5L5n5L5n5L5n5L5r:1bq5BtM3K+pCL
                                                                                                                                                                                                        MD5:E6BA6B00EE5A9A085AA6CC9EF47D62B7
                                                                                                                                                                                                        SHA1:78192A187C17DB507B3846BC0513444D35489730
                                                                                                                                                                                                        SHA-256:66C6CE04BBCFB9C0CB29C3A4BBC76C1E0FD02A2A946A6A20B2A67EB2F3821529
                                                                                                                                                                                                        SHA-512:59FAAEF539DB2021EEDCF9CC068011E44EAA8960E4BE903797A20C9846D92A12F4992B70BF235C3980BF028ECD0C1DCA68CD8F77DD3A4462B5DC98E131E395A1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[General]..lastStyleId=LightStyle..recentColorsList=@Variant(\0\0\0\x7f\0\0\0\xeQList<QColor>\0\0\0\0\x5\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0)..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\icepdfeditor.ini.bmPEtA

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1086
                                                                                                                                                                                                        Entropy (8bit):4.8037053509561485
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:125BO3OumHFSrKlxqO1MRjrGOf8Tw6M/9M/9FET8PXIdkPX15:1OczmlnCoMRjJt6420wgdkN5
                                                                                                                                                                                                        MD5:DFAF959ECD979F6E3C6A7018B44EDB75
                                                                                                                                                                                                        SHA1:0E7C2E6545E9B0DF6A73EAA33DD405F0716B68D7
                                                                                                                                                                                                        SHA-256:D55F91785462A3A465BA9C7AEA20BBD59F1B7676E47AF3A87F9626E9B7E09638
                                                                                                                                                                                                        SHA-512:F34D9EA3656365625055589FCF6D4B9E6669D69D110CC56848DA71E7F1BB00B0D5E7EB909D2565AEA048AF8C25F70390B1AC7189F71F5DB7B401DD5CF4BEDC9A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[General]..lastStyleId=LightStyle..recentColorsList=@Variant(\0\0\0\x7f\0\0\0\xeQList<QColor>\0\0\0\0\x5\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0)..showFirstStartWizard=false..introOverlayWasShowed=true..MainWindow2_Geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\xff\xff\xff\xf8\xff\xff\xff\xf8\0\0\x5\a\0\0\x3\xdf\0\0\0\n\0\0\0\n\0\0\x4\xf5\0\0\x3\xcd\0\0\0\0\x2\0\0\0\x5\0\xff\xff\xff\xf8\xff\xff\xff\xf8\0\0\x5\a\0\0\x3\xe0)..lastScreen=0..localeName=en..updateCheckerEnabled=true..registerAsDefaultApp=false..defViewerZoom=@Variant(\0\0\0\x7f\0\0\0\x12\x45nums::ViewerZoom\0\0\0\0\x64)..defAnnotsVisibility=true..defViewerLayoutMode=@Variant(\0\0\0\x7f\0\0\0\x18\x45nums::ViewerLayoutMode\0\0\0\0\0)..autoSave=false..autoSaveInterval=@Variant(\0\0\0\x7f\0\0\0\x18\x45nums::AutoSaveInterval\0\0\0\0\x4)..contextMenuIntegration=true..LeftSideBar_ExpandedWidth=240..LeftSideBar_IsExpanded=true..lastStampIsCustom

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\icepdfeditor.ini.kOCwzf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):530
                                                                                                                                                                                                        Entropy (8bit):4.1055090738539155
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:1bq5BtM3K+pC+MdtuBMPYcF/dgrDWlNx5WXbJ:125BO3OumHFSrKlxqt
                                                                                                                                                                                                        MD5:6DD8B238669F3C61C078191A375EA8D0
                                                                                                                                                                                                        SHA1:90327D0DCCB27C26170850AED31423FDC769D9DD
                                                                                                                                                                                                        SHA-256:41D97AF000ECD7BA10691AFA99FE11AB89B5362F8BB44FBD380D5DDFD66FE678
                                                                                                                                                                                                        SHA-512:2F6D29B78202953951E0FADE356B7AA1C53D08DCD1EC55CD853CB125543E5FDF2B99C5B189E006B6B5E23177663B79A9349A1E05375A8A9AE8A648C56A25655A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[General]..lastStyleId=LightStyle..recentColorsList=@Variant(\0\0\0\x7f\0\0\0\xeQList<QColor>\0\0\0\0\x5\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0\0\xff\xff\0\0\0\0\0\0\0\0)..showFirstStartWizard=false..introOverlayWasShowed=true..MainWindow2_Geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\xff\xff\xff\xf8\xff\xff\xff\xf8\0\0\x5\a\0\0\x3\xdf\0\0\0\n\0\0\0\n\0\0\x4\xf5\0\0\x3\xcd\0\0\0\0\x2\0\0\0\x5\0\xff\xff\xff\xf8\xff\xff\xff\xf8\0\0\x5\a\0\0\x3\xe0)..lastScreen=0..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\icepdfeditor.ini.lock

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                        Entropy (8bit):4.641312923386823
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Pn05Iwgv1D16EzUFyjT:/05Q36EzUwT
                                                                                                                                                                                                        MD5:FAB2541407EAD3661BA1C1A8259BD2AC
                                                                                                                                                                                                        SHA1:AE6331E1E39EEB6287F341036EE9374F998C4604
                                                                                                                                                                                                        SHA-256:845319CEC96E1352B460E5BEF5E9249919B85ADA7A851E0F18FE57A849BA46C4
                                                                                                                                                                                                        SHA-512:8080EFD4D9B104719125E47E9163F42F8742ECDEE0062F87A1EBB017602E3E0CD2A94100686BEDC796D1A423395F0BEF764B7F86618C14A77F334339871DBF6B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:1388.icepdfeditor.user-PC.9e146be9-c76a-4720-bcdb-53011b87bd06..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\icepdfeditor.ini.xXFpqp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):35
                                                                                                                                                                                                        Entropy (8bit):4.157854445516395
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1E693:1b3
                                                                                                                                                                                                        MD5:EEC3E8443575BB63FF3653D20EA80EBB
                                                                                                                                                                                                        SHA1:8BA84FAC453EBBC7D78A120312951549EFBF5D05
                                                                                                                                                                                                        SHA-256:766EDF78A19D2BFD593DB32BFD78FD8206E4D0B4EAA7D2A7B4AD9C0A3520CAEC
                                                                                                                                                                                                        SHA-512:E02144B6CA07CC7A81251459313E2AF4EAE178B2237B9524E9A8B6A7C352BF7CA4069C194DE1F2A40027D9B275D88A648BE2CB1D231CC8EA0CE114BAB747021A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[General]..lastStyleId=LightStyle..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\stamps.dat

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):455
                                                                                                                                                                                                        Entropy (8bit):3.9334826107608865
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:V19ZpfpOZFcoqrBLXlo8crx2KnLcEfKGpOZFCk8lDfpOZFeI7L4MlCanL0SOlVMn:V1N1rFlozxJbKGk8l1Ql1RKVxS2lYlo8
                                                                                                                                                                                                        MD5:2619B948FCFE8B3987EED82214B9BED0
                                                                                                                                                                                                        SHA1:255DCA98DA875A8EA81DECE5C874366D2368B792
                                                                                                                                                                                                        SHA-256:4A065C121B1B30E472133524DAF819C1E66E04B985D7FB7ACDC8E4BAC8DF3303
                                                                                                                                                                                                        SHA-512:B8CA30980B09AA961CB906329145B25BC647B090F28E50725E11D3DD7AA2A2053316BAFC2CCD3DA545450C492557885E306CA22171070CBC62CF8CD074BE51D7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.............A.c.c.e.p.t.e.d..................TT..............D.i.s.c.l.a.i.m................PPPP..............W.i.t.h.d.r.a.w..............vvppcc..............F.i.n.i.s.h.e.d..................TT..............C.o.m.p.l.e.t.e.d..................TT..............P.r.i.v.a.t.e..............vvppcc..............C.o.m.m.o.n..............vvppcc..............F.o.r. .C.o.m.m.e.n.t.s..............vvppcc..............F.o.r.b.i.d.d.e.n................PPPP........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Icecream\Icecream PDF Editor\sx.dat

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1159
                                                                                                                                                                                                        Entropy (8bit):6.941272443014853
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:76FVtJm+W/1JgQB2uY0XslaoN9T3FBpKEODIJVtJm+W/3WywiUc9KkW/6oxm91gG:uwcfRAupp/cEOUMEFOSCK222dpz
                                                                                                                                                                                                        MD5:074EABB93E8B92BCC5FAC5F385EFF279
                                                                                                                                                                                                        SHA1:4957D97D79BD34A1988E6B24D3C885A43FD779C0
                                                                                                                                                                                                        SHA-256:299C96CD2F4A33D04277602F7435D85E04EECD6CD23CC015D128D6E798A255A5
                                                                                                                                                                                                        SHA-512:78AAF58C2EABF288E54B9BF3E8D7B88DB2C24E7630178812D7066788A4AF83D9D1EBF400FB35332E8BBB5CD77B0558DA99AC79488AA2D382E77E87B517414C52
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0.....*.H.........t0..p...1.0...*.H........0#..*.H............Q../.....paPf.+....'0..#0..........E.0...+......0o1.0...U....DE1$0"..*.H........pdf@soft-xpansion.com1#0!..U....soft Xpansion GmbH & Co.KG1.0...U....PDF Xpansion0...170921082625Z..250730000000Z0%1.0...U....CY1.0...U....Icecream Apps0..0...*.H............0........!.YY1...k.&W....._..t.&<.gU'..h..PY.o..+q)'.W..w.....Z.. Z..J..G.....)I..@..k.....%...........uh..+..vy.Hg.$...i....... 0.0...U...........0...U.......0.0...+..........t.j...B...+..~{...Y.K......D.P.....@P.M..`.0q........qju..j<.U.#....M..[.>....ED..lg.L.#....6....^.!w.q..1.]G's....Q...^1...0......0u0o1.0...U....DE1$0"..*.H........pdf@soft-xpansion.com1#0!..U....soft Xpansion GmbH & Co.KG1.0...U....PDF Xpansion..E.0...*.H........0...*.H...............p.....~l.....Uz#..G{ ..XA<.(w.~Tq....,c.1..s.w..#.k.e.G.>...hI5..j.+......2,!/6O..n.......RL.......E.......s...=.......0....+.....7...1..........Product....PDF Xpansion SDK 12....AppPerm....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1309248
                                                                                                                                                                                                        Entropy (8bit):6.527529456231143
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:8tdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5xax0vTx96e7C:kqTytRFk6ek1x3O
                                                                                                                                                                                                        MD5:4BE9718959029220FC534542CB891006
                                                                                                                                                                                                        SHA1:B205217CEAC2E6F583B250EBC55106001F59EB87
                                                                                                                                                                                                        SHA-256:DB8B0C53B3CF466F055325513273671773A138BCAE59B84E4C78DC7DEE393452
                                                                                                                                                                                                        SHA-512:B21A946BC700988773BE610787B4C4D26F994369742D0293AC74457CFEEE727D7B8F7B7101C8A36C62488B32A1E4D0F85349F8F16A74100D530BE8534FF5658B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................6.....@......@..............................@8...0...\..............@0................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc....\...0...^...l..............@..@....................................@..@........................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-7P1O9.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1309248
                                                                                                                                                                                                        Entropy (8bit):6.527529456231143
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:8tdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5xax0vTx96e7C:kqTytRFk6ek1x3O
                                                                                                                                                                                                        MD5:4BE9718959029220FC534542CB891006
                                                                                                                                                                                                        SHA1:B205217CEAC2E6F583B250EBC55106001F59EB87
                                                                                                                                                                                                        SHA-256:DB8B0C53B3CF466F055325513273671773A138BCAE59B84E4C78DC7DEE393452
                                                                                                                                                                                                        SHA-512:B21A946BC700988773BE610787B4C4D26F994369742D0293AC74457CFEEE727D7B8F7B7101C8A36C62488B32A1E4D0F85349F8F16A74100D530BE8534FF5658B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................6.....@......@..............................@8...0...\..............@0................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc....\...0...^...l..............@..@....................................@..@........................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:43:20 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2677
                                                                                                                                                                                                        Entropy (8bit):3.976955080439591
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:8NGdITN7K9HmidAKZdA1JehwiZUklqehKlxy+3:8NpY2rxy
                                                                                                                                                                                                        MD5:269F46D150477C9E02BF2F3A0B59525C
                                                                                                                                                                                                        SHA1:F39C9AE54BE9E742C7B78EEE27AA1634E05F3648
                                                                                                                                                                                                        SHA-256:257BA6F2A29DCD4E7F67C2AEF7BE17C9E14F54F014870EA27FFAA8D7C2AC1229
                                                                                                                                                                                                        SHA-512:8253F6B0427BAC90064F3437FF3D4D6B75679454F608859095A5366FBE8AED13E4833C5AAA9FA22B60FE6EEEDAE6FF46E1D918184BADF4A5CC3D9EB1E6D004F2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,.....N3N.&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXYDe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXYie....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXYie....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXYie...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXYje...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:43:19 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2679
                                                                                                                                                                                                        Entropy (8bit):3.9928311070305686
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:8CQGdITN7K9HmidAKZdA10eh/iZUkAQkqehZlxy+2:8FpYk9Q4xy
                                                                                                                                                                                                        MD5:2494717B253485762B4791128FB51AF8
                                                                                                                                                                                                        SHA1:060B6577DC0EA203FEFE93C1CD7A2734D3046BD8
                                                                                                                                                                                                        SHA-256:95A3C0E4F6CCC2FEB507BCCC2E78F9363CFD04066F18624D598EA0EF8507CF4C
                                                                                                                                                                                                        SHA-512:4D266EF447059EFBEB3B83077559BB3F60AD316C9D10450C28D7D417E5F1227C36D62CB02C688278F9D53DA149C2A6948B80FB675D150FA7680416670EAB3E96
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,......%N.&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXYDe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXYie....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXYie....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXYie...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXYje...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2693
                                                                                                                                                                                                        Entropy (8bit):4.004139255062714
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:8eGdITN7KjHmidAKZdA14tIeh7sFiZUkmgqeh7sPlxy+BX:8epYenfxy
                                                                                                                                                                                                        MD5:8431F61518B9778540CAC205FABD9ADE
                                                                                                                                                                                                        SHA1:955814B6EFCD96C261C2D2C764DDF7ECF8A740D1
                                                                                                                                                                                                        SHA-256:157723616776A0966AB59A658DF28128B79A71496A89BC1208CBCA0D187ED492
                                                                                                                                                                                                        SHA-512:9F8F8E1E0B38467571AEBAEBD64993F87BF3B740A25794BC8C3331C9CFA72158C88987105F47ED51AE313B68025D0662A332CFDE4C48345C4C17B41EB8986585
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXYDe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXYie....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXYie....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXYie...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:43:19 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2681
                                                                                                                                                                                                        Entropy (8bit):3.9904929667023654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:8LgGdITN7K9HmidAKZdA1behDiZUkwqehNlxy+R:8LgpY/Vxy
                                                                                                                                                                                                        MD5:481FD5ACDF3A5FF293D5C31E790F837F
                                                                                                                                                                                                        SHA1:FEEAFB95AEC5B464D6034AA117D75DA7178D8079
                                                                                                                                                                                                        SHA-256:CF3C475D8FF632EACA6982A3F539146A0A35A792FF2D68ECBBB623FBC4C33031
                                                                                                                                                                                                        SHA-512:1768F0DD4916C15F2A7122AD8DD954DA8F195C5876C0A92C8E09F3E27CDEF36781A1ED2C12D912777E0E9ACD22AC80070D02ACBA386B80CB8B35C947AFD426D8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,.......N.&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXYDe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXYie....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXYie....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXYie...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXYje...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:43:20 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2681
                                                                                                                                                                                                        Entropy (8bit):3.9800524322919495
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:8YGdITN7K9HmidAKZdA1VehBiZUk1W1qehblxy+C:8YpY/9hxy
                                                                                                                                                                                                        MD5:B44E3EFA7C449876452909D2BC173118
                                                                                                                                                                                                        SHA1:9DCB4EA6CBDB719E3D4AFA26B1F04D3747769B94
                                                                                                                                                                                                        SHA-256:4CF07E9DE230EE7C1D268404213C664B9961DC5095D05CE91233DE2ECAA16170
                                                                                                                                                                                                        SHA-512:CBFFE2FD64C3B5A2DD85F5A632D100ABBC63487E7EB0C0D32E2D745DE72A4AAB783E8EF6C77C9DFBC658E2E06B905F0B3F3E7394EB42FCB0297C332575F0506A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,......,N.&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXYDe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXYie....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXYie....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXYie...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXYje...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:43:19 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2683
                                                                                                                                                                                                        Entropy (8bit):3.9904249603608024
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:87GdITN7K9HmidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbFlxy+yT+:87pYLTTTbxWOvTbfxy7T
                                                                                                                                                                                                        MD5:B103F6D1A80FCA187243CC7962D84911
                                                                                                                                                                                                        SHA1:81733C531480DEFFC3A62997948035FA91BEFF53
                                                                                                                                                                                                        SHA-256:39C0AF32BCBB904AABEAD6CE8D4D63BEDFC1735510B7616025E3C7C2B2AAFF55
                                                                                                                                                                                                        SHA-512:1D6FCD5312BE593CD199A2B4CCAF687AD4C18102DB5C542454435DBB1E908A8676FFF8E1960BA213F1D033D7D02B99721BB70C70BE48957C51C00C0E49A0BD74
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.@.. ...$+.,....,..N.&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXYDe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXYie....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXYie....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXYie...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXYje...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                        Chrome Cache Entry: 232

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):7794
                                                                                                                                                                                                        Entropy (8bit):4.785429012853915
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:eMBI+3le7Pz+C06idOvNo3g3vFQC4B518sAMRIT:pI+1eLz+CPidOvNkgdQC4B8sLA
                                                                                                                                                                                                        MD5:E63D9701535314261DB7629E4294EABF
                                                                                                                                                                                                        SHA1:FCB5865A0E6A178E43EDFE2AD3310A6EB0BEBFB7
                                                                                                                                                                                                        SHA-256:5DB4C4C26FEC5E9FD5A573A3E38A53CAC9CD1BDF02A4FE6C347B9889FEBD2825
                                                                                                                                                                                                        SHA-512:F07AF58572D1ACB417A8B6E415344C95848B363F9FB5E1D7757C629DB7632C293367609CB73A7FCF6A75E752EBEA6F28687BBE0E91D5C1A3E6C59728EF9F6CC3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.icecreamapps.com/www/images/content/icecreams_bg.svg
                                                                                                                                                                                                        Preview:<svg width="600" height="406" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M302.245 284.507s-2.464 72.073-2.464 82.171c0 9.394 4.697 13.57 11.668 13.57a11.7 11.7 0 0 0 8.085-3.241l75.068-71.455c-8.768 0-14.75-1.323-22.212-6.43-11.106-7.6-19.29-19.291-33.319-22.799-14.029-3.508-23.382-.584-36.826 8.184Z" fill="#FFF6EB"/><path d="M422.158 281.083c7.307-13.569 1.044-29.222-5.219-34.446 0 0 10.439-5.144 10.439-18.726 0-13.582-9.395-20.373-9.395-20.373s9.395-5.351 9.395-13.646c0-7.836-4.176-11.119-7.307-15.149-2.943-3.787-1.277-13.834 2.399-16.332.413-.281.732-.715.732-1.214 0-.661-.535-1.197-1.195-1.197h-1.936c-14.614 0-27.662 1.562-36.012 6.785-8.351 5.223-11.482 14.111-10.96 22.469-7.414-1.053-17.745-1.374-24.355 4.462-6.609 5.837-8.526 12.212-6.96 22.65-8.351-1.565-21.739-1.287-30.987 8.067-8.101 8.193-9.137 17.987-6.799 26.755-8.184 0-20.129 5.261-21.044 13.445-.915 8.183 5.257 12.275 11.107 12.275 3.472 0 8.183-2.923 15.198-7.014 7.014-4.092 20.208-5.751 33.903-1.754 13.695

                                                                                                                                                                                                        Chrome Cache Entry: 233

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.75
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:HyX1iCkYn:SlLn
                                                                                                                                                                                                        MD5:C0CE4261C6D56530FDAC9A7E6149A247
                                                                                                                                                                                                        SHA1:B6691D574B9E2AE68FA5BF1D1D54C0156862C58B
                                                                                                                                                                                                        SHA-256:7F426BB8776D85A3B04C7493BDEE2CF7465A040E74610E464A42D4F059E54768
                                                                                                                                                                                                        SHA-512:E194E5225429E476E0D34944D483C84A22A1B221833D3066F3BF48211F112282343F15D239270731476D488EFA532E818D657BDDEB5FC1EB4BA90C3D8A9A9665
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAlqZXgtUTg71BIFDVgVc88=?alt=proto
                                                                                                                                                                                                        Preview:CgkKBw1YFXPPGgA=

                                                                                                                                                                                                        Chrome Cache Entry: 234

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 248 x 160, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):7128
                                                                                                                                                                                                        Entropy (8bit):7.958393608741708
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:/EcO1bqNU3t8G5wCFt8Ha7FEjcS7fQyqMZG/g:dqSc8ZSeQSjQzMZ9
                                                                                                                                                                                                        MD5:71E0F6913CF045F2ADA05349372F3041
                                                                                                                                                                                                        SHA1:048FF8A5DBB3CD70E6582F66CE4F8570CDBD8C47
                                                                                                                                                                                                        SHA-256:A511BDAD85D39F69800AE2410B59BD29EFD5D0D1F1B2C22996D45DFCF8B932DC
                                                                                                                                                                                                        SHA-512:8B42BB341E110635ECECD219B6746DE34BA0BA48468695FBFA5CD75D7E912DBC5D8F707E6CC2371A6F886A22757D50E60A8361F7803DFB4B6BCC5D6BD99ED511
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.icecreamapps.com/www/images/home-page-images/pdf-editor.png
                                                                                                                                                                                                        Preview:.PNG........IHDR...............Q.....PLTE.........eee...................................................................................................................................xxy............................................uvv........................rrrhhh.....................oon...kkl...........^^`............}~~{{{....|||.n..T.........WWX............r.xcM6.;.........................................................n..i..Vq.............................................{...w.[w.==.............................=.........................O|..............e.._|..zl.r.Ph.H]..=.........................~..........zz..p.ggJ.c~?QLLL---.Y...........................> ............................................Xl..k.kk._j.D_..E...M.M.........=.?....IDATx...t.T....,.@.HB @.........e..Q.x.{G}n.{...{....x<..:.u.Pm.....:./..7...q.......:.>....C...d..e..r......bpt...@...G.8R.....h.....r....!.v.h.?..t....g...r{-j.L..B.D....

                                                                                                                                                                                                        Chrome Cache Entry: 235

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):15858
                                                                                                                                                                                                        Entropy (8bit):3.8242145377776016
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:QSCQUvugipI0U7Y2rDG4vmuKAs1P7Th+8QubN:QSCliiXsd8CZ
                                                                                                                                                                                                        MD5:9CD3FA3C44FC2C0ABD00207C80590F52
                                                                                                                                                                                                        SHA1:CDAFD2B48AFD5102B252B18273B04E14596A0097
                                                                                                                                                                                                        SHA-256:1A06F975D9FBB04450D7919FD0C73B3E629150C34F8123D1EF0D39B1DD9E525C
                                                                                                                                                                                                        SHA-512:0476F1861B37CD7179F259128343CC0ABB6B802BDC2E8C0A875B10AD330F3A94C573B845185D09127EFC4CB442C1FC32F84E5EF3BBED50BBC5A8A7B9712C7D50
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.icecreamapps.com/www/images/content/header-logo.svg
                                                                                                                                                                                                        Preview:<svg width="203" height="40" viewBox="0 0 203 40" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M9.47617 21.3C9.47617 21.3 9.05469 33.6298 9.05469 35.3573C9.05469 36.9644 9.85826 37.6787 11.0508 37.6787C11.5664 37.6787 12.062 37.4801 12.4338 37.1244L25.2762 24.9003C23.7762 24.9003 22.7527 24.6738 21.4762 23.8003C19.5762 22.5 18.1762 20.5001 15.7762 19.8999C13.3762 19.2998 11.7762 19.8 9.47617 21.3Z" fill="#FFC01F"/>.<path d="M29.9939 20.7143C31.2439 18.3929 30.1725 15.7151 29.101 14.8214C29.101 14.8214 30.8868 13.9414 30.8868 11.6178C30.8868 9.29426 29.2796 8.13248 29.2796 8.13248C29.2796 8.13248 30.8868 7.21716 30.8868 5.79809C30.8868 4.45757 30.1725 3.89583 29.6368 3.20642C29.1334 2.5586 29.4184 0.839856 30.0473 0.412389C30.1178 0.364438 30.1725 0.290106 30.1725 0.204755C30.1725 0.0916718 30.0809 0 29.9679 0H29.6368C27.1368 0 24.9046 0.267133 23.476 1.16071C22.0475 2.0543 21.5118 3.57472 21.6011 5.0046C20.3327 4.82446 18.5653 4.7695 17.4346 5.76801C16.3039 6.76653 15.976 7

                                                                                                                                                                                                        Chrome Cache Entry: 236

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5427
                                                                                                                                                                                                        Entropy (8bit):5.070142829422621
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:mNMqNJ7NhtBbwR6hKm/rC88JdP/8vIX5xvGhq:maqNJJtbwR6smzQrMq
                                                                                                                                                                                                        MD5:CB2313BBD4D0AD43D35814127ABFCFA9
                                                                                                                                                                                                        SHA1:AEDAB7FE0751D986C5E30EE7796FD762ACD9D863
                                                                                                                                                                                                        SHA-256:90364DEA40B76570BAB1C7884C40C6408C90DAD046C1F694086435F35EB49B06
                                                                                                                                                                                                        SHA-512:790BC174D73BC9D81BF5C91F66D782320539F744AAEF2B1243EF9525735174ABB54C9A6DD19A2DF1FDBD841D12556773A3890153FB5CE7A973A8F45A1FD0A4FC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg width="426" height="300" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#a)"><path d="M116.668 248.305h96v-67.771l-96 19.2v48.571Z" fill="#5E5A56"/><path d="M308.668 248.305h-96v-67.771l96 19.2v48.571Z" fill="#686764"/><path opacity=".3" d="m308.665 199.733 36.267-105.458A218.541 218.541 0 0 0 257.446 76h-89.562a218.538 218.538 0 0 0-87.486 18.275l36.267 105.458 96 19.2 96-19.2Z" fill="url(#b)"/><path d="M175.851 135.496s-1.613 47.175-1.613 53.784c0 6.149 3.075 8.882 7.638 8.882 1.972 0 3.869-.76 5.291-2.121l49.136-46.77c-5.739 0-9.655-.867-14.539-4.209-7.27-4.975-12.626-12.627-21.809-14.923-9.182-2.296-15.304-.382-24.104 5.357Z" fill="#FFC01F"/><path d="M254.343 133.255c4.783-8.882.683-19.128-3.416-22.547 0 0 6.832-3.367 6.832-12.257s-6.149-13.335-6.149-13.335 6.149-3.502 6.149-8.932c0-5.129-2.733-7.278-4.782-9.916-1.926-2.479-.836-9.055 1.57-10.69.27-.184.479-.468.479-.795a.783.783 0 0 0-.782-.783h-1.267c-9.566 0-18.106 1.022-23.572 4.441-5.466 3.419-7.515 9.23

                                                                                                                                                                                                        Chrome Cache Entry: 237

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):787
                                                                                                                                                                                                        Entropy (8bit):4.808847156894345
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:thTMAuUq3zoKfzoKfzoKfzoKfzbJKcybq5HQKEfkHxsGgMVGwGze:Dq8E8E8E8Ex9OjzfkH9gMszze
                                                                                                                                                                                                        MD5:72C895060E81FCB5305357DE107426D4
                                                                                                                                                                                                        SHA1:9748E8F57679986536FF87A00A9D7E75A1240C35
                                                                                                                                                                                                        SHA-256:121C6D197886342997FE0FD385C922C4DBF68022FA6F152C8D09EC81612D6C90
                                                                                                                                                                                                        SHA-512:7E93D4D798A31617DE2FCDE75894BCB6661FB6E8F3FB30EF2B43E012519F56D04438EC3B25246808C6A267E5EDAC1AB10CA9D078EE0F957B01E55FE7B0B4DF28
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.icecreamapps.com/www/images/content/wave_bg.svg
                                                                                                                                                                                                        Preview:<svg width="900" height="400" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M-510 400V0c27.774 0 55.547 7.215 80 21.646 48.906 28.86 111.094 28.86 160 0 48.906-28.861 111.094-28.861 160 0 48.906 28.86 111.094 28.86 160 0 48.906-28.861 111.094-28.861 160 0 48.906 28.86 111.094 28.86 160 0 48.906-28.861 111.094-28.861 160 0 48.906 28.86 111.094 28.86 160 0 48.906-28.861 111.094-28.861 160 0 48.906 28.86 111.094 28.86 160 0 48.91-28.861 111.09-28.861 160 0 48.91 28.86 111.09 28.86 160 0C1354.45 7.216 1382.23 0 1410 0v400H-510Z" fill="url(#a)"/><defs><linearGradient id="a" x1="770" y1="-32.465" x2="770" y2="380" gradientUnits="userSpaceOnUse"><stop stop-color="#F9F9F9"/><stop offset="1" stop-color="#fff"/><stop offset="1" stop-color="#fff"/></linearGradient></defs></svg>

                                                                                                                                                                                                        Chrome Cache Entry: 238

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):109669
                                                                                                                                                                                                        Entropy (8bit):4.748968177349355
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:h838Q3a/f0vEQ2fmQuSmOcfFYmkbhxPT3YG2xkL3P:h+8Q3aYPfFYjx7YU
                                                                                                                                                                                                        MD5:0C046A405D63CC5A1CE1A8721AB05EAD
                                                                                                                                                                                                        SHA1:CD1F7DBAB1F8EB604C076CAE57699D9675A063CF
                                                                                                                                                                                                        SHA-256:93EACEFB2DE6AAD77E233B0C32A684A6D23AD93D9ED9C71ED16A4B294CD1AC20
                                                                                                                                                                                                        SHA-512:09433E5F5E99432E29FDF4507A34070AAD94D204A6B1D6F52BDEA3FCD89276AAD0BCEFCB6852AB339900731C1897B8E9F608924B19F8ED095EE615518D2CD7F6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.icecreamapps.com/www/webpack_sprite.css-0c046a40.712f8ffc.svg
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?><svg width="1265" height="1045" viewBox="0 0 1265 1045" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><svg width="28" height="28" fill="none" viewBox="-2 -2 28 28" id="Accept_icon" x="1053" y="515" xmlns="http://www.w3.org/2000/svg"><path d="M5 13l5 5 9-11" stroke="#1AB859" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/></svg><svg width="28" height="28" fill="none" viewBox="-2 -2 28 28" id="Activate" x="1053" y="590" xmlns="http://www.w3.org/2000/svg"><path d="M8 12.273L10.857 15 16 9" stroke="#000" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/><path d="M3 12a9 9 0 1018 0 9 9 0 00-18 0z" stroke="#000" stroke-width="2"/></svg><svg width="106" height="60" fill="none" viewBox="-2 -2 106 60" id="AmEx" x="1151" y="452" xmlns="http://www.w3.org/2000/svg"><rect x=".5" y=".5" width="101" height="55" rx="7.5" fill="#fff" stroke="#EEE"/><path d="M28.914 41V29.746H40.83l1.278 1.667 1.32-1.66

                                                                                                                                                                                                        Chrome Cache Entry: 239

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 48444, version 1.0
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):48444
                                                                                                                                                                                                        Entropy (8bit):7.995593685409469
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:768:dn0V9qZpy/4pR+9MzTCGXckDohHxCc/TfZQEh9UONYyPYcABoN/8rZujvB:dn0+rAmWUMooVrbZQE7NYyzABK8rQ1
                                                                                                                                                                                                        MD5:8E433C0592F77BEB6DC527D7B90BE120
                                                                                                                                                                                                        SHA1:D7402416753AE1BB4CBD4B10D33A0C10517838BD
                                                                                                                                                                                                        SHA-256:F052EE44C3728DFD23ABA8A4567150BC314D23903026FBB6AD089422C2DF56AF
                                                                                                                                                                                                        SHA-512:5E90F48B923BB95AEB49691D03DADE8825C119B2FA28977EA170C41548900F4E0165E2869F97C7A9380D7FF8FF331A1DA855500E5F7B0DFD2B9ABD77A386BBF3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
                                                                                                                                                                                                        Preview:wOF2.......<.......l..............................`...\..p?HVAR.m?MVAR^.`?STAT.N'&..>/l........>....0....6.$.... ........[..A.2v.6......$..e...w"../.L.p:......Tpc..8@.[5......d#d.xw..o.O3-.....%..>...%..)~p.K.J.H..S...s..z..Wa.. 0\..J.....BL;V..-.L...j....^.9..HO l..,.*.6.v....?....x.....m..;....a![zif...Ur...Q..P.&.I1..:n.p...j~..h...9.!....@.<.bl|.Y?h..B.j/..rH.S%/~.^D...6..D.4G...y....Y.....=/o..W..5ryo.d?.gA]..?...1V..S......7ZJ...f....mBG[0eW....y..%B}..]? ...,sR<.y~.~.}.%.!..,X.....`...R..^....S.....u*.?k.v.k..U.u..M..`!...b!..X)P...y{.........n..T+6...R......L...x}...g...].g"WT.b..h ....X...=;{w...QO.s..w..@.(,..........{.........1..@...(...\.......9*..2.h9P.G........K.Dp...F..4W..ui.u...G...s..x7.?..tg..D..O.sA..t.t.4..~..e\...X.....T..kf.qfX..=^_....g"....De...x[J..A..).G.YUhR.....0.l..#&3.'.K..*...........$I.Pp.../.s.<@...r=..S......d..P.S.B.w.~X..ZK....h J.`A.bv,=.....>1.Ev.^..U.A. ....EU..].........dw..!$.A`..B.._.....Z~..!..J..l]r.m}m..

                                                                                                                                                                                                        Chrome Cache Entry: 240

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4140
                                                                                                                                                                                                        Entropy (8bit):5.2459065514005605
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:wlDvlez5VIcvz5+RbepewvVMVFVSVzVwVJVGL:w9cz5icvz5gbtwdEf+RozA
                                                                                                                                                                                                        MD5:01F7CC183ACD75A6BE764A2E7D541F4E
                                                                                                                                                                                                        SHA1:4727646B5B78F1E0EE51278E3216A3EC3B75A285
                                                                                                                                                                                                        SHA-256:E16D07974B8CB44F740C872BC917B70FB6DBA2663A3EA62E7A2CE4205EF6A4E9
                                                                                                                                                                                                        SHA-512:9A37993574C74553A57A03E19E0A0C1C68751147AAB5EBFBCF1612524E8C17FAE2218FE1B857C80CC28DF0C410D12C8BA4F310E38A5F0CF1D8754F876AD44E2F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg width="641" height="560" fill="none" xmlns="http://www.w3.org/2000/svg"><mask id="b" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="0" y="-80" width="640" height="640"><circle cx="320" cy="240" r="320" fill="url(#a)"/></mask><g mask="url(#b)"><circle cx="320" cy="240" r="320" fill="#D6F1DF"/></g><mask id="k" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="0" y="-80" width="641" height="640"><path d="M386.332-73.05a319.999 319.999 0 0 0-129.539-.645L320 240l66.332-313.05Z" fill="url(#c)"/><path d="M588.265 65.543a319.998 319.998 0 0 0-91.142-92.054L320 240 588.265 65.543Z" fill="url(#d)"/><path d="M633.051 306.332a319.997 319.997 0 0 0 .646-129.54L320 240l313.051 66.332Z" fill="url(#e)"/><path d="M494.457 508.263a320.008 320.008 0 0 0 92.055-91.141L320 240l174.457 268.263Z" fill="url(#f)"/><path d="M253.669 553.049a319.974 319.974 0 0 0 129.539.646L320 240l-66.331 313.049Z" fill="url(#g)"/><path d="M51.737 414.455a319.996 319.996 0 0 0 91.141 92.055L320 240 51.737 414.

                                                                                                                                                                                                        Chrome Cache Entry: 241

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):5427
                                                                                                                                                                                                        Entropy (8bit):5.070142829422621
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:mNMqNJ7NhtBbwR6hKm/rC88JdP/8vIX5xvGhq:maqNJJtbwR6smzQrMq
                                                                                                                                                                                                        MD5:CB2313BBD4D0AD43D35814127ABFCFA9
                                                                                                                                                                                                        SHA1:AEDAB7FE0751D986C5E30EE7796FD762ACD9D863
                                                                                                                                                                                                        SHA-256:90364DEA40B76570BAB1C7884C40C6408C90DAD046C1F694086435F35EB49B06
                                                                                                                                                                                                        SHA-512:790BC174D73BC9D81BF5C91F66D782320539F744AAEF2B1243EF9525735174ABB54C9A6DD19A2DF1FDBD841D12556773A3890153FB5CE7A973A8F45A1FD0A4FC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://icecreamapps.com/www/images/content/illustration-box.svg
                                                                                                                                                                                                        Preview:<svg width="426" height="300" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#a)"><path d="M116.668 248.305h96v-67.771l-96 19.2v48.571Z" fill="#5E5A56"/><path d="M308.668 248.305h-96v-67.771l96 19.2v48.571Z" fill="#686764"/><path opacity=".3" d="m308.665 199.733 36.267-105.458A218.541 218.541 0 0 0 257.446 76h-89.562a218.538 218.538 0 0 0-87.486 18.275l36.267 105.458 96 19.2 96-19.2Z" fill="url(#b)"/><path d="M175.851 135.496s-1.613 47.175-1.613 53.784c0 6.149 3.075 8.882 7.638 8.882 1.972 0 3.869-.76 5.291-2.121l49.136-46.77c-5.739 0-9.655-.867-14.539-4.209-7.27-4.975-12.626-12.627-21.809-14.923-9.182-2.296-15.304-.382-24.104 5.357Z" fill="#FFC01F"/><path d="M254.343 133.255c4.783-8.882.683-19.128-3.416-22.547 0 0 6.832-3.367 6.832-12.257s-6.149-13.335-6.149-13.335 6.149-3.502 6.149-8.932c0-5.129-2.733-7.278-4.782-9.916-1.926-2.479-.836-9.055 1.57-10.69.27-.184.479-.468.479-.795a.783.783 0 0 0-.782-.783h-1.267c-9.566 0-18.106 1.022-23.572 4.441-5.466 3.419-7.515 9.23

                                                                                                                                                                                                        Chrome Cache Entry: 242

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6675
                                                                                                                                                                                                        Entropy (8bit):4.074207683058991
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ahgHOO0Ff1N+r6iuYKDciQ31Y+b8oYfV8obrEX3/poZWFG:aGHOTFfPu6ipbiQlBb8oYt8o/EX2ZWFG
                                                                                                                                                                                                        MD5:8BAE9EFDC2FCE12917148E30B602D56D
                                                                                                                                                                                                        SHA1:F41F1DAE534977846E31F92299FC7733C5595435
                                                                                                                                                                                                        SHA-256:3A311EDC0F6FE6674D3907557EBACB3A2798C123903FE11160C4C992B33E9E32
                                                                                                                                                                                                        SHA-512:01998D361636000EE7C3CD23B6D3216801A9DDFC2057E9367E743CDC596F530702DD75F7247BE54FC8EF5D3E9500131552FBC84F094E7DD4D70C3CF3777EA3C2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg width="760" height="149" fill="none" xmlns="http://www.w3.org/2000/svg"><g opacity=".7" fill="#10C358"><path d="M650.557 103.354a2.314 2.314 0 0 0-.371-.773 2.246 2.246 0 0 0-.621-.574 2.1 2.1 0 0 0-.777-.286 1.989 1.989 0 0 0-.813.045l-5.08 1.361a.203.203 0 0 1-.187-.045.236.236 0 0 1-.079-.183 8.043 8.043 0 0 0-.586-3.862c-.952-1.66-2.092-1.902-2.845-1.577a1.654 1.654 0 0 0-.819.868c-.16.387-.179.826-.053 1.235.626 2.337-.404 5.349-1.637 6.878a.457.457 0 0 0-.08.398l2.306 8.607a.463.463 0 0 0 .165.247c.08.06.176.09.273.084.303-.019.579-.032.84-.043a13.746 13.746 0 0 0 3.414-.485l5.232-1.402c1.576-.422 1.561-1.421 1.412-1.974a2.064 2.064 0 0 0-.412-.797c.363-.342.58-.824.602-1.343a2.086 2.086 0 0 0-.481-1.426c.184-.173.333-.385.437-.622a2.04 2.04 0 0 0 .167-.759 2.083 2.083 0 0 0-.534-1.445c.261-.268.447-.607.54-.981a2.294 2.294 0 0 0-.013-1.146ZM635.407 107.185a.902.902 0 0 0-.397-.538.806.806 0 0 0-.635-.097l-2.617.701a.808.808 0 0 0-.502.402.903.903 0 0 0-.074.664l2.508 9.36c.

                                                                                                                                                                                                        Chrome Cache Entry: 243

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15858
                                                                                                                                                                                                        Entropy (8bit):3.8242145377776016
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:QSCQUvugipI0U7Y2rDG4vmuKAs1P7Th+8QubN:QSCliiXsd8CZ
                                                                                                                                                                                                        MD5:9CD3FA3C44FC2C0ABD00207C80590F52
                                                                                                                                                                                                        SHA1:CDAFD2B48AFD5102B252B18273B04E14596A0097
                                                                                                                                                                                                        SHA-256:1A06F975D9FBB04450D7919FD0C73B3E629150C34F8123D1EF0D39B1DD9E525C
                                                                                                                                                                                                        SHA-512:0476F1861B37CD7179F259128343CC0ABB6B802BDC2E8C0A875B10AD330F3A94C573B845185D09127EFC4CB442C1FC32F84E5EF3BBED50BBC5A8A7B9712C7D50
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg width="203" height="40" viewBox="0 0 203 40" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M9.47617 21.3C9.47617 21.3 9.05469 33.6298 9.05469 35.3573C9.05469 36.9644 9.85826 37.6787 11.0508 37.6787C11.5664 37.6787 12.062 37.4801 12.4338 37.1244L25.2762 24.9003C23.7762 24.9003 22.7527 24.6738 21.4762 23.8003C19.5762 22.5 18.1762 20.5001 15.7762 19.8999C13.3762 19.2998 11.7762 19.8 9.47617 21.3Z" fill="#FFC01F"/>.<path d="M29.9939 20.7143C31.2439 18.3929 30.1725 15.7151 29.101 14.8214C29.101 14.8214 30.8868 13.9414 30.8868 11.6178C30.8868 9.29426 29.2796 8.13248 29.2796 8.13248C29.2796 8.13248 30.8868 7.21716 30.8868 5.79809C30.8868 4.45757 30.1725 3.89583 29.6368 3.20642C29.1334 2.5586 29.4184 0.839856 30.0473 0.412389C30.1178 0.364438 30.1725 0.290106 30.1725 0.204755C30.1725 0.0916718 30.0809 0 29.9679 0H29.6368C27.1368 0 24.9046 0.267133 23.476 1.16071C22.0475 2.0543 21.5118 3.57472 21.6011 5.0046C20.3327 4.82446 18.5653 4.7695 17.4346 5.76801C16.3039 6.76653 15.976 7

                                                                                                                                                                                                        Chrome Cache Entry: 244

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1904
                                                                                                                                                                                                        Entropy (8bit):4.523626615198714
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:/pv6PW212PZAPIFDjlwTCxZq8LjwuMHI0E:BiPB12xASDjeTCrqBa
                                                                                                                                                                                                        MD5:6A07C43E2908B56719919BDCAB53EF2E
                                                                                                                                                                                                        SHA1:C205A6E859A1536C5C68441B360D225B17563120
                                                                                                                                                                                                        SHA-256:EA762AE02B9CB55D58DA1A179CA1EED058247ACC833489EA28E3DE51BF10EB58
                                                                                                                                                                                                        SHA-512:CA1F981DC5F1A5C0598DC133BC381DE9A00744F8E74FB68E8B6671B0B19C717018FC54B31D5280B8F68B6A68240D622DD26D51F0F94E3EEC049D2F884DB84733
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.icecreamapps.com/www/images/content/star_bg.svg
                                                                                                                                                                                                        Preview:<svg width="2656" height="2656" viewBox="0 0 2656 2656" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M1328 0L1328.09 1326.67L1501.34 11.3612L1328.26 1326.7L1671.71 45.2505L1328.43 1326.74L1836.2 101.088L1328.59 1326.81L1992 177.918L1328.74 1326.9L2136.44 274.427L1328.88 1327L2267.04 388.962L1329 1327.12L2381.57 519.565L1329.1 1327.26L2478.08 664L1329.19 1327.41L2554.91 819.796L1329.26 1327.57L2610.75 984.288L1329.3 1327.74L2644.64 1154.66L1329.33 1327.91L2656 1328L1329.33 1328.09L2644.64 1501.34L1329.3 1328.26L2610.75 1671.71L1329.26 1328.43L2554.91 1836.2L1329.19 1328.59L2478.08 1992L1329.1 1328.74L2381.57 2136.44L1329 1328.88L2267.04 2267.04L1328.88 1329L2136.44 2381.57L1328.74 1329.1L1992 2478.08L1328.59 1329.19L1836.2 2554.91L1328.43 1329.26L1671.71 2610.75L1328.26 1329.3L1501.34 2644.64L1328.09 1329.33L1328 2656L1327.91 1329.33L1154.66 2644.64L1327.74 1329.3L984.288 2610.75L1327.57 1329.26L819.796 2554.91L1327.41 1329.19L664 2478.08L1327.26 1329.1L519.565 2381.57L1327.

                                                                                                                                                                                                        Chrome Cache Entry: 245

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7794
                                                                                                                                                                                                        Entropy (8bit):4.785429012853915
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:eMBI+3le7Pz+C06idOvNo3g3vFQC4B518sAMRIT:pI+1eLz+CPidOvNkgdQC4B8sLA
                                                                                                                                                                                                        MD5:E63D9701535314261DB7629E4294EABF
                                                                                                                                                                                                        SHA1:FCB5865A0E6A178E43EDFE2AD3310A6EB0BEBFB7
                                                                                                                                                                                                        SHA-256:5DB4C4C26FEC5E9FD5A573A3E38A53CAC9CD1BDF02A4FE6C347B9889FEBD2825
                                                                                                                                                                                                        SHA-512:F07AF58572D1ACB417A8B6E415344C95848B363F9FB5E1D7757C629DB7632C293367609CB73A7FCF6A75E752EBEA6F28687BBE0E91D5C1A3E6C59728EF9F6CC3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<svg width="600" height="406" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M302.245 284.507s-2.464 72.073-2.464 82.171c0 9.394 4.697 13.57 11.668 13.57a11.7 11.7 0 0 0 8.085-3.241l75.068-71.455c-8.768 0-14.75-1.323-22.212-6.43-11.106-7.6-19.29-19.291-33.319-22.799-14.029-3.508-23.382-.584-36.826 8.184Z" fill="#FFF6EB"/><path d="M422.158 281.083c7.307-13.569 1.044-29.222-5.219-34.446 0 0 10.439-5.144 10.439-18.726 0-13.582-9.395-20.373-9.395-20.373s9.395-5.351 9.395-13.646c0-7.836-4.176-11.119-7.307-15.149-2.943-3.787-1.277-13.834 2.399-16.332.413-.281.732-.715.732-1.214 0-.661-.535-1.197-1.195-1.197h-1.936c-14.614 0-27.662 1.562-36.012 6.785-8.351 5.223-11.482 14.111-10.96 22.469-7.414-1.053-17.745-1.374-24.355 4.462-6.609 5.837-8.526 12.212-6.96 22.65-8.351-1.565-21.739-1.287-30.987 8.067-8.101 8.193-9.137 17.987-6.799 26.755-8.184 0-20.129 5.261-21.044 13.445-.915 8.183 5.257 12.275 11.107 12.275 3.472 0 8.183-2.923 15.198-7.014 7.014-4.092 20.208-5.751 33.903-1.754 13.695

                                                                                                                                                                                                        Chrome Cache Entry: 246

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):6675
                                                                                                                                                                                                        Entropy (8bit):4.074207683058991
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ahgHOO0Ff1N+r6iuYKDciQ31Y+b8oYfV8obrEX3/poZWFG:aGHOTFfPu6ipbiQlBb8oYt8o/EX2ZWFG
                                                                                                                                                                                                        MD5:8BAE9EFDC2FCE12917148E30B602D56D
                                                                                                                                                                                                        SHA1:F41F1DAE534977846E31F92299FC7733C5595435
                                                                                                                                                                                                        SHA-256:3A311EDC0F6FE6674D3907557EBACB3A2798C123903FE11160C4C992B33E9E32
                                                                                                                                                                                                        SHA-512:01998D361636000EE7C3CD23B6D3216801A9DDFC2057E9367E743CDC596F530702DD75F7247BE54FC8EF5D3E9500131552FBC84F094E7DD4D70C3CF3777EA3C2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://icecreamapps.com/www/images/content/thank.svg
                                                                                                                                                                                                        Preview:<svg width="760" height="149" fill="none" xmlns="http://www.w3.org/2000/svg"><g opacity=".7" fill="#10C358"><path d="M650.557 103.354a2.314 2.314 0 0 0-.371-.773 2.246 2.246 0 0 0-.621-.574 2.1 2.1 0 0 0-.777-.286 1.989 1.989 0 0 0-.813.045l-5.08 1.361a.203.203 0 0 1-.187-.045.236.236 0 0 1-.079-.183 8.043 8.043 0 0 0-.586-3.862c-.952-1.66-2.092-1.902-2.845-1.577a1.654 1.654 0 0 0-.819.868c-.16.387-.179.826-.053 1.235.626 2.337-.404 5.349-1.637 6.878a.457.457 0 0 0-.08.398l2.306 8.607a.463.463 0 0 0 .165.247c.08.06.176.09.273.084.303-.019.579-.032.84-.043a13.746 13.746 0 0 0 3.414-.485l5.232-1.402c1.576-.422 1.561-1.421 1.412-1.974a2.064 2.064 0 0 0-.412-.797c.363-.342.58-.824.602-1.343a2.086 2.086 0 0 0-.481-1.426c.184-.173.333-.385.437-.622a2.04 2.04 0 0 0 .167-.759 2.083 2.083 0 0 0-.534-1.445c.261-.268.447-.607.54-.981a2.294 2.294 0 0 0-.013-1.146ZM635.407 107.185a.902.902 0 0 0-.397-.538.806.806 0 0 0-.635-.097l-2.617.701a.808.808 0 0 0-.502.402.903.903 0 0 0-.074.664l2.508 9.36c.

                                                                                                                                                                                                        Chrome Cache Entry: 247

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (57178)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):433871
                                                                                                                                                                                                        Entropy (8bit):5.295332703212685
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:P8biGh5TFVgHPDR2GRCNjYTmjVy5KMzQklN/:8Q/T
                                                                                                                                                                                                        MD5:A758D15E83E98CDC83B8591197A7095E
                                                                                                                                                                                                        SHA1:7845B365618BF4457A32F58599A0DD9289AA65C1
                                                                                                                                                                                                        SHA-256:D3886356326A4BBC262B8605B9592B470F9845B6F24989D3D739353F260C400D
                                                                                                                                                                                                        SHA-512:4B0A122CA7833B20EEC13FE0456496B8260E48D8E0A4541F0B91D4A194D93E2F1C96AE4B10FE1059B1122AE68146528688D3223E8FADCA5B2FD29752294E4D1A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.icecreamapps.com/www/index.css?f12bd40a
                                                                                                                                                                                                        Preview:@import url(https://fonts.googleapis.com/css2?family=Inter:wght@400;700&family=Montserrat:wght@400;700&display=swap);..svg-Facebook,.svg-Schedule,.svg-X,.svg-ar,.svg-arrow_drop_down,.svg-arrow_dropdown,.svg-bi,.svg-calendar,.svg-ch,.svg-compress_converter,.svg-computer,.svg-cut_converter,.svg-de,.svg-dk,.svg-download,.svg-ebook-reader,.svg-email-sm,.svg-en,.svg-es,.svg-facebook-sm,.svg-fr,.svg-free_bage,.svg-icecreams_bg,.svg-image-resizer,.svg-imgcandy,.svg-info-orange,.svg-it,.svg-jp,.svg-key_sm,.svg-ko,.svg-linkedin-sm,.svg-location,.svg-logo-header,.svg-nl,.svg-no,.svg-pdf-converter,.svg-pdf-editor,.svg-pdf-split-and-merge,.svg-pdf-split-merge,.svg-pdfbob,.svg-pdfcandy,.svg-pdfcandy-desktop,.svg-phone,.svg-photo-editor,.svg-pl,.svg-pt,.svg-resume-trick,.svg-resume-trick-logo,.svg-resume-trick-logo-about,.svg-ru,.svg-screen-recorder,.svg-se,.svg-select,.svg-slideshow-maker,.svg-star,.svg-th,.svg-thankyou_PE_desc_1,.svg-thankyou_PE_desc_2,.svg-thankyou_PE_desc_3,.svg-thankyou_PE_desc

                                                                                                                                                                                                        Chrome Cache Entry: 248

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):8716
                                                                                                                                                                                                        Entropy (8bit):5.478238860331138
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:9AN/C734nkDGAEif73RKkGm0oQTEnmSe0BQWNnjSw:yEPRuH4aC
                                                                                                                                                                                                        MD5:1F2D79B775909A5F868C5D9D008F568F
                                                                                                                                                                                                        SHA1:6148D4CE071E4BD75E0B7A328A0725B8EE1FB80D
                                                                                                                                                                                                        SHA-256:32C435873701215FBFE003B479591F612E774E49373E6AE8B2A1300981B914A9
                                                                                                                                                                                                        SHA-512:060C56F6A3C2ED344B7BE21AF87AE9FE60FA647E8A271262FBA7B68B59AEDAB212F1DCFC10D07C686E058A66F31F6D19F9D714E3D894504B7661C9E8464FD0F3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.googleapis.com/css2?family=Inter:wght@400;700&family=Montserrat:wght@400;700&display=swap
                                                                                                                                                                                                        Preview:/* cyrillic-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swa

                                                                                                                                                                                                        Chrome Cache Entry: 249

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):94271
                                                                                                                                                                                                        Entropy (8bit):4.851968446463181
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:I09Bc1k1als+02YugJ/K7K9n3KEKqlo58Xp8zh4/kvLxI6IQNrLabcuiGgppActv:I09Bc1k1apeugk7K9naEvAumddI6IQRL
                                                                                                                                                                                                        MD5:BF5A251CBC9771ED14513282777195C9
                                                                                                                                                                                                        SHA1:00FAE08D398FAF138BC3AEC6463CE359F033C6DB
                                                                                                                                                                                                        SHA-256:D904C6D7AAFDB390CECBE3E47E0B268F0D629EFDF5534870B49CE5762DF03530
                                                                                                                                                                                                        SHA-512:1AF3CEA443AED86FB010E8D8DB7A872B42546303054432C16EA20C8088AD7BC123E338E557EE7C37458F8B265CAB58253C2C26A991C311E65039A2331AC7DF61
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.icecreamapps.com/www/webpack_sprite2-bf5a251c.04e5ea75.svg
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?><svg width="804" height="534" viewBox="0 0 804 534" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><svg width="42" height="42" fill="none" viewBox="-1 -1 42 42" id="Facebook" x="487" y="408" xmlns="http://www.w3.org/2000/svg"><rect width="40" height="40" rx="5" fill="#484848"/><path d="M25.028 20.784h-3.569v13.074h-5.407V20.784H13.48v-4.595h2.572v-2.973c0-2.127 1.01-5.456 5.455-5.456l4.005.017v4.46h-2.906c-.476 0-1.147.238-1.147 1.252v2.704H25.5l-.472 4.59z" fill="#fff"/></svg><svg width="66" height="66" fill="none" viewBox="-1 -1 66 66" id="Schedule" x="602" y="296" xmlns="http://www.w3.org/2000/svg"><path d="M5.5 21.8c0-2.282.002-3.842.1-5.05.097-1.18.273-1.803.5-2.247A5.5 5.5 0 018.502 12.1c.445-.227 1.067-.403 2.246-.5 1.209-.098 2.77-.1 5.051-.1h32.4c2.281 0 3.842.002 5.05.1 1.18.097 1.803.273 2.247.5a5.5 5.5 0 012.404 2.403c.226.444.402 1.067.498 2.246.1 1.209.101 2.77.101 5.051v26.4c0 2.281-.002 3.842-.1 5.05-.

                                                                                                                                                                                                        Chrome Cache Entry: 250

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 248 x 160, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):18524
                                                                                                                                                                                                        Entropy (8bit):7.981433632835432
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:41lJg4rebS63YBWKl7DGZ9daaWkDC0LzuY2YmWZswCEQoi2uEerj8H:glJg40LKhDC99WgC3Y5ZsPX2DergH
                                                                                                                                                                                                        MD5:7BCFDEA398892E12553138F851160CA7
                                                                                                                                                                                                        SHA1:B2E9B04EB76CC403846C1C34A2C40A95AA463EAF
                                                                                                                                                                                                        SHA-256:56A30BA8CE23FB33A1801232657117E86A2274FDD5A637025E1B63FE5A95CABF
                                                                                                                                                                                                        SHA-512:C51EA43807C980A44F1DF827ECD6692B3D3BD74AF0DA5640435921CD993C97E0FF1026DD01626FBB0EC713AF2AB6F7484406CC4D70B83708EFF3D689EF5001C6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.icecreamapps.com/www/images/home-page-images/video-editor.png
                                                                                                                                                                                                        Preview:.PNG........IHDR...............Q.....PLTE)))[[[<<<......444...xH.@@@...EED%$$0.4 TTSMMK...kkk......qrr..........................d@.eff...5-*...3>D................xyxHIKYZU.....7FOpqY(3+...UVKe_X...897...wx]...-#.aaaQQO....xekkS=3/.r_`XO....~m............PIBI*#...}.dnXO...D;5..w..~...mfa_ME...3j.}_LM@7zi[.jW~|{.....y.....psnh...........tbU...Waj.oa#2..xi.eQ:1.....V.}vpjSD_cK$.....kw.ZD9^kx..w,?/..l...wYD...qJ7.....(/CS5+.&2....~?S:...1_.<"....fJ98I1e<,...../Or..fUY^ITX.....r.tPp.C~.[.Q....'AZ..zsgNb9.~[x.N.VFxMA..... .97D9&......|...1Jaq8.....btH...2D....pb......#5K`ViWXQ..%)L]..cI.......i..~..y..m.............m.m~Y..w.[..h^]...^.....~\o.V.....I3....FqC\!....}.}....S8o|..'t..vz....Cc......M.ZD........}|.\d..C{$&...k....|.7.....v.a4...X..Sa.l........6..-k..iw.....I.w..,.V..p.......E.IDATx..]k.P......rb n3.b.u..E."..."...JS)[E.E..x.)...."....T....a..?.......x.T]....N..szx.G..m.)..,6....!..@.._...i..x.1..[A8.......R...C9.,>.........3..c*w*'exX}.*.......

                                                                                                                                                                                                        Chrome Cache Entry: 251

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):33092
                                                                                                                                                                                                        Entropy (8bit):7.993894754675653
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:768:c+2lFKscxQAuDJ5m/xiYEQNMJjFaf0TteqKt:cZlhcxJuDa/xiMMJhaItzKt
                                                                                                                                                                                                        MD5:057478083C1D55EA0C2182B24F6DD72F
                                                                                                                                                                                                        SHA1:CAF557CD276A76992084EFC4C8857B66791A6B7F
                                                                                                                                                                                                        SHA-256:BB2F90081933C0F2475883CA2C5CFEE94E96D7314A09433FFFC42E37F4CFFD3B
                                                                                                                                                                                                        SHA-512:98FF4416DB333E5A5A8F8F299C393DD1A50F574A2C1C601A0724A8EA7FB652F6EC0BA2267390327185EBEA55F5C5049AB486D88B4C5FC1585A6A975238507A15
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
                                                                                                                                                                                                        Preview:wOF2.......D......6...............................a......Z?HVAR...`?STAT.8'2..F/~.....|.M....0....6.$.... ..x..<..[.%Q.i.<.N..t.Yx..5.A...|..g#l....5.....D.Bt.......l.Y].)..(..H.s..V..r*uM....[.**....I.0h.v.Hc.R..]....`$.I)G.+.}....E%.H..|..%nEE.....+.x..7|........[..V....[.......0...CA.._....)2.$.....s_fw....+.V.H.B.<?.?..mloc..1.Q....a.r#...)......|.F>..../6-.......t......>......tO.:f@b....u.I(.Bc..b....7.?A.....vE.}...kb]W7.h..$@......T1t.8.._?...~..,..I..."Y...1..s.V........R.Bf2..I....s.........u.P.&..D./"2qf....p.sv..)b5.yR.$MR3.@.E../>{w.....f...cN...2.v.....]>..Ow...9/!v...r..1.4.n.w...T......=...hRH!.....2`...u..82L...S.v.ik^.V.....@..N....d{..{...NN"'.H...H$..H.<..{?..x.....zv.}.~.N)4.g...X.....8|}...e,%.:..;.Q..88...@..=UVHe....g..zD?..U...~.J...oMoP..6B"Y.{BN...vY<.o..r.7.7j%.Z%.'...]...........YK...,.a-;.M....>\.......%'+8Z.1K.y...9.(;.5 ..M..L.(..9...T)........hx..i2Y...m*..{ulY...d......")^.,.n.~..r..S.o.$.....6=.i...N.....q0 ....

                                                                                                                                                                                                        Chrome Cache Entry: 252

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):4140
                                                                                                                                                                                                        Entropy (8bit):5.2459065514005605
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:wlDvlez5VIcvz5+RbepewvVMVFVSVzVwVJVGL:w9cz5icvz5gbtwdEf+RozA
                                                                                                                                                                                                        MD5:01F7CC183ACD75A6BE764A2E7D541F4E
                                                                                                                                                                                                        SHA1:4727646B5B78F1E0EE51278E3216A3EC3B75A285
                                                                                                                                                                                                        SHA-256:E16D07974B8CB44F740C872BC917B70FB6DBA2663A3EA62E7A2CE4205EF6A4E9
                                                                                                                                                                                                        SHA-512:9A37993574C74553A57A03E19E0A0C1C68751147AAB5EBFBCF1612524E8C17FAE2218FE1B857C80CC28DF0C410D12C8BA4F310E38A5F0CF1D8754F876AD44E2F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://icecreamapps.com/www/images/content/thank2.svg
                                                                                                                                                                                                        Preview:<svg width="641" height="560" fill="none" xmlns="http://www.w3.org/2000/svg"><mask id="b" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="0" y="-80" width="640" height="640"><circle cx="320" cy="240" r="320" fill="url(#a)"/></mask><g mask="url(#b)"><circle cx="320" cy="240" r="320" fill="#D6F1DF"/></g><mask id="k" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="0" y="-80" width="641" height="640"><path d="M386.332-73.05a319.999 319.999 0 0 0-129.539-.645L320 240l66.332-313.05Z" fill="url(#c)"/><path d="M588.265 65.543a319.998 319.998 0 0 0-91.142-92.054L320 240 588.265 65.543Z" fill="url(#d)"/><path d="M633.051 306.332a319.997 319.997 0 0 0 .646-129.54L320 240l313.051 66.332Z" fill="url(#e)"/><path d="M494.457 508.263a320.008 320.008 0 0 0 92.055-91.141L320 240l174.457 268.263Z" fill="url(#f)"/><path d="M253.669 553.049a319.974 319.974 0 0 0 129.539.646L320 240l-66.331 313.049Z" fill="url(#g)"/><path d="M51.737 414.455a319.996 319.996 0 0 0 91.141 92.055L320 240 51.737 414.

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                        Entropy (8bit):7.999990504649236
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • ZIP compressed archive (8000/1) 99.91%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.09%
                                                                                                                                                                                                        File name:Archive.zip
                                                                                                                                                                                                        File size:25'201'421 bytes
                                                                                                                                                                                                        MD5:c60cd0df4975d745722d1776d5be95b5
                                                                                                                                                                                                        SHA1:f8e2eb05478108eae1f8fa28f70ebb64163d032d
                                                                                                                                                                                                        SHA256:f1ed181ee30a70c0f71aacf7c592be0e6589421bc479e379109c4c3f572bb663
                                                                                                                                                                                                        SHA512:0acf58368d7ff611f3bb2b5db33066c561f8de5ac16ba5dec55cad9c6e4943e2a16cea024a2ef7242ad11321eafac6153a25d00cd463185a179cb7c498c6d968
                                                                                                                                                                                                        SSDEEP:393216:Y9boqdq36HOHLqoqV8faabXapOCTQYDXBvNlj5lCETsU6CFzdJmHIBs4m0/TLwW:Kbldq3SDqfaawOpCXFjlsU5Rn0fWTLwW
                                                                                                                                                                                                        TLSH:134733BF8A1F959977E3CE8B12B464FA0DC188CDDE84D00A781ACF56BD4ACA054C3567
                                                                                                                                                                                                        File Content Preview:PK.........tXY............>. .MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zipUT....@.g.@.g.@.gux...............@..PK.........dXY.[..U...@.B...$.icepdfeditor.exe.. .........`\...&..`\...&..T\...&..........>.t.\=..e.^...j...*..cl.H.9..3?.....

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:1c1c1e4e4ececedc

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Oct 24, 2024 14:42:23.120107889 CEST49678443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:23.120117903 CEST49677443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:23.120176077 CEST49676443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:33.332724094 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:33.332838058 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:33.332974911 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:33.334898949 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:33.334929943 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.032947063 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.039419889 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.157906055 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.157962084 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.157996893 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158000946 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158030987 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158039093 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158072948 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158107042 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158139944 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158174992 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158243895 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158243895 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158243895 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158243895 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158243895 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.158243895 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.450726032 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.450882912 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.453006983 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.453035116 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.453350067 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:34.506145000 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.397255898 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.439332962 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773479939 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773514986 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773525000 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773541927 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773550034 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773560047 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773646116 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773686886 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773714066 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.773849964 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.774064064 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.774204969 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.774228096 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.830928087 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.898370981 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.898457050 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:35.898700953 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:36.485624075 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:36.485624075 CEST49697443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:42:36.485672951 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:36.485686064 CEST443496974.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:39.898519993 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                                                                        Oct 24, 2024 14:42:40.202265978 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                                                                        Oct 24, 2024 14:42:40.807156086 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.018182993 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.055419922 CEST49705443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.055473089 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.055566072 CEST49705443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.056577921 CEST49705443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.056597948 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.913796902 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.913871050 CEST49705443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.918550014 CEST49705443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.918567896 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.918817043 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.961421013 CEST49705443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.007330894 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.205816984 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.205990076 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.206115961 CEST49705443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.206316948 CEST49705443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.206341028 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.206353903 CEST49705443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.206365108 CEST44349705184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.274257898 CEST49706443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.274287939 CEST44349706184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.274419069 CEST49706443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.274626970 CEST49706443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.274636984 CEST44349706184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.993103981 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.993148088 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.993226051 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.994101048 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.994117022 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.068351030 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.116545916 CEST44349706184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.116664886 CEST49706443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.117743969 CEST49706443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.117750883 CEST44349706184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.118076086 CEST44349706184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.119220018 CEST49706443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.163335085 CEST44349706184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.362572908 CEST44349706184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.362957001 CEST44349706184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.363048077 CEST49706443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.363657951 CEST49706443192.168.2.17184.28.90.27
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.363672018 CEST44349706184.28.90.27192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.381321907 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.425508976 CEST49709443192.168.2.1713.107.5.88
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.425534964 CEST4434970913.107.5.88192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.425651073 CEST49709443192.168.2.1713.107.5.88
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.429223061 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.462810040 CEST49709443192.168.2.1713.107.5.88
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.462822914 CEST4434970913.107.5.88192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.482177019 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.487611055 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.607352972 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.607423067 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.607582092 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.607637882 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.608531952 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.608763933 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.608907938 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.609415054 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.609415054 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.614089966 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.614099979 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.614320040 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.614371061 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.614800930 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.614995956 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.732264042 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.732588053 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.761046886 CEST44349691204.79.197.200192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.761217117 CEST49691443192.168.2.17204.79.197.200
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.982291937 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.080347061 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.080648899 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.120822906 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.120860100 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.121622086 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.123003006 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.123092890 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.123182058 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.208583117 CEST4434970913.107.5.88192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.208690882 CEST49709443192.168.2.1713.107.5.88
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.211464882 CEST49709443192.168.2.1713.107.5.88
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.211473942 CEST4434970913.107.5.88192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.211986065 CEST4434970913.107.5.88192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.249598980 CEST49709443192.168.2.1713.107.5.88
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.295331001 CEST4434970913.107.5.88192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.376194954 CEST4434970913.107.5.88192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.380564928 CEST49709443192.168.2.1713.107.5.88
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.380707026 CEST4434970913.107.5.88192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.380920887 CEST49709443192.168.2.1713.107.5.88
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.484780073 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.484806061 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.484853983 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.484911919 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.484913111 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.484929085 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.485444069 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.485444069 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.485589981 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.485626936 CEST4434970820.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.485920906 CEST49708443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.780936003 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.780973911 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.781883955 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.781883955 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:45.781929970 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:46.192167044 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                                                                        Oct 24, 2024 14:42:46.862411022 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:46.863020897 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:46.863042116 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:46.863873005 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:46.863873005 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:46.863882065 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:46.863893986 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.220382929 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.220446110 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.220530033 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.220532894 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.220580101 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.220602036 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.221051931 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.221075058 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.221081018 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.221399069 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.221493959 CEST4434971020.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.221554041 CEST49710443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.285235882 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.285264015 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.285356045 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.285551071 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:47.285562038 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.374573946 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.375588894 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.375605106 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.377155066 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.377166033 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.377202988 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.377228022 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.599217892 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.740677118 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.740741014 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.740823030 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.740858078 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.740869045 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.740961075 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.741215944 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.741215944 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.741228104 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.741564989 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.741679907 CEST4434971120.190.159.64192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.741760969 CEST49711443192.168.2.1720.190.159.64
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.853466034 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.853487968 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.858284950 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.858964920 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:48.858973980 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:49.234282970 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                                                                        Oct 24, 2024 14:42:49.723011017 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:49.723108053 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:49.765672922 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:49.765695095 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:49.766716957 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:49.766788006 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:49.767735958 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:49.767792940 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061506987 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061583042 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061603069 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061611891 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061659098 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061675072 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061680079 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061719894 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061741114 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.061779022 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.064830065 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.064830065 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.064846992 CEST443497122.23.209.154192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:42:50.064899921 CEST49712443192.168.2.172.23.209.154
                                                                                                                                                                                                        Oct 24, 2024 14:42:52.512197018 CEST4968280192.168.2.17192.229.211.108
                                                                                                                                                                                                        Oct 24, 2024 14:42:52.813261986 CEST4968280192.168.2.17192.229.211.108
                                                                                                                                                                                                        Oct 24, 2024 14:42:53.412233114 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                                                                        Oct 24, 2024 14:42:53.428255081 CEST4968280192.168.2.17192.229.211.108
                                                                                                                                                                                                        Oct 24, 2024 14:42:54.637270927 CEST4968280192.168.2.17192.229.211.108
                                                                                                                                                                                                        Oct 24, 2024 14:42:57.045312881 CEST4968280192.168.2.17192.229.211.108
                                                                                                                                                                                                        Oct 24, 2024 14:42:58.845285892 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                                                                        Oct 24, 2024 14:43:01.846313953 CEST4968280192.168.2.17192.229.211.108
                                                                                                                                                                                                        Oct 24, 2024 14:43:03.026602983 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                                                                        Oct 24, 2024 14:43:11.456948042 CEST4968280192.168.2.17192.229.211.108
                                                                                                                                                                                                        Oct 24, 2024 14:43:12.931070089 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:12.931109905 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:12.931195021 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:12.931595087 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:12.931611061 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.062195063 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.062310934 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.065366030 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.065376043 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.065778017 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.076105118 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.123341084 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.452786922 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.452852011 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.452896118 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.453046083 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.453046083 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.453064919 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.453124046 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.454277992 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.454333067 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.454366922 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.454375029 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.454416037 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.457380056 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.457380056 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.457397938 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.457757950 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.457858086 CEST443497134.175.87.197192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:14.458019018 CEST49713443192.168.2.174.175.87.197
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.665152073 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.665189028 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.665270090 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.665745974 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.665780067 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.509874105 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.510099888 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.510162115 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.511898041 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.511982918 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.513119936 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.513216019 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.513536930 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.513556957 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.569402933 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.869874954 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.869904995 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.869915009 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.869983912 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.869993925 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.870035887 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.870062113 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.870116949 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.870157957 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.870157957 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.870157957 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.870194912 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.876563072 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.876585960 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.876636982 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.876652002 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.876691103 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.876713037 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.915254116 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.915345907 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.915430069 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.916069031 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.916100025 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.921953917 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922034025 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922101021 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922358036 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922379971 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922445059 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922590971 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922616005 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922674894 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922931910 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.922951937 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.923018932 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.923330069 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.923362970 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.923543930 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.923569918 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.923732996 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.923755884 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.923937082 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.923955917 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.977238894 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.977264881 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.977329016 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.977360010 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.977402925 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.977437019 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.978041887 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.978140116 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.978209019 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.978255987 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.978255987 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.978290081 CEST4434971537.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.978349924 CEST49715443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.988512039 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.988555908 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.988626003 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.988915920 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.988940954 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.769267082 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.769567966 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.769606113 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.770224094 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.770400047 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.770410061 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.770816088 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771177053 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771306038 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771341085 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771347046 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771383047 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771405935 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771701097 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771761894 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771855116 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.771864891 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.775237083 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.775540113 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.775563002 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.775986910 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.776278973 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.776356936 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.776388884 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.777054071 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.777256012 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.777270079 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.777928114 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.778171062 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.778179884 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.778954983 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.779026985 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.779969931 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.780083895 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.780245066 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.780256033 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.781635046 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.781727076 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.782995939 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.783077955 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.783204079 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.783220053 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.812418938 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.812418938 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.819377899 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.828411102 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.828490019 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.828490973 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.833997965 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.834286928 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.834358931 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.835823059 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.835882902 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.836308956 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.836395979 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.836515903 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.836533070 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:20.876444101 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.014062881 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.014095068 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.014167070 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.014175892 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.014280081 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.015054941 CEST49720443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.015100956 CEST4434972037.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.019954920 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.019978046 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.020045996 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.020046949 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.020056963 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.020104885 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.021045923 CEST49722443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.021061897 CEST4434972237.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.024876118 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.024899960 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.024960995 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.024960995 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.025008917 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.025012970 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.025019884 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.025070906 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.025592089 CEST49721443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.025614977 CEST4434972137.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030148983 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030189037 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030234098 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030258894 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030323029 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030399084 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030504942 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030524969 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030591011 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030831099 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.030843019 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.031006098 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.031039000 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.031153917 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.031172037 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.087487936 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.087518930 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.087529898 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.087594032 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.087616920 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.087677956 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.088242054 CEST49724443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.088277102 CEST4434972492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.119163036 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.119220972 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.119400978 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.119597912 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.119625092 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.140465021 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.140491009 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.140497923 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.140512943 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.140553951 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.140583992 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.140661955 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.140700102 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.140729904 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.141419888 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.141437054 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.141513109 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.141530037 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.141575098 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155344009 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155405045 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155424118 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155467033 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155483007 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155493975 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155515909 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155529976 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155533075 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155561924 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155637026 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155777931 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.155865908 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.156114101 CEST49718443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.156131029 CEST4434971892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.158830881 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.158879995 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.159039021 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.159229040 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.159245014 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.239917040 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.239944935 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.240115881 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.240117073 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.240191936 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.240333080 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.256397009 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.256449938 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.256608009 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.256608009 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.256685019 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.256778955 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.258126974 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.258176088 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.258248091 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.258263111 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.258299112 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.258320093 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354162931 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354211092 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354305029 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354305029 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354348898 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354396105 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354872942 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354924917 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354953051 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.354959965 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.355000019 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.369997025 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.370049953 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.370096922 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.370127916 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.370143890 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.370177031 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.371547937 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.371615887 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.371625900 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.371646881 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.371685028 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.371706009 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.373318911 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.373358965 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.373416901 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.373423100 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.373456001 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.374447107 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.374486923 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.374540091 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.374546051 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.374560118 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.374597073 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.376174927 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.376216888 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.376267910 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.376286030 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.376291990 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.376332045 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.469315052 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.469366074 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.469445944 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.469476938 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.469495058 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.469541073 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470185995 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470240116 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470266104 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470271111 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470299959 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470318079 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470902920 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470946074 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470978022 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.470983028 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.471024990 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.471024990 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.485271931 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.485315084 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.485383034 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.485390902 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.485433102 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.485935926 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.485976934 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.486011028 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.486017942 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.486052990 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.486083031 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.486845970 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.486887932 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.486912012 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.486917019 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.486963987 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.487670898 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.487709999 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.487737894 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.487742901 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.487767935 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.487780094 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.488593102 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.488636017 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.488679886 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.488686085 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.488711119 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.488737106 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489607096 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489662886 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489696980 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489702940 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489742041 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489820004 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489867926 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489887953 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489893913 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489927053 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.489952087 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.490811110 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.490853071 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.490884066 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.490889072 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.490931034 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.491749048 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.491791964 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.491820097 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.491825104 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.491868973 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.494280100 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.494326115 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.494347095 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.494352102 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.494401932 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530463934 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530509949 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530548096 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530560017 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530590057 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530601025 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530606031 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530647993 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530653954 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530702114 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530778885 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.530994892 CEST49719443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.531012058 CEST4434971992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.874419928 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.874687910 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.874713898 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.875749111 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.875814915 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.876104116 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.876168013 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.876239061 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.878593922 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.879106998 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.879175901 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.880089045 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.880302906 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.880321980 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.880815029 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.880886078 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.881184101 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.881283998 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.881308079 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.881458044 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.881516933 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.881781101 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.881856918 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.881872892 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.923333883 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.925410986 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.925420046 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.925426960 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.925431967 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.925457954 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.925463915 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.971470118 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.971724033 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.971787930 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.973417997 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.973418951 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.973464012 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.973510981 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.973527908 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.973927021 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.974015951 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.974075079 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.004569054 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.004873991 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.004895926 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.006345987 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.006411076 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.006685972 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.006767988 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.006819963 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.019332886 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.021420956 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.021440983 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.051338911 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.053410053 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.053421021 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.069427013 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.101408958 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.121753931 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.121783972 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.121854067 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.121879101 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.121896029 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.121942997 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.122839928 CEST49726443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.122858047 CEST4434972637.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.124619007 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.124655008 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.124665022 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.124722958 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.124738932 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.124761105 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.124804974 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.125436068 CEST49727443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.125453949 CEST4434972737.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.127912045 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.127938032 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.127945900 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.128014088 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.128043890 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.128058910 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.129168034 CEST49728443192.168.2.1737.58.52.149
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.129174948 CEST4434972837.58.52.149192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.223355055 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.223391056 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.223401070 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.223440886 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.223470926 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.223473072 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.223598003 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.224951029 CEST49729443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.224966049 CEST4434972992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370306969 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370340109 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370348930 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370367050 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370376110 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370383024 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370450020 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370486975 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370493889 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370518923 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370536089 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.370682955 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.372940063 CEST49730443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.372961044 CEST4434973092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.699826002 CEST49736443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.699879885 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.700073004 CEST49736443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.700140953 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.700186014 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.700314045 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.700429916 CEST49736443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.700447083 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.700783014 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.700799942 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.705260992 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.705272913 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.705754995 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.706321955 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.706326962 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.706332922 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.706340075 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.706424952 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.712938070 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.712946892 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.754555941 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.754573107 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.754853964 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.760946035 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.760957956 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.764849901 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.764862061 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.765124083 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.765472889 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.765486002 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.447154045 CEST49745443192.168.2.17142.250.181.228
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.447254896 CEST44349745142.250.181.228192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.447351933 CEST49745443192.168.2.17142.250.181.228
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.447540045 CEST49745443192.168.2.17142.250.181.228
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.447580099 CEST44349745142.250.181.228192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.547842979 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.548023939 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.548067093 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.549141884 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.549221992 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.549653053 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.549721003 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.549770117 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.553760052 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.553970098 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.553993940 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.554430008 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.554757118 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.554855108 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.554879904 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.556895971 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.557105064 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.557118893 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.558563948 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.558626890 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.558928013 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.559001923 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.559031010 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.560257912 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.560476065 CEST49736443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.560493946 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.561615944 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.561938047 CEST49736443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.562064886 CEST49736443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.562071085 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.562108040 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.591335058 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.595335960 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.595432997 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.599332094 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.600431919 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.600445986 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.600445986 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.600481987 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.605365992 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.605561018 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.605582952 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.606636047 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.606693983 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.607004881 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.607034922 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.607070923 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.607127905 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.607134104 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.607254028 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.607269049 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.608241081 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.608304024 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.608666897 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.608731985 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.608800888 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.608814955 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.611419916 CEST49736443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.642566919 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.642600060 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.658423901 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.658476114 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.808743000 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.808783054 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.808825970 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.808840990 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.808906078 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.808948994 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.809412956 CEST49739443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.809429884 CEST4434973992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.809931993 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.810097933 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.810163021 CEST49736443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.811683893 CEST49746443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.811718941 CEST4434974692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.811781883 CEST49746443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.812177896 CEST49746443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.812195063 CEST4434974692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.813500881 CEST49736443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.813535929 CEST4434973692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.817116022 CEST49747443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.817167997 CEST4434974792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.817230940 CEST49747443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.817637920 CEST49747443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.817663908 CEST4434974792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.835237026 CEST49748443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.835293055 CEST4434974892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.835374117 CEST49748443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.835562944 CEST49748443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.835589886 CEST4434974892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.837256908 CEST49749443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.837286949 CEST4434974992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.837347031 CEST49749443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.837589025 CEST49749443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.837601900 CEST4434974992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.855578899 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.855607986 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.855617046 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.855654001 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.855671883 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.855714083 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.857122898 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.857188940 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.857227087 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.858151913 CEST49740443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.858161926 CEST4434974092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.860374928 CEST49750443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.860408068 CEST4434975092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.860477924 CEST49750443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.860641956 CEST49750443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.860670090 CEST4434975092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.865719080 CEST49751443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.865732908 CEST4434975192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.865777969 CEST49751443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.866394997 CEST49751443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.866417885 CEST4434975192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.911989927 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912050962 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912071943 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912091017 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912111044 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912130117 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912149906 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912153006 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912178040 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912180901 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912197113 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.912229061 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.913496971 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.913541079 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.913563967 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.913588047 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.913623095 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.913645029 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.913659096 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921461105 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921530008 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921550989 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921586037 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921588898 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921617985 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921617985 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921636105 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921646118 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921663046 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.921679020 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.923816919 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.923882961 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.923882961 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.923907995 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.923937082 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.923957109 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.923994064 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.959656954 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.972928047 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.972951889 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.972959995 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.972970963 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.973005056 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.973016024 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.973043919 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.973068953 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.973074913 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.973074913 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.973109007 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.973129034 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.974463940 CEST49741443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.974490881 CEST4434974192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.975446939 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.980091095 CEST49752443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.980184078 CEST4434975292.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.980254889 CEST49752443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.981014967 CEST49752443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.981050014 CEST4434975292.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.981360912 CEST49753443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.981394053 CEST4434975392.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.981446981 CEST49753443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.981609106 CEST49753443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.981623888 CEST4434975392.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.022934914 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.022968054 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.023017883 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.023036957 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.023075104 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.023128033 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.023128986 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.023149967 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.023211002 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.028814077 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.028868914 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.028894901 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.028909922 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.028940916 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.028961897 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.030497074 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.030540943 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.030580997 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.030594110 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.030622005 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.030641079 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.033293009 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.033313990 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.033361912 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.033376932 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.033420086 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.033440113 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.033462048 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.033489943 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.040766954 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.040813923 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.040838957 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.040857077 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.040891886 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.040900946 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.043102026 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.043145895 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.043167114 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.043178082 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.043207884 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.043222904 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.089266062 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.089317083 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.089353085 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.089376926 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.089405060 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.089421988 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.089503050 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.089545965 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.090163946 CEST49737443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.090188026 CEST4434973792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.093451023 CEST49754443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.093524933 CEST4434975492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.093602896 CEST49754443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.094033957 CEST49754443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.094069004 CEST4434975492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.096056938 CEST49755443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.096100092 CEST4434975592.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.096152067 CEST49755443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.096394062 CEST49755443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.096405983 CEST4434975592.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138335943 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138397932 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138443947 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138493061 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138524055 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138569117 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138870001 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138932943 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138943911 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.138964891 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.139004946 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.139152050 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.139203072 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.146766901 CEST49738443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.146806002 CEST4434973892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.158704996 CEST49756443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.158747911 CEST4434975692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.158806086 CEST49756443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.159168005 CEST49756443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.159187078 CEST4434975692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205307961 CEST49748443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205372095 CEST49749443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205372095 CEST49751443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205440044 CEST49753443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205580950 CEST49755443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205585003 CEST49746443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205703974 CEST49750443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205709934 CEST49747443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205816031 CEST49752443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205816031 CEST49754443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.205846071 CEST49756443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.206027031 CEST49745443192.168.2.17142.250.181.228
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.247339964 CEST4434975192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.247355938 CEST4434974992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.247360945 CEST4434974892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.247361898 CEST4434975492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.247374058 CEST4434975292.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.247375965 CEST4434975692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.251338959 CEST44349745142.250.181.228192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.251348972 CEST4434975592.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.251357079 CEST4434975392.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.251384974 CEST4434974792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.251394987 CEST4434975092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.251414061 CEST4434974692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.338217020 CEST44349745142.250.181.228192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.338320971 CEST49745443192.168.2.17142.250.181.228
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.663269043 CEST4434974792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.663412094 CEST49747443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.663445950 CEST4434974792.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.663541079 CEST49747443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.676583052 CEST4434974692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.677881002 CEST4434974692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.679034948 CEST49746443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.679034948 CEST49746443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.689891100 CEST4434974892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.690033913 CEST4434974892.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.690323114 CEST49748443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.690324068 CEST49748443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.713193893 CEST4434975092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.713309050 CEST4434975092.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.713382006 CEST49750443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.713382006 CEST49750443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.714010000 CEST4434975192.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.714076042 CEST4434974992.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.714153051 CEST49751443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.714153051 CEST49749443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.820177078 CEST4434975292.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.820301056 CEST4434975292.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.823154926 CEST49752443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.823154926 CEST49752443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.841248989 CEST4434975392.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.841461897 CEST49753443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.947376013 CEST4434975492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.947549105 CEST4434975492.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.947767973 CEST49754443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.947767973 CEST49754443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.954262972 CEST4434975592.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.954396009 CEST4434975592.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.955279112 CEST49755443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:24.955279112 CEST49755443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:25.009186983 CEST4434975692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:25.009325981 CEST4434975692.223.124.62192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:25.011451006 CEST49756443192.168.2.1792.223.124.62
                                                                                                                                                                                                        Oct 24, 2024 14:43:25.011451006 CEST49756443192.168.2.1792.223.124.62

                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Oct 24, 2024 14:42:25.565884113 CEST137137192.168.2.17192.168.2.255
                                                                                                                                                                                                        Oct 24, 2024 14:42:26.324162960 CEST137137192.168.2.17192.168.2.255
                                                                                                                                                                                                        Oct 24, 2024 14:42:27.084378958 CEST137137192.168.2.17192.168.2.255
                                                                                                                                                                                                        Oct 24, 2024 14:42:42.977657080 CEST137137192.168.2.17192.168.2.255
                                                                                                                                                                                                        Oct 24, 2024 14:42:43.732251883 CEST137137192.168.2.17192.168.2.255
                                                                                                                                                                                                        Oct 24, 2024 14:42:44.493297100 CEST137137192.168.2.17192.168.2.255
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.642714024 CEST6047653192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.642880917 CEST5468553192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.650752068 CEST53604761.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.652024984 CEST53546851.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.654820919 CEST53602721.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.669182062 CEST53560381.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.892519951 CEST5448853192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.892832041 CEST5551753192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.911333084 CEST53544881.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.912647963 CEST53555171.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.921925068 CEST53648161.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.021688938 CEST6182953192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.021845102 CEST5083153192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.029342890 CEST53508311.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.029706955 CEST53618291.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.100033998 CEST5139753192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.100085020 CEST6018753192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.117511988 CEST53601871.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.118750095 CEST53513971.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.541603088 CEST53582681.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:22.793028116 CEST53580941.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.437565088 CEST5901153192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.437691927 CEST5355153192.168.2.171.1.1.1
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.446161032 CEST53590111.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.446451902 CEST53535511.1.1.1192.168.2.17
                                                                                                                                                                                                        Oct 24, 2024 14:43:41.296672106 CEST138138192.168.2.17192.168.2.255

                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.642714024 CEST192.168.2.171.1.1.10xde48Standard query (0)icecreamapps.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.642880917 CEST192.168.2.171.1.1.10x4f89Standard query (0)icecreamapps.com65IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.892519951 CEST192.168.2.171.1.1.10x1f31Standard query (0)static.icecreamapps.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.892832041 CEST192.168.2.171.1.1.10xb39fStandard query (0)static.icecreamapps.com65IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.021688938 CEST192.168.2.171.1.1.10xb460Standard query (0)icecreamapps.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.021845102 CEST192.168.2.171.1.1.10x5c75Standard query (0)icecreamapps.com65IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.100033998 CEST192.168.2.171.1.1.10xb75aStandard query (0)static.icecreamapps.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.100085020 CEST192.168.2.171.1.1.10x5a6Standard query (0)static.icecreamapps.com65IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.437565088 CEST192.168.2.171.1.1.10x5711Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.437691927 CEST192.168.2.171.1.1.10x55ecStandard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        Oct 24, 2024 14:43:18.650752068 CEST1.1.1.1192.168.2.170xde48No error (0)icecreamapps.com37.58.52.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.911333084 CEST1.1.1.1192.168.2.170x1f31No error (0)static.icecreamapps.comdi-3ihyifb9.vo.lswcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.911333084 CEST1.1.1.1192.168.2.170x1f31No error (0)di-3ihyifb9.vo.lswcdn.netcl-2d703670.gcdn.coCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.911333084 CEST1.1.1.1192.168.2.170x1f31No error (0)cl-2d703670.gcdn.co92.223.124.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.912647963 CEST1.1.1.1192.168.2.170xb39fNo error (0)static.icecreamapps.comdi-3ihyifb9.vo.lswcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:19.912647963 CEST1.1.1.1192.168.2.170xb39fNo error (0)di-3ihyifb9.vo.lswcdn.netcl-2d703670.gcdn.coCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.029706955 CEST1.1.1.1192.168.2.170xb460No error (0)icecreamapps.com37.58.52.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.117511988 CEST1.1.1.1192.168.2.170x5a6No error (0)static.icecreamapps.comdi-3ihyifb9.vo.lswcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.117511988 CEST1.1.1.1192.168.2.170x5a6No error (0)di-3ihyifb9.vo.lswcdn.netcl-2d703670.gcdn.coCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.118750095 CEST1.1.1.1192.168.2.170xb75aNo error (0)static.icecreamapps.comdi-3ihyifb9.vo.lswcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.118750095 CEST1.1.1.1192.168.2.170xb75aNo error (0)di-3ihyifb9.vo.lswcdn.netcl-2d703670.gcdn.coCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:21.118750095 CEST1.1.1.1192.168.2.170xb75aNo error (0)cl-2d703670.gcdn.co92.223.124.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.446161032 CEST1.1.1.1192.168.2.170x5711No error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 24, 2024 14:43:23.446451902 CEST1.1.1.1192.168.2.170x55ecNo error (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                        • slscr.update.microsoft.com
                                                                                                                                                                                                        • fs.microsoft.com
                                                                                                                                                                                                        • login.live.com
                                                                                                                                                                                                        • evoke-windowsservices-tas.msedge.net
                                                                                                                                                                                                        • www.bing.com
                                                                                                                                                                                                        • icecreamapps.com
                                                                                                                                                                                                        • https:
                                                                                                                                                                                                          • static.icecreamapps.com

                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        0192.168.2.17496974.175.87.197443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:42:35 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=x9SUlfM75X4bzF8&MD=Foo2cD4g HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                        Host: slscr.update.microsoft.com
                                                                                                                                                                                                        2024-10-24 12:42:35 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                        MS-CorrelationId: e22700f6-8579-447d-b6f6-4b6a334f95fa
                                                                                                                                                                                                        MS-RequestId: d1493e1b-ab7d-4277-af8b-698b241eb279
                                                                                                                                                                                                        MS-CV: 8GZUqZcb/EaMihv8.0
                                                                                                                                                                                                        X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:42:35 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 24490
                                                                                                                                                                                                        2024-10-24 12:42:35 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                        2024-10-24 12:42:35 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        1192.168.2.1749705184.28.90.27443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:42:42 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                        Host: fs.microsoft.com
                                                                                                                                                                                                        2024-10-24 12:42:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        ApiVersion: Distribute 1.1
                                                                                                                                                                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                        Server: ECAcc (lpl/EF06)
                                                                                                                                                                                                        X-CID: 11
                                                                                                                                                                                                        X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                        X-Ms-Region: prod-neu-z1
                                                                                                                                                                                                        Cache-Control: public, max-age=25978
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:42:43 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        X-CID: 2


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        2192.168.2.1749706184.28.90.27443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:42:44 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                        Range: bytes=0-2147483646
                                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                        Host: fs.microsoft.com
                                                                                                                                                                                                        2024-10-24 12:42:44 UTC514INHTTP/1.1 200 OK
                                                                                                                                                                                                        ApiVersion: Distribute 1.1
                                                                                                                                                                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                        Server: ECAcc (lpl/EF06)
                                                                                                                                                                                                        X-CID: 11
                                                                                                                                                                                                        X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                        X-Ms-Region: prod-weu-z1
                                                                                                                                                                                                        Cache-Control: public, max-age=25991
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:42:44 GMT
                                                                                                                                                                                                        Content-Length: 55
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        X-CID: 2
                                                                                                                                                                                                        2024-10-24 12:42:44 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        3192.168.2.174970820.190.159.64443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:42:45 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/soap+xml
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                        Content-Length: 3592
                                                                                                                                                                                                        Host: login.live.com
                                                                                                                                                                                                        2024-10-24 12:42:45 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                        2024-10-24 12:42:45 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                        Expires: Thu, 24 Oct 2024 12:41:45 GMT
                                                                                                                                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                        x-ms-route-info: C529_BL2
                                                                                                                                                                                                        x-ms-request-id: 68f03f38-d37a-4807-848b-5796f64bedd2
                                                                                                                                                                                                        PPServer: PPV: 30 H: BL02EPF00027911 V: 0
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:42:44 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 11392
                                                                                                                                                                                                        2024-10-24 12:42:45 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        4192.168.2.174970913.107.5.88443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:42:45 UTC537OUTGET /ab HTTP/1.1
                                                                                                                                                                                                        Host: evoke-windowsservices-tas.msedge.net
                                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                                        X-PHOTOS-CALLERID: 9NMPJ99VJBWV
                                                                                                                                                                                                        X-EVOKE-RING:
                                                                                                                                                                                                        X-WINNEXT-RING: Public
                                                                                                                                                                                                        X-WINNEXT-TELEMETRYLEVEL: Basic
                                                                                                                                                                                                        X-WINNEXT-OSVERSION: 10.0.19045.0
                                                                                                                                                                                                        X-WINNEXT-APPVERSION: 1.23082.131.0
                                                                                                                                                                                                        X-WINNEXT-PLATFORM: Desktop
                                                                                                                                                                                                        X-WINNEXT-CANTAILOR: False
                                                                                                                                                                                                        X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}
                                                                                                                                                                                                        X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=
                                                                                                                                                                                                        If-None-Match: 2056388360_-1434155563
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        2024-10-24 12:42:45 UTC209INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                        X-MSEdge-Ref: Ref A: ABD221C41CC74E0684C01C1D58F4CBCD Ref B: DFW311000106033 Ref C: 2024-10-24T12:42:45Z
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:42:44 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 0


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        5192.168.2.174971020.190.159.64443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:42:46 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/soap+xml
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                        Content-Length: 4775
                                                                                                                                                                                                        Host: login.live.com
                                                                                                                                                                                                        2024-10-24 12:42:46 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                        2024-10-24 12:42:47 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                        Expires: Thu, 24 Oct 2024 12:41:47 GMT
                                                                                                                                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                        x-ms-route-info: C529_SN1
                                                                                                                                                                                                        x-ms-request-id: e87c03df-9d90-42c6-ab6f-5b58c1d10786
                                                                                                                                                                                                        PPServer: PPV: 30 H: SN1PEPF0002FA87 V: 0
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:42:46 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 11392
                                                                                                                                                                                                        2024-10-24 12:42:47 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        6192.168.2.174971120.190.159.64443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:42:48 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/soap+xml
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                        Content-Length: 4808
                                                                                                                                                                                                        Host: login.live.com
                                                                                                                                                                                                        2024-10-24 12:42:48 UTC4808OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                        2024-10-24 12:42:48 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                        Expires: Thu, 24 Oct 2024 12:41:48 GMT
                                                                                                                                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                        x-ms-route-info: C529_SN1
                                                                                                                                                                                                        x-ms-request-id: aab7ed1a-fad8-4010-a2e4-b7b88f570019
                                                                                                                                                                                                        PPServer: PPV: 30 H: SN1PEPF0002F1B0 V: 0
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:42:48 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 11197
                                                                                                                                                                                                        2024-10-24 12:42:48 UTC11197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        7192.168.2.17497122.23.209.154443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:42:49 UTC2587OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
                                                                                                                                                                                                        X-Search-CortanaAvailableCapabilities: None
                                                                                                                                                                                                        X-Search-SafeSearch: Moderate
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                                                                                                        X-UserAgeClass: Unknown
                                                                                                                                                                                                        X-BM-Market: CH
                                                                                                                                                                                                        X-BM-DateFormat: dd/MM/yyyy
                                                                                                                                                                                                        X-Device-OSSKU: 48
                                                                                                                                                                                                        X-BM-DTZ: -240
                                                                                                                                                                                                        X-DeviceID: 01000A41090080B6
                                                                                                                                                                                                        X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                                                                                                        X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
                                                                                                                                                                                                        X-BM-Theme: 000000;0078d7
                                                                                                                                                                                                        X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAVkny3l8ADmu2b%2BEKKgzCpdTAWFDUfQu6sWyczB%2BfWyiQm4dLJoGC3v2bPV21Kqef8rxlKD68%2BLYFpCyxvv8jPDVg6hQFB9x/VUkTw5FiK9YI6bQFpazgHSjzaKaJQurF%2BTLIGvKfusQS1iWjoRhE8zgVgtN9U85w06NQL/7LfhN6s5XGb8uQ4JrZGHEq8f5uf0EAJKrbX%2BdfzMCPGY6srpGMUfBCQ1h5IrPLf9IPd9LYJsr9vUNXZAN4fP/PYoSQOE9dF025nmqRozekVT7MBBhnWD6gKz4IGR4SV3igJaIRrlFmbaMFFZkahBmHv4BN/95jYoox6u9ikKlWI574LUQZgAAEHyBpcfvcRVb34lM2kYbMC6wATSCqNC9%2BSzjtig7VScBAHn/SP0CO04%2BclPjHV6QSG12UUzG0pflF%2BXwt9ft420zzNVL5KlixrnpPNRmvJuSKrTOQfedTaagQLvmLx9BYZeKNgqiT1IltQ2tixFvOhtBSpCzqQdwJdi/9LPYxc6N02NicgV5QzBpuOh7/RbB98wUSZgrPIpukABMa1ysLAlagyXOQM/fy//68h0F2lv9cFU7FLVY2MAxpqATUTLoqywbGCeKqCcAhDN%2BtxbGjg/pGKzeFZ8AKuZNwwGv/vG7u1Pi71iBwR2wo1NoRKUOb/uEeUxKo0u77uiWpMe5%2Bx0RG6l9UnY/0XYz9vdDsIIfPJ9fpxE7RP6hLxAb4Q39SEYfuc/SrK1ura%2BQc5hnCK0Yo92dqDQHc43/%2ByKmt2FbvrNPFBCWah62EjLXykT8Dx4p4D3R0Ux/d9j%2B5acObnVoy4POdtm6vLt58F%2BF6ki0nChZkj2A0EszEouSKlgc4A1dBFfg5Q/74Xhr%2BTF5SJkCuHVWwzT9m9UkzCw6Zgifu/O3bgjd7niGijpTmXIEpKgWjd2 [TRUNCATED]
                                                                                                                                                                                                        X-Agent-DeviceId: 01000A41090080B6
                                                                                                                                                                                                        X-BM-CBT: 1729773762
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                        X-Device-isOptin: false
                                                                                                                                                                                                        Accept-language: en-GB, en, en-US
                                                                                                                                                                                                        X-Device-Touch: false
                                                                                                                                                                                                        X-Device-ClientSession: BC21A450E04C4969947AF78C26526D18
                                                                                                                                                                                                        X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                                                                                                        Host: www.bing.com
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                                                                                                                                                                                        2024-10-24 12:42:50 UTC1148INHTTP/1.1 200 OK
                                                                                                                                                                                                        Content-Length: 2215
                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                        X-EventID: 671a40c958324d6bba36b5a457b1b251
                                                                                                                                                                                                        X-AS-SetSessionMarket: de-ch
                                                                                                                                                                                                        UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                        P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:42:49 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: _EDGE_S=SID=261CD238BAEE638E07A9C71ABBC66292&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
                                                                                                                                                                                                        Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Tue, 18-Nov-2025 12:42:49 GMT; path=/; secure; SameSite=None
                                                                                                                                                                                                        Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
                                                                                                                                                                                                        Set-Cookie: _SS=SID=261CD238BAEE638E07A9C71ABBC66292; domain=.bing.com; path=/; secure; SameSite=None
                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=93600
                                                                                                                                                                                                        X-CDN-TraceID: 0.1ad01702.1729773769.114d357a
                                                                                                                                                                                                        2024-10-24 12:42:50 UTC2215INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
                                                                                                                                                                                                        Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        8192.168.2.17497134.175.87.197443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:14 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=x9SUlfM75X4bzF8&MD=Foo2cD4g HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                        Host: slscr.update.microsoft.com
                                                                                                                                                                                                        2024-10-24 12:43:14 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                        ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                                                        MS-CorrelationId: b4b24f98-a4d1-44b0-9432-724598656d7e
                                                                                                                                                                                                        MS-RequestId: c38b541d-71b8-4575-8b52-51b2eaa2fe27
                                                                                                                                                                                                        MS-CV: 6STrsGz3gk2Lq8SE.0
                                                                                                                                                                                                        X-Microsoft-SLSClientCache: 1440
                                                                                                                                                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:14 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 30005
                                                                                                                                                                                                        2024-10-24 12:43:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                                                        Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                                                        2024-10-24 12:43:14 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                                                                        Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        9192.168.2.174971537.58.52.1494436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:19 UTC690OUTGET /PDF-Editor/thankyou.html?v=3.27 HTTP/1.1
                                                                                                                                                                                                        Host: icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        2024-10-24 12:43:19 UTC532INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:19 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; path=/
                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Set-Cookie: ic_d=671a40e799a863.45409504; expires=Sat, 24-Oct-2026 12:43:19 GMT; Max-Age=63072000; path=/; domain=icecreamapps.com
                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                        2024-10-24 12:43:19 UTC15852INData Raw: 31 64 30 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 49 63 65 63 72 65 61 6d 20 50 44 46 20 45 64 69 74 6f 72 20 69 6e 73 74 61 6c 6c 65 64 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 69 63 65
                                                                                                                                                                                                        Data Ascii: 1d09<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Icecream PDF Editor installed!</title> <meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1"> <link rel="preconnect" href="https://static.ice
                                                                                                                                                                                                        2024-10-24 12:43:19 UTC16384INData Raw: 61 6e 67 5f 77 72 61 70 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6c 65 74 20 6f 3d 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 70 6f 70 75 70 2d 63 6f 6e 74 65 6e 74 22 29 3b 6e 3d 6e 7c 7c 65 2e 63 6f 6e 74 61 69 6e 73 28 74 2e 74 61 72 67 65 74 29 7c 7c 6f 2e 63 6f 6e 74 61 69 6e 73 28 74 2e 74 61 72 67 65 74 29 7d 29 2c 21 6e 29 7b 6c 65 74 20 65 3d 6f 28 22 2e 6c 61 6e 67 5f 77 72 61 70 20 2e 70 6f 70 75 70 2d 63 6f 6e 74 65 6e 74 22 29 3b 65 26 26 65 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 64 2d 66 6c 65 78 22 29 26 26 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 6e 7c 7c 4d 28 29 2c 6f 28 22 2e 73 65 6c 65 63 74 5f 62 74 6e 22 29 26 26 28 6f 28 22 2e 73 65 6c 65 63 74 5f 62 74 6e 22 29 2e 63 6f 6e 74
                                                                                                                                                                                                        Data Ascii: ang_wrap").forEach(e=>{let o=e.querySelector(".popup-content");n=n||e.contains(t.target)||o.contains(t.target)}),!n){let e=o(".lang_wrap .popup-content");e&&e.classList.contains("d-flex")&&t.preventDefault()}n||M(),o(".select_btn")&&(o(".select_btn").cont
                                                                                                                                                                                                        2024-10-24 12:43:19 UTC16384INData Raw: 20 20 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 67 5f 6f 76 65 72 6c 61 79 22 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 21 2d 2d 20 3c 69 6d 67 20 73 72 63 3d 22 2f 77 77 77 2f 69 6d 61 67 65 73 2f 63 6f 6e 74 65 6e 74 2f 74 68 61 6e 6b 79 6f 75 5f 65 64 69 74 6f 72 5f 62 67 2e 73 76 67 22 20 63 6c 61 73 73 3d 22 62 67 22 20 61 6c 74 3d 22 22 3e 20 2d 2d 3e 0a 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 63 65 5f 62 67 5f 77 72 61 70 20 6e 6f 73 65 6c 65 63 74 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                                                                                                        Data Ascii: </button> </div> <div class="bg_overlay"> </div> ... <img src="/www/images/content/thankyou_editor_bg.svg" class="bg" alt=""> --></a> </div> <div class="ice_bg_wrap noselect"> <div class="
                                                                                                                                                                                                        2024-10-24 12:43:19 UTC1160INData Raw: 72 73 68 69 70 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6d 62 2d 34 20 6d 61 69 6e 2d 66 6f 6f 74 65 72 2d 6c 69 6e 6b 22 3e 50 61 72 74 6e 65 72 73 68 69 70 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 66 6f 6f 74 65 72 5f 5f 73 65 63 74 69 6f 6e 2d 68 22 3e 48 65 6c 70 20 43 65 6e 74 65 72 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 6c 65 61 72 6e 2f 22 20 63 6c 61 73 73 3d 22 6d 62 2d 34 20 6d 61 69 6e 2d 66 6f 6f 74 65 72
                                                                                                                                                                                                        Data Ascii: rship.html" class="mb-4 main-footer-link">Partnership</a> </div> </div> <div class="column"> <div class="main-footer__section-h">Help Center</div> <div class="d-flex flex-column"> <a href="/learn/" class="mb-4 main-footer


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        10192.168.2.174972037.58.52.1494436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:20 UTC713OUTGET /www/images/content/thank2.svg HTTP/1.1
                                                                                                                                                                                                        Host: icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC381INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:20 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 4140
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "6565e1d5-102c"
                                                                                                                                                                                                        Expires: Fri, 24 Oct 2025 12:43:20 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC4140INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 36 34 31 22 20 68 65 69 67 68 74 3d 22 35 36 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 6d 61 73 6b 20 69 64 3d 22 62 22 20 73 74 79 6c 65 3d 22 6d 61 73 6b 2d 74 79 70 65 3a 61 6c 70 68 61 22 20 6d 61 73 6b 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 3d 22 30 22 20 79 3d 22 2d 38 30 22 20 77 69 64 74 68 3d 22 36 34 30 22 20 68 65 69 67 68 74 3d 22 36 34 30 22 3e 3c 63 69 72 63 6c 65 20 63 78 3d 22 33 32 30 22 20 63 79 3d 22 32 34 30 22 20 72 3d 22 33 32 30 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 61 29 22 2f 3e 3c 2f 6d 61 73 6b 3e 3c 67 20 6d 61 73 6b 3d 22 75 72 6c 28 23 62 29 22 3e
                                                                                                                                                                                                        Data Ascii: <svg width="641" height="560" fill="none" xmlns="http://www.w3.org/2000/svg"><mask id="b" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="0" y="-80" width="640" height="640"><circle cx="320" cy="240" r="320" fill="url(#a)"/></mask><g mask="url(#b)">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        11192.168.2.174972237.58.52.1494436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:20 UTC712OUTGET /www/images/content/thank.svg HTTP/1.1
                                                                                                                                                                                                        Host: icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC381INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:20 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 6675
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "6565e1d5-1a13"
                                                                                                                                                                                                        Expires: Fri, 24 Oct 2025 12:43:20 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC6675INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 37 36 30 22 20 68 65 69 67 68 74 3d 22 31 34 39 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 37 22 20 66 69 6c 6c 3d 22 23 31 30 43 33 35 38 22 3e 3c 70 61 74 68 20 64 3d 22 4d 36 35 30 2e 35 35 37 20 31 30 33 2e 33 35 34 61 32 2e 33 31 34 20 32 2e 33 31 34 20 30 20 30 20 30 2d 2e 33 37 31 2d 2e 37 37 33 20 32 2e 32 34 36 20 32 2e 32 34 36 20 30 20 30 20 30 2d 2e 36 32 31 2d 2e 35 37 34 20 32 2e 31 20 32 2e 31 20 30 20 30 20 30 2d 2e 37 37 37 2d 2e 32 38 36 20 31 2e 39 38 39 20 31 2e 39 38 39 20 30 20 30 20 30 2d 2e 38 31 33 2e 30 34 35 6c 2d 35 2e 30 38 20 31 2e 33 36 31 61 2e 32
                                                                                                                                                                                                        Data Ascii: <svg width="760" height="149" fill="none" xmlns="http://www.w3.org/2000/svg"><g opacity=".7" fill="#10C358"><path d="M650.557 103.354a2.314 2.314 0 0 0-.371-.773 2.246 2.246 0 0 0-.621-.574 2.1 2.1 0 0 0-.777-.286 1.989 1.989 0 0 0-.813.045l-5.08 1.361a.2


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        12192.168.2.174972137.58.52.1494436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:20 UTC723OUTGET /www/images/content/illustration-box.svg HTTP/1.1
                                                                                                                                                                                                        Host: icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC381INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:20 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 5427
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "6565e1d5-1533"
                                                                                                                                                                                                        Expires: Fri, 24 Oct 2025 12:43:20 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC5427INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 34 32 36 22 20 68 65 69 67 68 74 3d 22 33 30 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 61 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 31 36 2e 36 36 38 20 32 34 38 2e 33 30 35 68 39 36 76 2d 36 37 2e 37 37 31 6c 2d 39 36 20 31 39 2e 32 76 34 38 2e 35 37 31 5a 22 20 66 69 6c 6c 3d 22 23 35 45 35 41 35 36 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 30 38 2e 36 36 38 20 32 34 38 2e 33 30 35 68 2d 39 36 76 2d 36 37 2e 37 37 31 6c 39 36 20 31 39 2e 32 76 34 38 2e 35 37 31 5a 22 20 66 69 6c 6c 3d 22 23 36 38 36 37 36 34 22 2f 3e 3c 70 61 74 68 20 6f 70 61 63 69 74 79
                                                                                                                                                                                                        Data Ascii: <svg width="426" height="300" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#a)"><path d="M116.668 248.305h96v-67.771l-96 19.2v48.571Z" fill="#5E5A56"/><path d="M308.668 248.305h-96v-67.771l96 19.2v48.571Z" fill="#686764"/><path opacity


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        13192.168.2.174971992.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:20 UTC596OUTGET /www/index.css?f12bd40a HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: style
                                                                                                                                                                                                        Referer: https://icecreamapps.com/
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC507INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:20 GMT
                                                                                                                                                                                                        Content-Type: text/css; charset=utf-8
                                                                                                                                                                                                        Content-Length: 433871
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Thu, 10 Oct 2024 12:53:22 GMT
                                                                                                                                                                                                        ETag: "6707ce42-69ecf"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 16:16:39 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        traceparent: 00-59a3caaab34d02f3b381e557d0fc743c-88c73c72f4027536-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc34
                                                                                                                                                                                                        Age: 851201
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T16:16:39+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc34
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC15877INData Raw: 40 69 6d 70 6f 72 74 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 29 3b 0a 2e 73 76 67 2d 46 61 63 65 62 6f 6f 6b 2c 2e 73 76 67 2d 53 63 68 65 64 75 6c 65 2c 2e 73 76 67 2d 58 2c 2e 73 76 67 2d 61 72 2c 2e 73 76 67 2d 61 72 72 6f 77 5f 64 72 6f 70 5f 64 6f 77 6e 2c 2e 73 76 67 2d 61 72 72 6f 77 5f 64 72 6f 70 64 6f 77 6e 2c 2e 73 76 67 2d 62 69 2c 2e 73 76 67 2d 63 61 6c 65 6e 64 61 72 2c 2e 73 76 67 2d 63 68 2c 2e 73 76 67 2d 63 6f 6d 70 72 65 73 73 5f 63 6f 6e 76 65 72 74 65 72
                                                                                                                                                                                                        Data Ascii: @import url(https://fonts.googleapis.com/css2?family=Inter:wght@400;700&family=Montserrat:wght@400;700&display=swap);.svg-Facebook,.svg-Schedule,.svg-X,.svg-ar,.svg-arrow_drop_down,.svg-arrow_dropdown,.svg-bi,.svg-calendar,.svg-ch,.svg-compress_converter
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC16384INData Raw: 68 74 3a 31 35 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78 7d 2e 63 6f 6c 7b 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 65 64 2d 73 69 7a 65 3a 30 3b 66 6c 65 78 2d 62 61 73 69 73 3a 30 3b 2d 6d 73 2d 66 6c 65 78 2d 70 6f 73 69 74 69 76 65 3a 31 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 31 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 32 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 33 3e 2a 7b 2d 6d 73 2d 66
                                                                                                                                                                                                        Data Ascii: ht:15px;padding-left:15px}.col{-ms-flex-preferred-size:0;flex-basis:0;-ms-flex-positive:1;flex-grow:1;max-width:100%}.row-cols-1>*{-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.row-cols-2>*{-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.row-cols-3>*{-ms-f
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC22INData Raw: 64 74 68 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 61 75
                                                                                                                                                                                                        Data Ascii: dth:100%;overflow-x:au
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC16384INData Raw: 74 6f 3b 2d 77 65 62 6b 69 74 2d 6f 76 65 72 66 6c 6f 77 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 2d 6c 67 3e 2e 74 61 62 6c 65 2d 62 6f 72 64 65 72 65 64 7b 62 6f 72 64 65 72 3a 30 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 31 39 39 2e 39 38 70 78 29 7b 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 2d 78 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 61 75 74 6f 3b 2d 77 65 62 6b 69 74 2d 6f 76 65 72 66 6c 6f 77 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 2d 78 6c 3e 2e 74 61 62 6c 65 2d 62 6f 72 64 65 72 65 64 7b 62 6f 72 64 65 72 3a 30 7d 7d 2e
                                                                                                                                                                                                        Data Ascii: to;-webkit-overflow-scrolling:touch}.table-responsive-lg>.table-bordered{border:0}}@media (max-width:1199.98px){.table-responsive-xl{display:block;width:100%;overflow-x:auto;-webkit-overflow-scrolling:touch}.table-responsive-xl>.table-bordered{border:0}}.
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC16384INData Raw: 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 2e 62 74 6e 2d 69 6e 66 6f 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 2e 73 68 6f 77 3e 2e 62 74 6e 2d 69 6e 66 6f 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 72 65 6d 20 72 67 62 61 28 35 38 2c 31 37 36 2c 31 39 35 2c 2e 35 29 7d 2e 62 74 6e 2d 77 61 72 6e 69 6e 67 7b 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 63 31 30 37 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 66 66 63 31 30 37 7d 2e 62 74 6e 2d 77 61 72 6e 69 6e 67 3a 68
                                                                                                                                                                                                        Data Ascii: bled):not(.disabled).active:focus,.btn-info:not(:disabled):not(.disabled):active:focus,.show>.btn-info.dropdown-toggle:focus{box-shadow:0 0 0 .2rem rgba(58,176,195,.5)}.btn-warning{color:#212529;background-color:#ffc107;border-color:#ffc107}.btn-warning:h
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC16384INData Raw: 70 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2d 6d 73 2d 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 2e 69 6e 70 75 74 2d 67 72 6f 75 70 3e 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2b 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 3e 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2b 2e 63 75 73 74 6f 6d 2d 73 65 6c 65 63 74 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 3e 2e 63 75 73 74 6f 6d 2d 66 69 6c 65 2b 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 2e 69 6e 70 75 74 2d 67 72 6f 75 70 3e 2e 63 75 73 74 6f 6d 2d 73
                                                                                                                                                                                                        Data Ascii: p>.form-control-plaintext{position:relative;-ms-flex:1 1 auto;flex:1 1 auto;width:1%;min-width:0;margin-bottom:0}.input-group>.custom-file+.custom-file,.input-group>.custom-file+.custom-select,.input-group>.custom-file+.form-control,.input-group>.custom-s
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC16384INData Raw: 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70 61 64 64 69 6e 67 3a 2e 35 72 65 6d 20 31 72 65 6d 7d 2e 6e 61 76 62 61 72 20 2e 63 6f 6e 74 61 69 6e 65 72 2c 2e 6e 61 76 62 61 72 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 66 6c 75 69 64 2c 2e 6e 61 76 62 61 72 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 6c 67 2c 2e 6e 61 76 62 61 72 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 6d 64 2c 2e 6e 61 76 62 61 72 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 2c 2e 6e 61 76 62 61 72 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 78 6c 7b 64 69 73 70 6c 61 79 3a 2d 6d 73
                                                                                                                                                                                                        Data Ascii: -ms-flex-align:center;align-items:center;-ms-flex-pack:justify;justify-content:space-between;padding:.5rem 1rem}.navbar .container,.navbar .container-fluid,.navbar .container-lg,.navbar .container-md,.navbar .container-sm,.navbar .container-xl{display:-ms
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC16384INData Raw: 20 72 67 62 61 28 32 35 35 2c 31 39 33 2c 37 2c 2e 35 29 7d 2e 62 61 64 67 65 2d 64 61 6e 67 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 63 33 35 34 35 7d 61 2e 62 61 64 67 65 2d 64 61 6e 67 65 72 3a 66 6f 63 75 73 2c 61 2e 62 61 64 67 65 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 31 33 30 7d 61 2e 62 61 64 67 65 2d 64 61 6e 67 65 72 2e 66 6f 63 75 73 2c 61 2e 62 61 64 67 65 2d 64 61 6e 67 65 72 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 3a 30 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 72 65 6d 20 72 67 62 61 28 32 32 30 2c 35 33 2c 36 39 2c 2e 35 29 7d 2e 62 61 64 67 65 2d 6c 69 67 68 74 7b
                                                                                                                                                                                                        Data Ascii: rgba(255,193,7,.5)}.badge-danger{color:#fff;background-color:#dc3545}a.badge-danger:focus,a.badge-danger:hover{color:#fff;background-color:#bd2130}a.badge-danger.focus,a.badge-danger:focus{outline:0;box-shadow:0 0 0 .2rem rgba(220,53,69,.5)}.badge-light{
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC16384INData Raw: 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 62 6f 74 74 6f 6d 5d 20 2e 61 72 72 6f 77 2c 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 62 6f 74 74 6f 6d 20 2e 61 72 72 6f 77 7b 74 6f 70 3a 30 7d 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 62 6f 74 74 6f 6d 5d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 62 6f 74 74 6f 6d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 7b 62 6f 74 74 6f 6d 3a 30 3b 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 30 20 2e 34 72 65 6d 20 2e 34 72 65 6d 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 30 30 30 7d 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 6c 65 66 74 5d 2c 2e 62 73 2d 74 6f 6f 6c 74
                                                                                                                                                                                                        Data Ascii: o[x-placement^=bottom] .arrow,.bs-tooltip-bottom .arrow{top:0}.bs-tooltip-auto[x-placement^=bottom] .arrow::before,.bs-tooltip-bottom .arrow::before{bottom:0;border-width:0 .4rem .4rem;border-bottom-color:#000}.bs-tooltip-auto[x-placement^=left],.bs-toolt
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC16384INData Raw: 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 62 65 74 77 65 65 6e 7b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 21 69 6d 70 6f 72 74 61 6e 74 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 61 72 6f 75 6e 64 7b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 64 69 73 74 72 69 62 75 74 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 61 72 6f 75 6e 64 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 73 74 61 72 74 7b 2d 6d 73 2d 66 6c 65 78 2d
                                                                                                                                                                                                        Data Ascii: ustify-content:center!important}.justify-content-between{-ms-flex-pack:justify!important;justify-content:space-between!important}.justify-content-around{-ms-flex-pack:distribute!important;justify-content:space-around!important}.align-items-start{-ms-flex-


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        14192.168.2.174971892.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:20 UTC654OUTGET /www/images/content/header-logo.svg HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://icecreamapps.com/
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC527INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:20 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 15858
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        ETag: "6565e1d5-3df2"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 11:47:58 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        traceparent: 00-110324d43087de3d6a28a2fc34d764b0-fe4b29bb68f1e356-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc36
                                                                                                                                                                                                        Age: 867321
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T11:47:59+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc36
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC14855INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 32 30 33 22 20 68 65 69 67 68 74 3d 22 34 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 30 33 20 34 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 39 2e 34 37 36 31 37 20 32 31 2e 33 43 39 2e 34 37 36 31 37 20 32 31 2e 33 20 39 2e 30 35 34 36 39 20 33 33 2e 36 32 39 38 20 39 2e 30 35 34 36 39 20 33 35 2e 33 35 37 33 43 39 2e 30 35 34 36 39 20 33 36 2e 39 36 34 34 20 39 2e 38 35 38 32 36 20 33 37 2e 36 37 38 37 20 31 31 2e 30 35 30 38 20 33 37 2e 36 37 38 37 43 31 31 2e 35 36 36 34 20 33 37 2e 36 37 38 37 20 31 32 2e 30 36 32 20 33 37 2e 34 38 30 31 20 31 32 2e 34 33 33 38 20 33 37
                                                                                                                                                                                                        Data Ascii: <svg width="203" height="40" viewBox="0 0 203 40" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M9.47617 21.3C9.47617 21.3 9.05469 33.6298 9.05469 35.3573C9.05469 36.9644 9.85826 37.6787 11.0508 37.6787C11.5664 37.6787 12.062 37.4801 12.4338 37
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC1003INData Raw: 31 36 43 31 30 35 2e 38 35 37 20 31 34 2e 31 30 31 36 20 31 30 36 2e 38 38 31 20 31 34 2e 33 32 39 32 20 31 30 37 2e 36 39 31 20 31 34 2e 37 38 34 35 43 31 30 38 2e 35 20 31 35 2e 32 33 39 38 20 31 30 39 2e 31 30 37 20 31 35 2e 38 32 31 36 20 31 30 39 2e 35 31 32 20 31 36 2e 35 32 39 38 43 31 30 39 2e 39 31 37 20 31 37 2e 32 33 38 31 20 31 31 30 2e 31 31 39 20 31 37 2e 39 38 34 32 20 31 31 30 2e 31 31 39 20 31 38 2e 37 36 38 34 43 31 31 30 2e 31 31 39 20 32 30 2e 30 38 33 37 20 31 30 39 2e 35 33 37 20 32 30 2e 37 34 31 33 20 31 30 38 2e 33 37 34 20 32 30 2e 37 34 31 33 48 31 30 32 2e 30 37 35 43 31 30 31 2e 38 37 33 20 32 30 2e 37 34 31 33 20 31 30 31 2e 37 37 32 20 32 30 2e 38 36 37 38 20 31 30 31 2e 37 37 32 20 32 31 2e 31 32 30 37 43 31 30 31 2e 37 37
                                                                                                                                                                                                        Data Ascii: 16C105.857 14.1016 106.881 14.3292 107.691 14.7845C108.5 15.2398 109.107 15.8216 109.512 16.5298C109.917 17.2381 110.119 17.9842 110.119 18.7684C110.119 20.0837 109.537 20.7413 108.374 20.7413H102.075C101.873 20.7413 101.772 20.8678 101.772 21.1207C101.77


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        15192.168.2.174972492.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:20 UTC655OUTGET /www/images/content/icecreams_bg.svg HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://icecreamapps.com/
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC526INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:20 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 7794
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        ETag: "6565e1d5-1e72"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 11:49:51 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        traceparent: 00-e3e6eb1b8a94007d25712a600eebf4f1-65a6b871136621ca-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc36
                                                                                                                                                                                                        Age: 867209
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T11:49:51+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc36
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC7688INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 36 30 30 22 20 68 65 69 67 68 74 3d 22 34 30 36 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 33 30 32 2e 32 34 35 20 32 38 34 2e 35 30 37 73 2d 32 2e 34 36 34 20 37 32 2e 30 37 33 2d 32 2e 34 36 34 20 38 32 2e 31 37 31 63 30 20 39 2e 33 39 34 20 34 2e 36 39 37 20 31 33 2e 35 37 20 31 31 2e 36 36 38 20 31 33 2e 35 37 61 31 31 2e 37 20 31 31 2e 37 20 30 20 30 20 30 20 38 2e 30 38 35 2d 33 2e 32 34 31 6c 37 35 2e 30 36 38 2d 37 31 2e 34 35 35 63 2d 38 2e 37 36 38 20 30 2d 31 34 2e 37 35 2d 31 2e 33 32 33 2d 32 32 2e 32 31 32 2d 36 2e 34 33 2d 31 31 2e 31 30 36 2d 37 2e 36 2d 31 39 2e 32 39 2d
                                                                                                                                                                                                        Data Ascii: <svg width="600" height="406" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M302.245 284.507s-2.464 72.073-2.464 82.171c0 9.394 4.697 13.57 11.668 13.57a11.7 11.7 0 0 0 8.085-3.241l75.068-71.455c-8.768 0-14.75-1.323-22.212-6.43-11.106-7.6-19.29-
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC106INData Raw: 68 61 70 65 22 2f 3e 3c 66 65 47 61 75 73 73 69 61 6e 42 6c 75 72 20 73 74 64 44 65 76 69 61 74 69 6f 6e 3d 22 35 22 20 72 65 73 75 6c 74 3d 22 65 66 66 65 63 74 31 5f 66 6f 72 65 67 72 6f 75 6e 64 42 6c 75 72 5f 31 36 35 37 5f 35 31 32 39 37 22 2f 3e 3c 2f 66 69 6c 74 65 72 3e 3c 2f 64 65 66 73 3e 3c 2f 73 76 67 3e
                                                                                                                                                                                                        Data Ascii: hape"/><feGaussianBlur stdDeviation="5" result="effect1_foregroundBlur_1657_51297"/></filter></defs></svg>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        16192.168.2.174972637.58.52.1494436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC445OUTGET /www/images/content/thank2.svg HTTP/1.1
                                                                                                                                                                                                        Host: icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC381INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:21 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 4140
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "6565e1d5-102c"
                                                                                                                                                                                                        Expires: Fri, 24 Oct 2025 12:43:21 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC4140INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 36 34 31 22 20 68 65 69 67 68 74 3d 22 35 36 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 6d 61 73 6b 20 69 64 3d 22 62 22 20 73 74 79 6c 65 3d 22 6d 61 73 6b 2d 74 79 70 65 3a 61 6c 70 68 61 22 20 6d 61 73 6b 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 3d 22 30 22 20 79 3d 22 2d 38 30 22 20 77 69 64 74 68 3d 22 36 34 30 22 20 68 65 69 67 68 74 3d 22 36 34 30 22 3e 3c 63 69 72 63 6c 65 20 63 78 3d 22 33 32 30 22 20 63 79 3d 22 32 34 30 22 20 72 3d 22 33 32 30 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 61 29 22 2f 3e 3c 2f 6d 61 73 6b 3e 3c 67 20 6d 61 73 6b 3d 22 75 72 6c 28 23 62 29 22 3e
                                                                                                                                                                                                        Data Ascii: <svg width="641" height="560" fill="none" xmlns="http://www.w3.org/2000/svg"><mask id="b" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="0" y="-80" width="640" height="640"><circle cx="320" cy="240" r="320" fill="url(#a)"/></mask><g mask="url(#b)">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        17192.168.2.174972737.58.52.1494436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC444OUTGET /www/images/content/thank.svg HTTP/1.1
                                                                                                                                                                                                        Host: icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC381INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:21 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 6675
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "6565e1d5-1a13"
                                                                                                                                                                                                        Expires: Fri, 24 Oct 2025 12:43:21 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC6675INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 37 36 30 22 20 68 65 69 67 68 74 3d 22 31 34 39 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 37 22 20 66 69 6c 6c 3d 22 23 31 30 43 33 35 38 22 3e 3c 70 61 74 68 20 64 3d 22 4d 36 35 30 2e 35 35 37 20 31 30 33 2e 33 35 34 61 32 2e 33 31 34 20 32 2e 33 31 34 20 30 20 30 20 30 2d 2e 33 37 31 2d 2e 37 37 33 20 32 2e 32 34 36 20 32 2e 32 34 36 20 30 20 30 20 30 2d 2e 36 32 31 2d 2e 35 37 34 20 32 2e 31 20 32 2e 31 20 30 20 30 20 30 2d 2e 37 37 37 2d 2e 32 38 36 20 31 2e 39 38 39 20 31 2e 39 38 39 20 30 20 30 20 30 2d 2e 38 31 33 2e 30 34 35 6c 2d 35 2e 30 38 20 31 2e 33 36 31 61 2e 32
                                                                                                                                                                                                        Data Ascii: <svg width="760" height="149" fill="none" xmlns="http://www.w3.org/2000/svg"><g opacity=".7" fill="#10C358"><path d="M650.557 103.354a2.314 2.314 0 0 0-.371-.773 2.246 2.246 0 0 0-.621-.574 2.1 2.1 0 0 0-.777-.286 1.989 1.989 0 0 0-.813.045l-5.08 1.361a.2


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        18192.168.2.174972837.58.52.1494436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC455OUTGET /www/images/content/illustration-box.svg HTTP/1.1
                                                                                                                                                                                                        Host: icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: PHPSESSID=h19tt2k3grrssobbu73hh3ucle; ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC381INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:21 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 5427
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        ETag: "6565e1d5-1533"
                                                                                                                                                                                                        Expires: Fri, 24 Oct 2025 12:43:21 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC5427INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 34 32 36 22 20 68 65 69 67 68 74 3d 22 33 30 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 61 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 31 36 2e 36 36 38 20 32 34 38 2e 33 30 35 68 39 36 76 2d 36 37 2e 37 37 31 6c 2d 39 36 20 31 39 2e 32 76 34 38 2e 35 37 31 5a 22 20 66 69 6c 6c 3d 22 23 35 45 35 41 35 36 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 30 38 2e 36 36 38 20 32 34 38 2e 33 30 35 68 2d 39 36 76 2d 36 37 2e 37 37 31 6c 39 36 20 31 39 2e 32 76 34 38 2e 35 37 31 5a 22 20 66 69 6c 6c 3d 22 23 36 38 36 37 36 34 22 2f 3e 3c 70 61 74 68 20 6f 70 61 63 69 74 79
                                                                                                                                                                                                        Data Ascii: <svg width="426" height="300" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#a)"><path d="M116.668 248.305h96v-67.771l-96 19.2v48.571Z" fill="#5E5A56"/><path d="M308.668 248.305h-96v-67.771l96 19.2v48.571Z" fill="#686764"/><path opacity


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        19192.168.2.174972992.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:21 UTC420OUTGET /www/images/content/icecreams_bg.svg HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC526INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:22 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 7794
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        ETag: "6565e1d5-1e72"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 16:18:23 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        traceparent: 00-1b4a3bbe111f65b100b900c6a63c0edb-2af26ab4dd8f3dad-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc34
                                                                                                                                                                                                        Age: 851099
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T16:18:23+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc34
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC7794INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 36 30 30 22 20 68 65 69 67 68 74 3d 22 34 30 36 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 33 30 32 2e 32 34 35 20 32 38 34 2e 35 30 37 73 2d 32 2e 34 36 34 20 37 32 2e 30 37 33 2d 32 2e 34 36 34 20 38 32 2e 31 37 31 63 30 20 39 2e 33 39 34 20 34 2e 36 39 37 20 31 33 2e 35 37 20 31 31 2e 36 36 38 20 31 33 2e 35 37 61 31 31 2e 37 20 31 31 2e 37 20 30 20 30 20 30 20 38 2e 30 38 35 2d 33 2e 32 34 31 6c 37 35 2e 30 36 38 2d 37 31 2e 34 35 35 63 2d 38 2e 37 36 38 20 30 2d 31 34 2e 37 35 2d 31 2e 33 32 33 2d 32 32 2e 32 31 32 2d 36 2e 34 33 2d 31 31 2e 31 30 36 2d 37 2e 36 2d 31 39 2e 32 39 2d
                                                                                                                                                                                                        Data Ascii: <svg width="600" height="406" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M302.245 284.507s-2.464 72.073-2.464 82.171c0 9.394 4.697 13.57 11.668 13.57a11.7 11.7 0 0 0 8.085-3.241l75.068-71.455c-8.768 0-14.75-1.323-22.212-6.43-11.106-7.6-19.29-


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        20192.168.2.174973092.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC419OUTGET /www/images/content/header-logo.svg HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC527INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:22 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 15858
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        ETag: "6565e1d5-3df2"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 12:17:54 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        traceparent: 00-668fd652b5966b58ed8b7e5d0d777dce-083517e669b9a933-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc34
                                                                                                                                                                                                        Age: 865528
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T12:17:54+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc34
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC15857INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 32 30 33 22 20 68 65 69 67 68 74 3d 22 34 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 30 33 20 34 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 39 2e 34 37 36 31 37 20 32 31 2e 33 43 39 2e 34 37 36 31 37 20 32 31 2e 33 20 39 2e 30 35 34 36 39 20 33 33 2e 36 32 39 38 20 39 2e 30 35 34 36 39 20 33 35 2e 33 35 37 33 43 39 2e 30 35 34 36 39 20 33 36 2e 39 36 34 34 20 39 2e 38 35 38 32 36 20 33 37 2e 36 37 38 37 20 31 31 2e 30 35 30 38 20 33 37 2e 36 37 38 37 43 31 31 2e 35 36 36 34 20 33 37 2e 36 37 38 37 20 31 32 2e 30 36 32 20 33 37 2e 34 38 30 31 20 31 32 2e 34 33 33 38 20 33 37
                                                                                                                                                                                                        Data Ascii: <svg width="203" height="40" viewBox="0 0 203 40" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M9.47617 21.3C9.47617 21.3 9.05469 33.6298 9.05469 35.3573C9.05469 36.9644 9.85826 37.6787 11.0508 37.6787C11.5664 37.6787 12.062 37.4801 12.4338 37
                                                                                                                                                                                                        2024-10-24 12:43:22 UTC1INData Raw: 0a
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        21192.168.2.174973892.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC693OUTGET /www/webpack_sprite.css-0c046a40.712f8ffc.svg HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://static.icecreamapps.com/www/index.css?f12bd40a
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC529INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:23 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 109669
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 15:33:27 GMT
                                                                                                                                                                                                        ETag: "6703ff47-1ac65"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 11:47:59 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        traceparent: 00-fdaf88040b2a32d4ec24e34ce1882f42-1a90cd5f8d641703-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc36
                                                                                                                                                                                                        Age: 867324
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T11:47:59+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc36
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC15855INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 76 67 20 77 69 64 74 68 3d 22 31 32 36 35 22 20 68 65 69 67 68 74 3d 22 31 30 34 35 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 32 36 35 20 31 30 34 35 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 3e 3c 73 76 67 20 77 69 64 74 68 3d 22 32 38 22 20 68 65 69 67 68 74 3d 22 32 38 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 76 69 65 77 42 6f 78 3d 22 2d 32 20 2d 32 20 32 38 20 32 38 22 20 69 64 3d 22 41 63 63 65 70 74 5f 69 63 6f 6e 22 20 78 3d 22 31
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><svg width="1265" height="1045" viewBox="0 0 1265 1045" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><svg width="28" height="28" fill="none" viewBox="-2 -2 28 28" id="Accept_icon" x="1
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC16384INData Raw: 39 39 39 2d 32 30 2e 31 34 37 2d 34 34 2e 39 39 39 2d 34 35 43 33 35 20 35 35 2e 31 34 38 20 35 35 2e 31 34 37 20 33 35 20 38 30 20 33 35 63 32 34 2e 38 35 32 20 30 20 34 34 2e 39 39 39 20 32 30 2e 31 34 37 20 34 34 2e 39 39 39 20 34 35 7a 4d 33 35 20 30 48 31 30 43 34 2e 34 37 37 20 30 20 30 20 34 2e 34 37 37 20 30 20 31 30 76 32 35 61 35 20 35 20 30 20 30 30 31 30 20 30 56 31 30 68 32 35 61 35 20 35 20 30 20 30 30 30 2d 31 30 7a 4d 31 32 35 20 30 68 32 35 63 35 2e 35 32 33 20 30 20 31 30 20 34 2e 34 37 37 20 31 30 20 31 30 76 32 35 61 35 20 35 20 30 20 30 31 2d 31 30 20 30 56 31 30 68 2d 32 35 61 35 20 35 20 30 20 30 31 30 2d 31 30 7a 4d 33 35 20 31 36 30 48 31 30 63 2d 35 2e 35 32 33 20 30 2d 31 30 2d 34 2e 34 37 37 2d 31 30 2d 31 30 76 2d 32 35 61 35
                                                                                                                                                                                                        Data Ascii: 999-20.147-44.999-45C35 55.148 55.147 35 80 35c24.852 0 44.999 20.147 44.999 45zM35 0H10C4.477 0 0 4.477 0 10v25a5 5 0 0010 0V10h25a5 5 0 000-10zM125 0h25c5.523 0 10 4.477 10 10v25a5 5 0 01-10 0V10h-25a5 5 0 010-10zM35 160H10c-5.523 0-10-4.477-10-10v-25a5
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC22INData Raw: 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33
                                                                                                                                                                                                        Data Ascii: " xmlns="http://www.w3
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC16384INData Raw: 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 72 65 63 74 20 78 3d 22 2e 35 22 20 79 3d 22 2e 35 22 20 77 69 64 74 68 3d 22 31 30 31 22 20 68 65 69 67 68 74 3d 22 35 35 22 20 72 78 3d 22 37 2e 35 22 20 66 69 6c 6c 3d 22 23 66 66 66 22 20 73 74 72 6f 6b 65 3d 22 23 45 45 45 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 35 2e 30 39 32 20 34 37 2e 38 37 35 56 34 35 2e 32 32 61 31 2e 35 37 35 20 31 2e 35 37 35 20 30 20 30 30 2d 31 2e 36 36 34 2d 31 2e 36 38 32 20 31 2e 36 33 36 20 31 2e 36 33 36 20 30 20 30 30 2d 31 2e 34 38 37 2e 37 35 33 20 31 2e 35 35 32 20 31 2e 35 35 32 20 30 20 30 30 2d 31 2e 33 39 39 2d 2e 37 35 33 20 31 2e 33 39 38 20 31 2e 33 39 38 20 30 20 30 30 2d 31 2e 32 33 39 2e 36 32 39 76 2d 2e 35 32 32 68 2d 2e 39 32 76 34 2e 32 33 68 2e 39 33
                                                                                                                                                                                                        Data Ascii: .org/2000/svg"><rect x=".5" y=".5" width="101" height="55" rx="7.5" fill="#fff" stroke="#EEE"/><path d="M35.092 47.875V45.22a1.575 1.575 0 00-1.664-1.682 1.636 1.636 0 00-1.487.753 1.552 1.552 0 00-1.399-.753 1.398 1.398 0 00-1.239.629v-.522h-.92v4.23h.93
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC16384INData Raw: 37 2e 34 32 32 20 32 39 2e 39 35 36 20 39 2e 37 37 33 20 34 2e 34 31 32 20 31 39 2e 36 38 20 34 2e 31 36 38 20 32 39 2e 33 38 37 2d 2e 30 33 32 20 31 32 2e 39 30 33 2d 35 2e 35 38 35 20 32 30 2e 35 35 31 2d 31 35 2e 34 30 32 20 32 33 2e 31 31 31 2d 32 38 2e 38 33 33 20 33 2e 35 33 31 2d 31 38 2e 36 30 39 2d 36 2e 37 39 34 2d 33 39 2e 30 32 34 2d 32 36 2e 30 30 36 2d 34 37 2e 38 33 32 2d 38 2e 32 33 34 2d 33 2e 37 39 34 2d 31 36 2e 38 38 36 2d 35 2e 31 39 34 2d 32 35 2e 39 34 2d 34 2e 34 32 38 2d 32 31 2e 35 33 38 20 31 2e 38 32 33 2d 34 33 2e 31 36 20 31 36 2e 37 33 36 2d 34 39 2e 30 33 34 20 34 32 2e 32 31 35 2d 33 2e 30 33 20 31 33 2e 31 30 36 2d 31 2e 34 30 36 20 32 35 2e 38 33 37 20 34 2e 35 31 38 20 33 37 2e 39 30 31 20 39 2e 33 35 35 20 31 39 2e 30
                                                                                                                                                                                                        Data Ascii: 7.422 29.956 9.773 4.412 19.68 4.168 29.387-.032 12.903-5.585 20.551-15.402 23.111-28.833 3.531-18.609-6.794-39.024-26.006-47.832-8.234-3.794-16.886-5.194-25.94-4.428-21.538 1.823-43.16 16.736-49.034 42.215-3.03 13.106-1.406 25.837 4.518 37.901 9.355 19.0
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC16384INData Raw: 31 36 20 31 35 20 31 35 20 31 35 68 38 32 2e 35 56 32 33 48 31 35 61 37 2e 35 20 37 2e 35 20 30 20 30 31 30 2d 31 35 68 39 37 2e 35 7a 22 20 66 69 6c 6c 3d 22 23 66 66 66 22 2f 3e 3c 2f 73 76 67 3e 3c 73 76 67 20 77 69 64 74 68 3d 22 36 38 22 20 68 65 69 67 68 74 3d 22 36 38 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 76 69 65 77 42 6f 78 3d 22 2d 32 20 2d 32 20 36 38 20 36 38 22 20 69 64 3d 22 53 63 68 65 64 75 6c 65 22 20 79 3d 22 39 37 37 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 35 2e 35 20 32 31 2e 38 63 30 2d 32 2e 32 38 32 2e 30 30 32 2d 33 2e 38 34 32 2e 31 2d 35 2e 30 35 2e 30 39 37 2d 31 2e 31 38 2e 32 37 33 2d 31 2e 38 30 33 2e 35 2d 32 2e 32 34 37
                                                                                                                                                                                                        Data Ascii: 16 15 15 15h82.5V23H15a7.5 7.5 0 010-15h97.5z" fill="#fff"/></svg><svg width="68" height="68" fill="none" viewBox="-2 -2 68 68" id="Schedule" y="977" xmlns="http://www.w3.org/2000/svg"><path d="M5.5 21.8c0-2.282.002-3.842.1-5.05.097-1.18.273-1.803.5-2.247
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC16384INData Raw: 34 33 2d 2e 33 39 32 2e 37 31 34 2d 31 2e 32 39 34 20 31 2e 36 31 34 2d 32 2e 30 31 20 32 2e 30 30 33 2d 2e 39 36 32 2e 35 32 34 2d 31 2e 37 39 32 2e 35 38 33 2d 33 2e 34 35 33 2e 37 2d 31 2e 38 2e 31 32 38 2d 34 20 2e 32 32 34 2d 36 2e 35 33 38 2e 32 32 34 2d 32 2e 35 33 37 20 30 2d 34 2e 37 33 36 2d 2e 30 39 36 2d 36 2e 35 33 37 2d 2e 32 32 34 2d 31 2e 36 36 31 2d 2e 31 31 37 2d 32 2e 34 39 32 2d 2e 31 37 36 2d 33 2e 34 35 34 2d 2e 37 2d 2e 37 31 36 2d 2e 33 39 2d 31 2e 36 31 38 2d 31 2e 32 38 39 2d 32 2e 30 31 2d 32 2e 30 30 34 2d 2e 35 32 36 2d 2e 39 36 2d 2e 35 38 37 2d 31 2e 37 38 33 2d 2e 37 30 37 2d 33 2e 34 33 41 36 32 2e 36 38 33 20 36 32 2e 36 38 33 20 30 20 30 31 38 2e 33 39 39 20 32 34 63 30 2d 31 2e 36 34 36 2e 30 37 31 2d 33 2e 31 39 35 2e
                                                                                                                                                                                                        Data Ascii: 43-.392.714-1.294 1.614-2.01 2.003-.962.524-1.792.583-3.453.7-1.8.128-4 .224-6.538.224-2.537 0-4.736-.096-6.537-.224-1.661-.117-2.492-.176-3.454-.7-.716-.39-1.618-1.289-2.01-2.004-.526-.96-.587-1.783-.707-3.43A62.683 62.683 0 018.399 24c0-1.646.071-3.195.
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC11264INData Raw: 2e 32 34 38 20 31 2e 32 31 37 2d 2e 30 31 2e 33 35 31 2e 30 35 2e 36 34 38 2e 31 38 2e 39 30 37 2e 31 36 2e 33 31 35 2e 34 32 2e 36 31 32 2e 37 34 36 2e 38 36 33 2e 33 32 36 2e 32 35 2e 37 31 37 2e 34 35 34 20 31 2e 31 33 37 2e 35 38 34 6c 2e 35 30 35 2e 31 34 36 63 2e 32 36 2e 30 37 36 2e 35 31 38 2e 31 35 34 2e 37 37 36 2e 32 33 32 2e 31 31 36 2e 30 33 36 2e 32 34 33 2e 30 38 33 2e 33 35 39 2e 31 35 33 2e 31 31 35 2e 30 37 2e 32 31 38 2e 31 36 33 2e 32 38 33 2e 32 39 33 61 2e 36 37 34 2e 36 37 34 20 30 20 30 31 2e 30 36 39 2e 32 38 31 2e 39 32 32 2e 39 32 32 20 30 20 30 31 2d 2e 30 35 34 2e 33 32 35 63 2d 2e 30 39 38 2e 32 39 35 2d 2e 32 34 36 2e 34 38 34 2d 2e 35 32 39 2e 36 30 31 2d 2e 32 38 32 2e 31 31 35 2d 2e 36 39 39 2e 31 35 33 2d 31 2e 33 33 2e
                                                                                                                                                                                                        Data Ascii: .248 1.217-.01.351.05.648.18.907.16.315.42.612.746.863.326.25.717.454 1.137.584l.505.146c.26.076.518.154.776.232.116.036.243.083.359.153.115.07.218.163.283.293a.674.674 0 01.069.281.922.922 0 01-.054.325c-.098.295-.246.484-.529.601-.282.115-.699.153-1.33.
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC608INData Raw: 36 38 22 20 69 64 3d 22 77 69 6e 31 30 5f 73 75 75 70 6f 72 74 22 20 78 3d 22 32 37 32 22 20 79 3d 22 39 37 37 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 35 20 38 2e 35 4c 34 20 31 31 2e 33 36 32 6c 2e 30 31 36 20 31 37 2e 36 37 48 32 35 56 38 2e 35 7a 6d 30 20 34 34 56 33 32 48 34 2e 30 31 36 76 31 37 2e 35 4c 32 35 20 35 32 2e 35 7a 4d 35 34 20 34 4c 32 38 20 38 76 32 31 6c 32 36 20 2e 30 33 33 56 34 7a 6d 30 20 33 36 2e 37 38 34 56 33 32 48 32 38 76 32 31 6c 36 2e 39 35 36 20 31 2e 30 38 38 2d 31 2e 30 39 31 2d 31 2e 31 35 35 61 35 20
                                                                                                                                                                                                        Data Ascii: 68" id="win10_suuport" x="272" y="977" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M25 8.5L4 11.362l.016 17.67H25V8.5zm0 44V32H4.016v17.5L25 52.5zM54 4L28 8v21l26 .033V4zm0 36.784V32H28v21l6.956 1.088-1.091-1.155a5


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        22192.168.2.174973792.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC690OUTGET /www/webpack_sprite2-bf5a251c.04e5ea75.svg HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://static.icecreamapps.com/www/index.css?f12bd40a
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC528INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:23 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 94271
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 15:33:27 GMT
                                                                                                                                                                                                        ETag: "6703ff47-1703f"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 12:17:54 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        traceparent: 00-92b2668bb0e29fa96034f5e778ad6536-366243b1828b37de-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc34
                                                                                                                                                                                                        Age: 865529
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T12:17:54+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc34
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC15856INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 76 67 20 77 69 64 74 68 3d 22 38 30 34 22 20 68 65 69 67 68 74 3d 22 35 33 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 34 20 35 33 34 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 3e 3c 73 76 67 20 77 69 64 74 68 3d 22 34 32 22 20 68 65 69 67 68 74 3d 22 34 32 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 76 69 65 77 42 6f 78 3d 22 2d 31 20 2d 31 20 34 32 20 34 32 22 20 69 64 3d 22 46 61 63 65 62 6f 6f 6b 22 20 78 3d 22 34 38 37 22 20 79 3d 22
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><svg width="804" height="534" viewBox="0 0 804 534" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><svg width="42" height="42" fill="none" viewBox="-1 -1 42 42" id="Facebook" x="487" y="
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC16384INData Raw: 2e 31 31 32 20 31 33 2e 33 38 34 2d 34 2e 39 33 35 2d 2e 39 32 35 2d 31 32 2e 38 34 36 2d 2e 37 36 2d 31 38 2e 33 31 20 34 2e 37 36 37 2d 34 2e 37 38 38 20 34 2e 38 34 31 2d 35 2e 34 20 31 30 2e 36 32 39 2d 34 2e 30 31 39 20 31 35 2e 38 31 2d 34 2e 38 33 35 20 30 2d 31 31 2e 38 39 34 20 33 2e 31 30 39 2d 31 32 2e 34 33 35 20 37 2e 39 34 35 2d 2e 35 34 20 34 2e 38 33 35 20 33 2e 31 30 37 20 37 2e 32 35 33 20 36 2e 35 36 34 20 37 2e 32 35 33 20 32 2e 30 35 31 20 30 20 34 2e 38 33 35 2d 31 2e 37 32 37 20 38 2e 39 38 2d 34 2e 31 34 35 20 34 2e 31 34 35 2d 32 2e 34 31 38 20 31 31 2e 39 34 31 2d 33 2e 33 39 38 20 32 30 2e 30 33 34 2d 31 2e 30 33 36 20 38 2e 30 39 32 20 32 2e 33 36 32 20 31 30 2e 31 36 35 20 36 2e 32 31 37 20 31 39 2e 36 38 38 20 31 33 2e 34 37
                                                                                                                                                                                                        Data Ascii: .112 13.384-4.935-.925-12.846-.76-18.31 4.767-4.788 4.841-5.4 10.629-4.019 15.81-4.835 0-11.894 3.109-12.435 7.945-.54 4.835 3.107 7.253 6.564 7.253 2.051 0 4.835-1.727 8.98-4.145 4.145-2.418 11.941-3.398 20.034-1.036 8.092 2.362 10.165 6.217 19.688 13.47
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC22INData Raw: 32 38 2d 2e 33 35 35 2d 2e 32 32 38 2d 2e 36 30 38 56 31 35 2e 35
                                                                                                                                                                                                        Data Ascii: 28-.355-.228-.608V15.5
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC16384INData Raw: 30 36 63 30 2d 2e 32 37 39 2e 30 38 39 2d 2e 34 38 31 2e 32 36 36 2d 2e 36 30 37 61 2e 39 30 35 2e 39 30 35 20 30 20 30 31 2e 36 30 37 2d 2e 32 32 38 2e 38 36 2e 38 36 20 30 20 30 31 2e 35 36 39 2e 32 32 38 63 2e 31 37 37 2e 31 32 36 2e 32 36 35 2e 33 32 38 2e 32 36 35 2e 36 30 37 76 2e 36 38 33 63 2e 39 38 37 2d 31 2e 31 33 39 20 32 2e 32 38 39 2d 31 2e 37 30 38 20 33 2e 39 30 38 2d 31 2e 37 30 38 20 31 2e 35 36 39 20 30 20 32 2e 38 35 39 2e 35 33 31 20 33 2e 38 37 20 31 2e 35 39 34 20 31 2e 30 31 32 20 31 2e 30 33 37 20 31 2e 35 31 38 20 32 2e 33 37 37 20 31 2e 35 31 38 20 34 2e 30 32 31 20 30 20 31 2e 36 39 35 2d 2e 35 30 36 20 33 2e 30 38 37 2d 31 2e 35 31 38 20 34 2e 31 37 34 2d 31 2e 30 31 31 20 31 2e 30 36 33 2d 32 2e 33 30 31 20 31 2e 35 39 34 2d
                                                                                                                                                                                                        Data Ascii: 06c0-.279.089-.481.266-.607a.905.905 0 01.607-.228.86.86 0 01.569.228c.177.126.265.328.265.607v.683c.987-1.139 2.289-1.708 3.908-1.708 1.569 0 2.859.531 3.87 1.594 1.012 1.037 1.518 2.377 1.518 4.021 0 1.695-.506 3.087-1.518 4.174-1.011 1.063-2.301 1.594-
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC16384INData Raw: 73 76 67 3e 3c 73 76 67 20 77 69 64 74 68 3d 22 32 36 22 20 68 65 69 67 68 74 3d 22 32 36 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 76 69 65 77 42 6f 78 3d 22 2d 31 20 2d 31 20 32 36 20 32 36 22 20 69 64 3d 22 70 68 6f 6e 65 22 20 79 3d 22 35 30 38 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 37 2e 39 33 32 20 31 36 2e 30 33 37 63 32 2e 38 30 36 20 32 2e 38 30 31 20 36 2e 32 31 34 20 34 2e 39 36 33 20 39 20 34 2e 39 36 33 20 31 2e 32 35 33 20 30 20 32 2e 33 35 2d 2e 34 33 36 20 33 2e 32 33 33 2d 31 2e 34 30 35 2e 35 31 35 2d 2e 35 37 32 2e 38 33 35 2d 31 2e 32 34 31 2e 38 33 35 2d 31 2e 39 20 30 2d 2e 34 38 35 2d 2e 31 38 34 2d 2e 39 35 2d 2e 36 34 2d 31 2e 32
                                                                                                                                                                                                        Data Ascii: svg><svg width="26" height="26" fill="none" viewBox="-1 -1 26 26" id="phone" y="508" xmlns="http://www.w3.org/2000/svg"><path d="M7.932 16.037c2.806 2.801 6.214 4.963 9 4.963 1.253 0 2.35-.436 3.233-1.405.515-.572.835-1.241.835-1.9 0-.485-.184-.95-.64-1.2
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC16384INData Raw: 23 30 30 38 39 44 36 22 2f 3e 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 62 77 70 61 69 6e 74 34 5f 6c 69 6e 65 61 72 5f 37 34 34 32 5f 36 38 33 35 39 22 20 78 31 3d 22 31 37 34 2e 31 36 22 20 79 31 3d 22 2d 34 2e 38 33 36 22 20 78 32 3d 22 32 38 30 2e 37 33 36 22 20 79 32 3d 22 2d 34 2e 38 33 36 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 3e 3c 73 74 6f 70 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 30 30 42 41 41 46 22 2f 3e 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 30 30 38 39 44 36 22 2f 3e 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 3c 2f 64 65 66 73 3e 3c 2f 73 76 67 3e 3c 73 76
                                                                                                                                                                                                        Data Ascii: #0089D6"/></linearGradient><linearGradient id="bwpaint4_linear_7442_68359" x1="174.16" y1="-4.836" x2="280.736" y2="-4.836" gradientUnits="userSpaceOnUse"><stop stop-color="#00BAAF"/><stop offset="1" stop-color="#0089D6"/></linearGradient></defs></svg><sv
                                                                                                                                                                                                        2024-10-24 12:43:24 UTC12857INData Raw: 38 33 2e 34 36 32 48 34 56 34 61 33 20 33 20 30 20 30 31 33 2d 33 68 39 7a 6d 2d 31 20 34 61 31 20 31 20 30 20 31 31 30 20 32 48 38 61 31 20 31 20 30 20 31 31 30 2d 32 68 37 7a 6d 30 20 35 61 31 20 31 20 30 20 31 31 30 20 32 48 38 61 31 20 31 20 30 20 31 31 30 2d 32 68 37 7a 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 63 6b 70 61 69 6e 74 31 5f 6c 69 6e 65 61 72 5f 37 34 35 30 5f 36 38 39 30 35 29 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 32 33 2e 37 32 20 31 36 2e 32 37 36 61 31 20 31 20 30 20 30 30 30 2d 31 2e 34 31 35 6c 2d 31 2e 37 32 32 2d 31 2e 37 32 32 61 31 20 31 20 30 20 30 30 2d 31 2e 34 31 34 20 30 6c 2d 2e 38 36 32 2e 38 36 31 2d 2e 31 2e 31 20 33 2e 31 33 37 20 33 2e 31 33 36 2e 31 2d 2e 31 2e 38 36 31 2d 2e 38 36 7a 22 20 66 69 6c 6c 3d 22 75 72 6c
                                                                                                                                                                                                        Data Ascii: 83.462H4V4a3 3 0 013-3h9zm-1 4a1 1 0 110 2H8a1 1 0 110-2h7zm0 5a1 1 0 110 2H8a1 1 0 110-2h7z" fill="url(#ckpaint1_linear_7450_68905)"/><path d="M23.72 16.276a1 1 0 000-1.415l-1.722-1.722a1 1 0 00-1.414 0l-.862.861-.1.1 3.137 3.136.1-.1.861-.86z" fill="url


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        23192.168.2.174973992.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC679OUTGET /www/images/content/star_bg.svg HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://static.icecreamapps.com/www/index.css?f12bd40a
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC525INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:23 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 1904
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        ETag: "6565e1d5-770"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 11:49:51 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        traceparent: 00-230477dcd615e74b79a2b035af91695a-e5bf03e3bc104f07-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc36
                                                                                                                                                                                                        Age: 867212
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T11:49:51+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc36
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC1904INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 32 36 35 36 22 20 68 65 69 67 68 74 3d 22 32 36 35 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 36 35 36 20 32 36 35 36 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 31 33 32 38 20 30 4c 31 33 32 38 2e 30 39 20 31 33 32 36 2e 36 37 4c 31 35 30 31 2e 33 34 20 31 31 2e 33 36 31 32 4c 31 33 32 38 2e 32 36 20 31 33 32 36 2e 37 4c 31 36 37 31 2e 37 31 20 34 35 2e 32 35 30 35 4c 31 33 32 38 2e 34 33 20 31 33 32 36 2e 37 34 4c 31 38 33 36 2e 32 20 31 30 31 2e 30 38 38 4c 31 33 32 38 2e 35 39 20 31 33 32 36 2e 38 31 4c 31 39 39 32 20 31 37 37 2e 39 31 38 4c 31 33 32 38 2e 37 34 20 31 33 32
                                                                                                                                                                                                        Data Ascii: <svg width="2656" height="2656" viewBox="0 0 2656 2656" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1328 0L1328.09 1326.67L1501.34 11.3612L1328.26 1326.7L1671.71 45.2505L1328.43 1326.74L1836.2 101.088L1328.59 1326.81L1992 177.918L1328.74 132


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        24192.168.2.174973692.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC679OUTGET /www/images/content/wave_bg.svg HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://static.icecreamapps.com/www/index.css?f12bd40a
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:23 GMT
                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                        Content-Length: 787
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        ETag: "6565e1d5-313"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 11:49:51 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        traceparent: 00-12ed94c163a545cd566a76b9cf117079-93893ac536cc7c65-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc36
                                                                                                                                                                                                        Age: 867212
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T11:49:51+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc36
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC787INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 39 30 30 22 20 68 65 69 67 68 74 3d 22 34 30 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 2d 35 31 30 20 34 30 30 56 30 63 32 37 2e 37 37 34 20 30 20 35 35 2e 35 34 37 20 37 2e 32 31 35 20 38 30 20 32 31 2e 36 34 36 20 34 38 2e 39 30 36 20 32 38 2e 38 36 20 31 31 31 2e 30 39 34 20 32 38 2e 38 36 20 31 36 30 20 30 20 34 38 2e 39 30 36 2d 32 38 2e 38 36 31 20 31 31 31 2e 30 39 34 2d 32 38 2e 38 36 31 20 31 36 30 20 30 20 34 38 2e 39 30 36 20 32 38 2e 38 36 20 31 31 31 2e 30 39 34 20 32 38 2e 38 36 20 31 36 30 20 30 20 34 38 2e 39 30 36 2d 32 38 2e 38 36 31 20 31 31 31 2e 30 39 34 2d 32 38
                                                                                                                                                                                                        Data Ascii: <svg width="900" height="400" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M-510 400V0c27.774 0 55.547 7.215 80 21.646 48.906 28.86 111.094 28.86 160 0 48.906-28.861 111.094-28.861 160 0 48.906 28.86 111.094 28.86 160 0 48.906-28.861 111.094-28


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        25192.168.2.174974092.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC662OUTGET /www/images/home-page-images/pdf-editor.png HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://icecreamapps.com/
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC490INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:23 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 7128
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        ETag: "6565e1d5-1bd8"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 11:49:51 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        traceparent: 00-a5e1a17475870d92b3906febb0e57125-c059159fd05ce76b-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc36
                                                                                                                                                                                                        Age: 867212
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T11:49:51+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc36
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC6700INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f8 00 00 00 a0 08 03 00 00 00 16 d2 51 a3 00 00 02 fd 50 4c 54 45 ff ff ff e6 e6 e6 f4 f4 f4 65 65 65 b4 b4 b4 fb fb fb f0 f0 f0 bb bb bb f3 f3 f3 88 88 88 f6 f6 f6 df df e0 f8 ca d2 fd fd fd ee ee ee e1 e1 e1 e4 e4 e4 bd bd bd d8 d8 d8 f7 f7 f8 f2 f2 f2 da da da e3 e2 e2 b6 b6 b6 be be be d3 d4 d3 9f 9f 9f ed ed ed ec ec ec a5 a5 a5 c3 c3 c4 ac ac ac d6 d6 d6 cd cd cd c0 c0 c0 c7 c7 c7 b0 b0 b0 cc cc cc c9 c9 c9 ae ae ae 98 98 99 c5 c5 c5 a3 a3 a3 8b 8b 8b 9c 9c 9c b9 b9 b9 e7 e7 e7 b2 b2 b2 c6 c6 c6 94 94 94 fb fa fa dd dd dd b5 b5 b5 f9 f9 f9 78 78 79 eb eb eb e9 e9 e9 cf cf cf d5 d5 d5 b3 b3 b3 e5 e5 e5 d1 d1 d1 d0 d0 d0 a9 a9 a9 84 84 84 ab ab ab 90 90 90 b8 b8 b8 cb cb cb ea ea ea a7 a7 a7 75
                                                                                                                                                                                                        Data Ascii: PNGIHDRQPLTEeeexxyu
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC428INData Raw: 14 2f 61 98 8b 09 c1 30 8c 51 1e 97 27 50 27 c0 15 a6 89 9a 87 a6 68 50 e7 62 81 28 42 7e 02 a3 ca 51 6a a1 ba 88 11 39 60 4b 60 54 5d 18 05 55 4f f4 ca 31 60 d5 21 7d 50 f5 c1 c2 95 80 0d e9 40 d8 37 8c 95 30 9c c2 c2 18 04 24 16 0b 7b 70 36 86 39 51 dc 09 5c 8a 9f 83 78 2e 7a 96 00 73 c2 81 ff 14 36 70 96 83 55 c1 8e 8a ff a4 c1 ac 06 02 be ef 33 a7 b5 46 e0 6f 23 4c d3 1e e2 5b a2 67 18 0e 87 bb 7f 45 7c a8 05 88 9f d2 20 9d ca 95 c4 2f 09 f0 84 bd d3 bb 7f 49 3c 54 23 88 f0 f7 1f a7 8b 87 7f f6 a9 4d 7e 2a 9e 39 41 fc 63 e2 31 cf 59 86 3e a7 e2 f9 75 ec d1 9e 3e 35 86 7f 1b fa 04 1c fe 05 b0 fb 6f 26 68 b0 b9 ef e6 93 37 e0 dc c1 ba c0 e6 86 9b ed e0 b9 ef be 87 7e 78 01 c6 dc 03 70 9e 94 6c 5d dc 43 03 d4 00 70 ec e6 bb 81 a1 20 b6 ea 82 7f 8c 47 ab
                                                                                                                                                                                                        Data Ascii: /a0Q'P'hPb(B~Qj9`K`T]UO1`!}P@70${p69Q\x.zs6pU3Fo#L[gE| /I<T#M~*9Ac1Y>u>5o&h7~xpl]Cp G


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        26192.168.2.174974192.223.124.624436232C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC664OUTGET /www/images/home-page-images/video-editor.png HTTP/1.1
                                                                                                                                                                                                        Host: static.icecreamapps.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                        Referer: https://icecreamapps.com/
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                        Cookie: ic_d=671a40e799a863.45409504
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Date: Thu, 24 Oct 2024 12:43:23 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 18524
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 28 Nov 2023 12:49:25 GMT
                                                                                                                                                                                                        ETag: "6565e1d5-485c"
                                                                                                                                                                                                        Expires: Tue, 14 Oct 2025 16:18:23 GMT
                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                        traceparent: 00-34074fde041a9c2a0f1e2125f32f4cd6-7ab0493b161f814c-01
                                                                                                                                                                                                        X-ID: fr5-hw-edge-gc34
                                                                                                                                                                                                        Age: 851100
                                                                                                                                                                                                        Cache: HIT
                                                                                                                                                                                                        X-Cached-Since: 2024-10-14T16:18:23+00:00
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        X-ID-FE: fr5-hw-edge-gc34
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC15893INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f8 00 00 00 a0 08 03 00 00 00 16 d2 51 a3 00 00 03 00 50 4c 54 45 29 29 29 5b 5b 5b 3c 3c 3c ff ff ff 1c 1c 1c 34 34 34 e6 e6 e6 78 48 a8 40 40 40 f4 f4 f4 45 45 44 25 24 24 30 2e 34 20 20 20 54 54 53 4d 4d 4b dc db dd 6b 6b 6b 12 12 13 19 16 16 71 72 72 f9 f8 f8 eb eb eb c0 c0 c0 b9 bb b8 d8 d8 d9 85 85 85 0e 0d 0d df e1 e1 04 04 03 64 40 88 65 66 66 d1 d1 d2 35 2d 2a c8 c8 c8 33 3e 44 be be bc b7 b8 b5 ae af af c4 c4 c3 f0 f0 f0 b2 b4 b3 78 79 78 48 49 4b 59 5a 55 cc cd cb 9c 9f a2 37 46 4f 70 71 59 28 33 2b da e4 e9 55 56 4b 65 5f 58 d5 d5 d7 38 39 37 8a 8c 8c 77 78 5d a9 a9 a9 2d 23 1e 61 61 61 51 51 4f a3 a5 a6 94 78 65 6b 6b 53 3d 33 2f 8e 72 5f 60 58 4f 92 92 91 94 7e 6d 7f 81 82 fc d3 00 a8
                                                                                                                                                                                                        Data Ascii: PNGIHDRQPLTE)))[[[<<<444xH@@@EED%$$0.4 TTSMMKkkkqrrd@eff5-*3>DxyxHIKYZU7FOpqY(3+UVKe_X897wx]-#aaaQQOxekkS=3/r_`XO~m
                                                                                                                                                                                                        2024-10-24 12:43:23 UTC2631INData Raw: 8c 50 ba 88 00 7c 58 c1 90 cb 1b 0a b6 20 e3 f7 c1 07 01 9e 91 6d 61 50 d0 f8 28 69 49 36 45 ed 9b 98 24 9c 84 eb 5a be c5 94 c7 b5 e1 f4 d5 76 18 c3 0c 2c 6e 2c e7 9c de da 58 ce 0b 83 a7 1d 4b 6f 1b 6a 3a d3 5e e3 f1 4c 91 09 eb 5a ba 1a 7e a5 d3 9d b9 89 24 e2 5c 9e 03 34 bf 3e 9f 27 ec 87 4b ad 99 85 c6 b1 5f ef a1 ee ab af 60 10 2d 3a 1c 71 ab 5a ea 28 62 cf b0 46 47 a4 31 12 09 0b 8e 41 ca df c1 95 15 27 1f 21 d8 ef bd f7 17 70 5f 28 e8 0d b9 5a 08 39 07 be fa 91 d3 59 c0 34 77 98 46 f4 7c f4 2a f1 78 dc 34 73 6c 7c 41 bc 93 28 50 4b 22 8e f9 46 f6 c5 b0 35 d0 70 42 3c bc d4 3a a6 08 57 f5 f2 63 62 85 74 a2 bd 77 da 33 e5 20 e0 3d ba ea 53 b9 b9 9d bd d5 8a dd 17 dc 05 6e d2 81 81 40 5b c2 e3 55 e9 85 c2 7c d4 39 b2 37 f2 cd 8e 67 ef 2f 54 cd d4 7d
                                                                                                                                                                                                        Data Ascii: P|X maP(iI6E$Zv,n,XKoj:^LZ~$\4>'K_`-:qZ(bFG1A'!p_(Z9Y4wF|*x4sl|A(PK"F5pB<:Wcbtw3 =Sn@[U|97g/T}


                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:08:42:20
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                        Imagebase:0x7ff675940000
                                                                                                                                                                                                        File size:71'680 bytes
                                                                                                                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                        Start time:08:42:30
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe"
                                                                                                                                                                                                        Imagebase:0x930000
                                                                                                                                                                                                        File size:4'369'472 bytes
                                                                                                                                                                                                        MD5 hash:6700C9E3B5ADB8292F5FF09D1C38C920
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                        Start time:08:42:47
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe"
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:939'520 bytes
                                                                                                                                                                                                        MD5 hash:8E8EB38C6438BAA41A5867B6F465926F
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                        Start time:08:42:47
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe"
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:939'520 bytes
                                                                                                                                                                                                        MD5 hash:8E8EB38C6438BAA41A5867B6F465926F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                        Start time:08:42:52
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe"
                                                                                                                                                                                                        Imagebase:0xbf0000
                                                                                                                                                                                                        File size:4'369'472 bytes
                                                                                                                                                                                                        MD5 hash:6700C9E3B5ADB8292F5FF09D1C38C920
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                        Start time:08:42:59
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe"
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:22'740'344 bytes
                                                                                                                                                                                                        MD5 hash:427D86902D064DCBDE0EB4F2D7FD601A
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                        Start time:08:43:00
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-SDSTO.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$60464,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe"
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:1'309'248 bytes
                                                                                                                                                                                                        MD5 hash:4BE9718959029220FC534542CB891006
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                        Start time:08:43:01
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$10480 /NOTIFYWND=$60464
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:22'740'344 bytes
                                                                                                                                                                                                        MD5 hash:427D86902D064DCBDE0EB4F2D7FD601A
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                        Start time:08:43:01
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-3U6N3.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$30476,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$10480 /NOTIFYWND=$60464
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:1'309'248 bytes
                                                                                                                                                                                                        MD5 hash:4BE9718959029220FC534542CB891006
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                        Start time:08:43:16
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27
                                                                                                                                                                                                        Imagebase:0x7ff7d6f10000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                        Start time:08:43:17
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1904,i,13854701791661007299,5941582953959067631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                        Imagebase:0x7ff7d6f10000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                        Start time:08:43:25
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe" -inst
                                                                                                                                                                                                        Imagebase:0xd90000
                                                                                                                                                                                                        File size:4'369'472 bytes
                                                                                                                                                                                                        MD5 hash:4AF96C036230E02407C613237F8BC9D5
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                        Start time:08:43:46
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\Taskmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                                                                        Imagebase:0x7ff7d2f60000
                                                                                                                                                                                                        File size:1'213'232 bytes
                                                                                                                                                                                                        MD5 hash:58D5BC7895F7F32EE308E34F06F25DD5
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                        Start time:08:43:46
                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\Taskmgr.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                                                                        Imagebase:0x7ff7d2f60000
                                                                                                                                                                                                        File size:1'213'232 bytes
                                                                                                                                                                                                        MD5 hash:58D5BC7895F7F32EE308E34F06F25DD5
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:3.1%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                          Signature Coverage:10.9%
                                                                                                                                                                                                          Total number of Nodes:548
                                                                                                                                                                                                          Total number of Limit Nodes:42
                                                                                                                                                                                                          execution_graph 15663 41b900 15665 41b93a 15663->15665 15667 41b911 15663->15667 15667->15665 15668 41cd04 15667->15668 15672 403d0c 15667->15672 15669 41cd0e 15668->15669 15670 41cd22 15669->15670 15678 41cc90 15669->15678 15670->15667 15673 403d36 15672->15673 15674 403d6a CompareStringA 15673->15674 15675 403d8a 15674->15675 15676 404d38 11 API calls 15675->15676 15677 403d92 15676->15677 15677->15667 15685 406f48 15678->15685 15680 41ccb3 15691 41cc58 15680->15691 15686 406f59 15685->15686 15687 406f8a 15685->15687 15686->15687 15695 406438 15686->15695 15687->15680 15692 41cc66 15691->15692 15804 40daa0 15692->15804 15694 41cc85 15694->15694 15696 406447 15695->15696 15697 40645d LoadStringA 15695->15697 15696->15697 15704 4063f0 15696->15704 15699 404e28 15697->15699 15747 404dfc 15699->15747 15701 404e38 15752 404d38 15701->15752 15705 406400 GetModuleFileNameA 15704->15705 15706 40641c 15704->15706 15708 406654 GetModuleFileNameA RegOpenKeyExA 15705->15708 15706->15697 15709 4066d7 15708->15709 15710 406697 RegOpenKeyExA 15708->15710 15726 406490 GetModuleHandleA 15709->15726 15710->15709 15711 4066b5 RegOpenKeyExA 15710->15711 15711->15709 15713 406760 lstrcpyn GetThreadLocale GetLocaleInfoA 15711->15713 15715 406797 15713->15715 15716 40687a 15713->15716 15715->15716 15719 4067a7 lstrlen 15715->15719 15716->15706 15717 40671c RegQueryValueExA 15718 40673a RegCloseKey 15717->15718 15718->15706 15721 4067bf 15719->15721 15721->15716 15722 4067e4 lstrcpyn LoadLibraryExA 15721->15722 15723 40680c 15721->15723 15722->15723 15723->15716 15724 406816 lstrcpyn LoadLibraryExA 15723->15724 15724->15716 15725 406848 lstrcpyn LoadLibraryExA 15724->15725 15725->15716 15727 4064bb GetProcAddress 15726->15727 15728 4064fe 15726->15728 15727->15728 15729 4064cf 15727->15729 15731 406626 RegQueryValueExA 15728->15731 15740 406531 15728->15740 15743 406470 15728->15743 15729->15728 15733 4064e5 lstrcpyn 15729->15733 15730 406544 lstrcpyn 15737 406562 15730->15737 15731->15717 15731->15718 15733->15731 15734 406612 lstrcpyn 15734->15731 15736 406470 CharNextA 15736->15737 15737->15731 15737->15734 15737->15736 15739 40657e lstrcpyn FindFirstFileA 15737->15739 15738 406470 CharNextA 15738->15740 15739->15731 15741 4065af FindClose lstrlen 15739->15741 15740->15730 15740->15731 15741->15731 15742 4065d1 lstrcpyn lstrlen 15741->15742 15742->15737 15744 40647e 15743->15744 15745 40648a 15744->15745 15746 406476 CharNextA 15744->15746 15745->15731 15745->15738 15746->15744 15748 404e00 15747->15748 15749 404e24 15747->15749 15756 402ef4 15748->15756 15749->15701 15751 404e0d 15751->15701 15753 404d59 15752->15753 15754 404d3e 15752->15754 15753->15687 15754->15753 15797 402f10 15754->15797 15758 402ef8 15756->15758 15757 402f02 15757->15751 15758->15751 15758->15757 15759 40301d 15758->15759 15763 407080 15758->15763 15771 402fec 15759->15771 15764 4070b5 TlsGetValue 15763->15764 15765 40708f 15763->15765 15766 40709a 15764->15766 15767 4070bf 15764->15767 15765->15759 15774 40703c 15766->15774 15767->15759 15769 40709f TlsGetValue 15770 4070ae 15769->15770 15770->15759 15781 404c6c 15771->15781 15775 407042 15774->15775 15776 407066 15775->15776 15780 407028 LocalAlloc 15775->15780 15776->15769 15778 407062 15778->15776 15779 407072 TlsSetValue 15778->15779 15779->15776 15780->15778 15784 404b90 15781->15784 15785 404ba4 15784->15785 15787 404bcb 15785->15787 15791 404b04 15785->15791 15788 404c17 FreeLibrary 15787->15788 15789 404c3b ExitProcess 15787->15789 15788->15787 15792 404b65 15791->15792 15793 404b0e GetStdHandle WriteFile GetStdHandle WriteFile 15791->15793 15795 404b81 15792->15795 15796 404b6e MessageBoxA 15792->15796 15793->15787 15795->15787 15796->15795 15798 402f1e 15797->15798 15800 402f14 15797->15800 15798->15753 15799 40301d 15802 402fec 7 API calls 15799->15802 15800->15798 15800->15799 15801 407080 4 API calls 15800->15801 15801->15799 15803 40303e 15802->15803 15803->15753 15805 40daac 15804->15805 15810 404d8c 15805->15810 15808 404d38 11 API calls 15809 40daf9 15808->15809 15809->15694 15811 404d90 15810->15811 15814 404da0 15810->15814 15813 404dfc 11 API calls 15811->15813 15811->15814 15812 404dce 15812->15808 15813->15814 15814->15812 15815 402f10 11 API calls 15814->15815 15815->15812 15816 4049e5 15817 4049ec 15816->15817 15820 40497c 15817->15820 15821 4049bf 15820->15821 15822 40498c 15820->15822 15822->15821 15823 4063f0 30 API calls 15822->15823 15825 4016ec 15822->15825 15823->15822 15829 401680 15825->15829 15827 4016f4 VirtualAlloc 15828 40170b 15827->15828 15828->15822 15830 401620 15829->15830 15830->15827 15831 407406 CreateMutexA 15832 406f48 15833 406f59 15832->15833 15834 406f8a 15832->15834 15833->15834 15835 406438 30 API calls 15833->15835 15836 406f79 LoadStringA 15835->15836 15837 404e28 11 API calls 15836->15837 15837->15834 15838 40a408 FindNextFileA 15839 40a425 GetLastError 15838->15839 15840 40a41c 15838->15840 15843 40a334 15840->15843 15842 40a423 15844 40a357 15843->15844 15845 40a33d FindNextFileA 15844->15845 15846 40a35f FileTimeToLocalFileTime FileTimeToDosDateTime 15844->15846 15845->15844 15847 40a34e GetLastError 15845->15847 15848 40a3ae 15846->15848 15847->15848 15848->15842 15849 405608 15850 405610 SysAllocStringLen 15849->15850 15854 405518 15849->15854 15851 405620 SysFreeString 15850->15851 15853 4054e8 15850->15853 15852 40551e SysFreeString 15852->15854 15857 405504 15853->15857 15858 4054f4 SysAllocStringLen 15853->15858 15854->15852 15855 40556b SysReAllocStringLen 15854->15855 15855->15853 15856 40557b 15855->15856 15858->15853 15858->15857 15859 40ebac 15860 40ebb4 15859->15860 15860->15860 15933 40eae8 GetThreadLocale 15860->15933 15865 40ebe2 GetThreadLocale 15960 40d29c GetLocaleInfoA 15865->15960 15869 404d8c 11 API calls 15870 40ec08 15869->15870 15871 40d29c 12 API calls 15870->15871 15872 40ec1d 15871->15872 15873 40d29c 12 API calls 15872->15873 15874 40ec41 15873->15874 15966 40d2e8 GetLocaleInfoA 15874->15966 15877 40d2e8 GetLocaleInfoA 15878 40ec71 15877->15878 15879 40d29c 12 API calls 15878->15879 15880 40ec8b 15879->15880 15881 40d2e8 GetLocaleInfoA 15880->15881 15882 40eca8 15881->15882 15883 40d29c 12 API calls 15882->15883 15884 40ecc2 15883->15884 15968 40d5d8 15884->15968 15887 404d8c 11 API calls 15888 40ecda 15887->15888 15889 40d29c 12 API calls 15888->15889 15890 40ecef 15889->15890 15891 40d5d8 14 API calls 15890->15891 15892 40ecfa 15891->15892 15893 404d8c 11 API calls 15892->15893 15894 40ed07 15893->15894 15895 40d2e8 GetLocaleInfoA 15894->15895 15896 40ed15 15895->15896 15897 40d29c 12 API calls 15896->15897 15898 40ed2f 15897->15898 15899 404d8c 11 API calls 15898->15899 15900 40ed3c 15899->15900 15901 40d29c 12 API calls 15900->15901 15902 40ed51 15901->15902 15903 404d8c 11 API calls 15902->15903 15904 40ed5e 15903->15904 15905 404d38 11 API calls 15904->15905 15906 40ed66 15905->15906 15907 404d38 11 API calls 15906->15907 15908 40ed6e 15907->15908 15909 40d29c 12 API calls 15908->15909 15910 40ed83 15909->15910 15911 40eda0 15910->15911 15912 40ed91 15910->15912 15914 404dd0 11 API calls 15911->15914 15987 404dd0 15912->15987 15915 40ed9e 15914->15915 15916 40d29c 12 API calls 15915->15916 15917 40edc2 15916->15917 15918 40ee00 15917->15918 15919 40d29c 12 API calls 15917->15919 15991 4050cc 15918->15991 15922 40ede5 15919->15922 15926 40ee02 15922->15926 15927 40edf3 15922->15927 15930 404dd0 11 API calls 15926->15930 15929 404dd0 11 API calls 15927->15929 15929->15918 15930->15918 15935 40eb13 15933->15935 15934 40eb5b GetSystemMetrics 15936 40eb6a GetSystemMetrics 15934->15936 15935->15934 15937 40eb55 15935->15937 15938 40eb83 15936->15938 15939 40eb7d 15936->15939 15937->15936 15941 40d350 GetThreadLocale 15938->15941 16000 40ea8c GetCPInfo 15939->16000 15942 40d383 15941->15942 15943 40d314 43 API calls 15942->15943 15944 404d8c 11 API calls 15942->15944 15947 40d3d5 15942->15947 15943->15942 15944->15942 15945 40d314 43 API calls 15945->15947 15946 404d8c 11 API calls 15946->15947 15947->15945 15947->15946 15948 40d448 15947->15948 16002 404d5c 15948->16002 15951 40d528 GetThreadLocale 15952 40d29c 12 API calls 15951->15952 15953 40d554 15952->15953 15954 40d5a9 15953->15954 15955 40d56d GetThreadLocale EnumCalendarInfoA 15953->15955 15958 404d38 11 API calls 15954->15958 15956 40d58a 15955->15956 15956->15956 15957 40d596 GetThreadLocale EnumCalendarInfoA 15956->15957 15957->15954 15959 40d5be 15958->15959 15959->15865 15961 40d2c3 15960->15961 15962 40d2d5 15960->15962 15963 404e28 11 API calls 15961->15963 15964 404d8c 11 API calls 15962->15964 15965 40d2d3 15963->15965 15964->15965 15965->15869 15967 40d304 15966->15967 15967->15877 15969 40d603 GetThreadLocale 15968->15969 15970 404d38 11 API calls 15968->15970 15971 40d29c 12 API calls 15969->15971 15970->15969 15972 40d61b 15971->15972 15973 40d634 15972->15973 15985 40d695 15972->15985 15974 40d687 15973->15974 15982 40d650 15973->15982 15976 404d8c 11 API calls 15974->15976 15975 40d682 15978 404d5c 11 API calls 15975->15978 15976->15975 15979 40d7a7 15978->15979 15979->15887 15981 405004 11 API calls 15981->15985 15982->15975 16006 404f20 15982->16006 16009 405004 15982->16009 15985->15975 15985->15981 15986 404f20 11 API calls 15985->15986 16023 40e6fc 15985->16023 16027 405230 15985->16027 15986->15985 15989 404dd4 15987->15989 15988 404df8 15988->15915 15989->15988 15990 402f10 11 API calls 15989->15990 15990->15988 15992 4050dd 15991->15992 15993 405105 15992->15993 15994 40511c 15992->15994 15998 40514d 15992->15998 15995 405458 11 API calls 15993->15995 15996 404dfc 11 API calls 15994->15996 15997 405112 15995->15997 15996->15997 15997->15998 15999 404d8c 11 API calls 15997->15999 15999->15998 16001 40eaa5 16000->16001 16001->15938 16004 404d62 16002->16004 16003 404d88 16003->15865 16003->15951 16004->16003 16005 402f10 11 API calls 16004->16005 16005->16004 16007 404e28 11 API calls 16006->16007 16008 404f2d 16007->16008 16008->15982 16010 405008 16009->16010 16011 405049 16009->16011 16012 405012 16010->16012 16013 404d8c 16010->16013 16011->15982 16012->16011 16014 405027 16012->16014 16015 40503e 16012->16015 16019 404dfc 11 API calls 16013->16019 16020 404da0 16013->16020 16034 405458 16014->16034 16017 405458 11 API calls 16015->16017 16016 404dce 16016->15982 16022 40502c 16017->16022 16019->16020 16020->16016 16021 402f10 11 API calls 16020->16021 16021->16016 16022->15982 16024 40e730 16023->16024 16025 40e710 16023->16025 16024->15985 16025->16024 16050 40e6d4 16025->16050 16028 405262 16027->16028 16030 405235 16027->16030 16029 404d38 11 API calls 16028->16029 16031 405258 16029->16031 16030->16028 16032 405249 16030->16032 16031->15985 16033 404e28 11 API calls 16032->16033 16033->16031 16035 405465 16034->16035 16042 405495 16034->16042 16037 40548e 16035->16037 16038 405471 16035->16038 16036 404d38 11 API calls 16040 40547f 16036->16040 16039 404dfc 11 API calls 16037->16039 16043 402f28 16038->16043 16039->16042 16040->16022 16042->16036 16044 402f2e 16043->16044 16044->16040 16045 402f40 16044->16045 16046 40301d 16044->16046 16047 407080 4 API calls 16044->16047 16045->16040 16048 402fec 7 API calls 16046->16048 16047->16046 16049 40303e 16048->16049 16049->16040 16051 40e6e0 CharNextA 16050->16051 16052 40e6ea 16050->16052 16051->16024 16052->16024 16053 40a1ce 16063 4051c8 16053->16063 16056 40a1e6 16057 40a1ee GetLastError 16058 40a1fa 16057->16058 16059 40a20f 16057->16059 16058->16059 16060 40a204 16058->16060 16065 40a190 16060->16065 16064 4051cc GetFileAttributesA 16063->16064 16064->16056 16064->16057 16066 4051c8 16065->16066 16067 40a1aa FindFirstFileA 16066->16067 16068 40a1b5 FindClose 16067->16068 16069 40a1c7 16067->16069 16068->16069 16069->16059 16070 40f8ef 16071 40f8e0 SetErrorMode 16070->16071 16072 41c934 16073 41c94a 16072->16073 16074 41c97f 16073->16074 16094 41c7a8 16073->16094 16082 41c88c 16074->16082 16078 41c9aa 16080 41c9c2 16078->16080 16108 41c830 16078->16108 16083 41c90a 16082->16083 16085 41c8b6 16082->16085 16084 404d38 11 API calls 16083->16084 16086 41c921 16084->16086 16085->16083 16087 41c88c 51 API calls 16085->16087 16086->16078 16103 41c800 16086->16103 16088 41c8ce 16087->16088 16121 4063e8 16088->16121 16091 406438 30 API calls 16092 41c8fc 16091->16092 16124 41c724 16092->16124 16095 407080 4 API calls 16094->16095 16097 41c7ae 16095->16097 16096 41c7cb 16098 407080 4 API calls 16096->16098 16097->16096 16099 407080 4 API calls 16097->16099 16100 41c7d6 16098->16100 16099->16096 16101 407080 4 API calls 16100->16101 16102 41c7f6 16101->16102 16102->16074 16104 407080 4 API calls 16103->16104 16106 41c808 16104->16106 16105 41c82b 16105->16078 16106->16105 16107 41cd04 42 API calls 16106->16107 16107->16106 16109 407080 4 API calls 16108->16109 16110 41c837 16109->16110 16111 407080 4 API calls 16110->16111 16112 41c847 16111->16112 16288 41cdec 16112->16288 16115 407080 4 API calls 16116 41c85b 16115->16116 16291 41cbf8 16116->16291 16118 41c86c 16119 41c877 16118->16119 16120 407080 4 API calls 16118->16120 16119->16080 16120->16119 16133 4063c0 VirtualQuery 16121->16133 16125 41c735 16124->16125 16126 41c744 FindResourceA 16125->16126 16127 41c7a1 16126->16127 16128 41c754 16126->16128 16127->16083 16135 4205e0 16128->16135 16130 41c765 16139 41fec4 16130->16139 16132 41c780 16132->16083 16134 4063da 16133->16134 16134->16091 16136 4205ea 16135->16136 16144 4206d8 FindResourceA 16136->16144 16138 42061a 16138->16130 16170 42078c 16139->16170 16141 41fee0 16174 4229d4 16141->16174 16143 41fefb 16143->16132 16145 420704 LoadResource 16144->16145 16146 4206fd 16144->16146 16148 420717 16145->16148 16149 42071e SizeofResource LockResource 16145->16149 16154 420638 16146->16154 16151 420638 42 API calls 16148->16151 16152 42073c 16149->16152 16153 42071d 16151->16153 16152->16138 16153->16149 16155 42065d 16154->16155 16156 42066b 16154->16156 16166 409a5c 16155->16166 16158 406f48 42 API calls 16156->16158 16159 420698 16158->16159 16160 40daa0 11 API calls 16159->16160 16161 4206a7 16160->16161 16162 404d38 11 API calls 16161->16162 16163 4206c1 16162->16163 16164 404d38 11 API calls 16163->16164 16165 4206c9 16164->16165 16165->16145 16167 409a6c 16166->16167 16168 404e28 11 API calls 16167->16168 16169 409a74 16168->16169 16169->16156 16171 420796 16170->16171 16172 402ef4 11 API calls 16171->16172 16173 4207af 16172->16173 16173->16141 16199 422dc4 16174->16199 16177 422a81 16179 422de8 42 API calls 16177->16179 16178 422a4c 16215 422de8 16178->16215 16181 422a92 16179->16181 16183 422a9b 16181->16183 16184 422aa8 16181->16184 16186 422de8 42 API calls 16183->16186 16187 422de8 42 API calls 16184->16187 16192 422a74 16186->16192 16189 422ac3 16187->16189 16227 422974 16189->16227 16191 422de8 42 API calls 16191->16192 16204 41bf74 16192->16204 16195 407080 4 API calls 16196 422b1f 16195->16196 16197 422bef 16196->16197 16198 41cd04 42 API calls 16196->16198 16197->16143 16198->16196 16232 42145c 16199->16232 16201 422a0d 16201->16177 16201->16178 16205 41bf81 16204->16205 16247 41be60 RtlEnterCriticalSection 16205->16247 16207 41c05b 16248 41bf18 RtlLeaveCriticalSection 16207->16248 16208 41cd04 42 API calls 16213 41bfb8 16208->16213 16211 41c072 16211->16195 16212 41cd04 42 API calls 16214 41c01a 16212->16214 16213->16208 16213->16214 16249 41b968 16213->16249 16214->16207 16214->16212 16216 42145c 42 API calls 16215->16216 16217 422dfd 16216->16217 16218 404e28 11 API calls 16217->16218 16219 422e0a 16218->16219 16220 42145c 42 API calls 16219->16220 16221 422a57 16220->16221 16222 41c224 16221->16222 16253 41c1d0 16222->16253 16225 41c23c 16225->16191 16228 404d8c 11 API calls 16227->16228 16229 42298c 16228->16229 16231 4229bb 16229->16231 16279 41c700 16229->16279 16231->16192 16235 421467 16232->16235 16233 4214a1 16233->16201 16236 420e54 16233->16236 16235->16233 16239 4214a8 16235->16239 16237 40db20 42 API calls 16236->16237 16238 420e65 16237->16238 16238->16201 16240 4214ba 16239->16240 16241 4214d5 16240->16241 16243 40db20 16240->16243 16241->16235 16244 40db27 16243->16244 16245 406f48 42 API calls 16244->16245 16246 40db3f 16245->16246 16246->16241 16247->16213 16248->16211 16250 41b99e 16249->16250 16252 41b980 16249->16252 16250->16213 16251 41cd04 42 API calls 16251->16252 16252->16250 16252->16251 16267 41be60 RtlEnterCriticalSection 16253->16267 16255 41c1e1 16268 41bcc0 16255->16268 16259 41c215 16259->16225 16260 41c164 16259->16260 16261 406f48 42 API calls 16260->16261 16262 41c19a 16261->16262 16263 40daa0 11 API calls 16262->16263 16264 41c1a9 16263->16264 16265 404d38 11 API calls 16264->16265 16266 41c1c3 16265->16266 16266->16225 16267->16255 16269 41bcfc 16268->16269 16271 41bcd7 16268->16271 16273 41bf18 RtlLeaveCriticalSection 16269->16273 16270 41cd04 42 API calls 16270->16271 16271->16269 16271->16270 16274 41b900 16271->16274 16273->16259 16276 41b93a 16274->16276 16278 41b911 16274->16278 16275 41cd04 42 API calls 16275->16278 16276->16271 16277 403d0c 12 API calls 16277->16278 16278->16275 16278->16276 16278->16277 16280 41c716 16279->16280 16283 41c70c 16279->16283 16284 41c6c0 16280->16284 16283->16229 16285 41c6fb 16284->16285 16286 41c6d0 16284->16286 16285->16229 16286->16285 16287 41cd04 42 API calls 16286->16287 16287->16286 16289 41cd04 42 API calls 16288->16289 16290 41c854 16289->16290 16290->16115 16292 41cc03 16291->16292 16293 41cc90 42 API calls 16292->16293 16294 41cc17 16292->16294 16293->16294 16294->16118 16295 40f877 SetErrorMode 16296 4051c8 16295->16296 16297 40f8b0 LoadLibraryA 16296->16297 16298 40f8c6 16297->16298 16299 40a3b8 16300 4051c8 16299->16300 16301 40a3d2 FindFirstFileA 16300->16301 16302 40a3e2 16301->16302 16303 40a3f8 GetLastError 16301->16303 16305 40a334 4 API calls 16302->16305 16304 40a3ff 16303->16304 16306 40a3e9 16305->16306 16306->16304 16309 40a42c 16306->16309 16310 40a3f6 16309->16310 16311 40a437 FindClose 16309->16311 16310->16304 16311->16310 16312 4080fa 16316 403478 16312->16316 16314 40810f CreateWindowExA 16315 408149 16314->16315 16316->16314 16317 404cba 16318 404ce2 16317->16318 16320 404cd6 CreateThread 16317->16320 16319 402ef4 11 API calls 16318->16319 16319->16320 16322 404c84 16320->16322 16323 404c8c 16322->16323 16324 402f10 11 API calls 16323->16324 16325 404caa 16324->16325 16328 404d1c 16325->16328 16326 404cae 16329 404d30 RtlExitUserThread 16328->16329 16330 404d28 16328->16330 16329->16326 16330->16329 16331 40e31e 16332 404dd0 11 API calls 16331->16332 16333 40e34d 16332->16333 16334 40e3e0 16333->16334 16335 40e36d 16333->16335 16337 404d38 11 API calls 16334->16337 16336 402ef4 11 API calls 16335->16336 16339 40e374 16336->16339 16338 40e3f5 16337->16338 16340 402f10 11 API calls 16339->16340 16341 40e3d8 16340->16341

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00406654 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000105,00400000,005C479C), ref: 00406670
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,005C479C), ref: 0040668E
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,005C479C), ref: 004066AC
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 004066CA
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,00406759,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00406713
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,004068C0,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00406759,?,80000001), ref: 00406731
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,00406760,00000000,?,?,00000000,00406759,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 00406753
                                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 00406770
                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 0040677D
                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 00406783
                                                                                                                                                                                                          • lstrlen.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 004067AE
                                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004067F5
                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406805
                                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 0040682D
                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 0040683D
                                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 00406863
                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 00406873
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                          • API String ID: 1759228003-2375825460
                                                                                                                                                                                                          • Opcode ID: 3c5a9faecf0089d84e31240fc12571415decdeaec235185334a13c4c630849ea
                                                                                                                                                                                                          • Instruction ID: 5e157ed5537b4a237584c827f581b5c79b87ad4d306dd5e91e6fd8f6d5e6d84f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c5a9faecf0089d84e31240fc12571415decdeaec235185334a13c4c630849ea
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F51A372A0021C7AFB25D6A58C46FEF77AC8B04748F4140B7BA01F61C1E678DA448BA8
                                                                                                                                                                                                          Function 0040A3B8 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 162 40a3b8-40a3e0 call 4051c8 FindFirstFileA 165 40a3e2 162->165 166 40a3f8-40a3fd GetLastError 162->166 168 40a3e4 call 40a334 165->168 167 40a3ff-40a404 166->167 169 40a3e9-40a3ed 168->169 169->167 170 40a3ef-40a3f1 call 40a42c 169->170 172 40a3f6 170->172 172->167
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?), ref: 0040A3D3
                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?), ref: 0040A3F8
                                                                                                                                                                                                            • Part of subcall function 0040A334: FileTimeToLocalFileTime.KERNEL32(?), ref: 0040A364
                                                                                                                                                                                                            • Part of subcall function 0040A334: FileTimeToDosDateTime.KERNEL32(?,?), ref: 0040A373
                                                                                                                                                                                                            • Part of subcall function 0040A42C: FindClose.KERNEL32(?,?,0040A3F6,00000000,?), ref: 0040A438
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileTime$Find$CloseDateErrorFirstLastLocal
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 976985129-0
                                                                                                                                                                                                          • Opcode ID: 88c0eba407a221059a17cb6394ef407e21858510004f2839074d1fdf81b68649
                                                                                                                                                                                                          • Instruction ID: 7318d6a742725103a9cba4891fa0b0bafbc07ed17d6ac625fda81cc6e886857b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88c0eba407a221059a17cb6394ef407e21858510004f2839074d1fdf81b68649
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7E0A972A0122007C714AA6E088149F65888A843A931902BBFC14FB2C2E53CCC2607DA
                                                                                                                                                                                                          Function 00407298 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 178 407298-407299 179 4072db-4072fb 178->179 180 40729b-4072a2 178->180 181 407369 179->181 182 4072fd 179->182 180->179 183 40736b 181->183 184 4073cc-4073cd 181->184 185 407309-407330 182->185 186 4072ff-407303 182->186 187 4073c0-4073cb RegQueryValueExA 183->187 188 40736d-40736f 183->188 192 4073ce-4073d5 184->192 190 407333 185->190 191 407398-40739d RegCreateKeyExA 185->191 195 407351-407359 186->195 196 407305 186->196 187->184 193 4073d6-407424 CopyFileA CreateMutexA 188->193 200 407371-407378 AllocateAndInitializeSid 188->200 198 407335-40733c 190->198 199 4073ab-4073ac 190->199 197 40739f-4073a3 191->197 192->193 195->192 204 40735b-40735d 195->204 196->185 201 4073a4-4073a5 197->201 198->201 207 40733f 198->207 203 4073ad-4073b5 199->203 206 407395 200->206 201->199 208 4073b7-4073bd 203->208 204->197 205 40735f-407366 204->205 205->181 205->203 206->191 207->208 209 407341-40734e 207->209 208->187 209->206 210 407350 209->210 210->195
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0367e5f77bd93087222fc53954bc11bf2d82155372a92d8f23bf38d1ebb15c6c
                                                                                                                                                                                                          • Instruction ID: 8aeb1cb433f889c171490a0e4d23618bc073b500d8069fbb6a976648bc53ce31
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0367e5f77bd93087222fc53954bc11bf2d82155372a92d8f23bf38d1ebb15c6c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A41FC3285D7C45FE72A8A20AE6A2A17F50F713310F0805AFCC856A997D33B7515E74E
                                                                                                                                                                                                          Function 0041C724 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 235 41c724-41c733 236 41c735 235->236 237 41c73b-41c752 call 4051c8 FindResourceA 235->237 236->237 240 41c7a1-41c7a6 237->240 241 41c754-41c77b call 4205e0 call 41fec4 237->241 245 41c780-41c797 call 403e18 241->245
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindResourceA.KERNEL32(?,00000000,0000000A), ref: 0041C746
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FindResource
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1635176832-0
                                                                                                                                                                                                          • Opcode ID: 927b739f5dd82f3a62546379a84184c750f96bd51a941ff20b51cb646dc3ae75
                                                                                                                                                                                                          • Instruction ID: 996fa8d1b5cc83aab3616b7d890c4885aeaf4f2c35666b1494ada21590d8a41e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 927b739f5dd82f3a62546379a84184c750f96bd51a941ff20b51cb646dc3ae75
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E201D471344701AFE700DF5AECC296AB7EDDB89724B21403AF50497291DA799C019A54
                                                                                                                                                                                                          Function 0040EBAC Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,0040EE77,?,?,00000000,00000000), ref: 0040EBE2
                                                                                                                                                                                                            • Part of subcall function 0040D29C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040D2BA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                                                          • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                                                          • API String ID: 4232894706-2493093252
                                                                                                                                                                                                          • Opcode ID: e596efd3e15893db175018f12e90038649555bba701bce8a071dfc970edbbe08
                                                                                                                                                                                                          • Instruction ID: 384570b5c086108fd862587f4ee1b0a76cd021afc31e3a6baf9d09aa45334233
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e596efd3e15893db175018f12e90038649555bba701bce8a071dfc970edbbe08
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E613230B001089BD704E7E6D841A9EB7A6AB88304F50987FB501BB7D6DA3CDD19976D
                                                                                                                                                                                                          Function 0040A1CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 117 40a1ce-40a1e4 call 4051c8 GetFileAttributesA 120 40a1e6-40a1ed 117->120 121 40a1ee-40a1f8 GetLastError 117->121 122 40a1fa-40a1fd 121->122 123 40a20f-40a211 121->123 122->123 124 40a1ff-40a202 122->124 125 40a215-40a217 123->125 124->123 126 40a204-40a20d call 40a190 124->126 126->123 129 40a213 126->129 129->125
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0040A1DC
                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0040A1EE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesErrorFileLast
                                                                                                                                                                                                          • String ID: {
                                                                                                                                                                                                          • API String ID: 1799206407-366298937
                                                                                                                                                                                                          • Opcode ID: 6ae13cbaaa682d1f18c01fb240318da2dd190ae950ee82183eaadb9af243c041
                                                                                                                                                                                                          • Instruction ID: 1dc9cbbd464976f05ea86cb53fb5db1caf0f7eec3f55fcb7d0db837bc37438c1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ae13cbaaa682d1f18c01fb240318da2dd190ae950ee82183eaadb9af243c041
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE048616953202DCD3571FC19C95AB024449562A972405BBF911F73D2FA3F5C62119F
                                                                                                                                                                                                          Function 0040EAE8 Relevance: 4.6, APIs: 3, Instructions: 56threadCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 130 40eae8-40eb11 GetThreadLocale 131 40eb13 130->131 132 40eb15-40eb18 130->132 131->132 133 40eb30-40eb4a 132->133 134 40eb1a-40eb2d 132->134 135 40eb5b-40eb67 GetSystemMetrics 133->135 136 40eb4c-40eb53 133->136 134->133 137 40eb6a-40eb7b GetSystemMetrics 135->137 136->135 138 40eb55-40eb59 136->138 139 40eb84-40eb8a 137->139 140 40eb7d-40eb83 call 40ea8c 137->140 138->137 140->139
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetThreadLocale.KERNEL32 ref: 0040EB0A
                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000004A), ref: 0040EB5D
                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000002A), ref: 0040EB6C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MetricsSystem$LocaleThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2159509485-0
                                                                                                                                                                                                          • Opcode ID: a6bb45a4ab979f4702b9d378431415994253ac56f2ce1c2b0e03d07efa9f64d6
                                                                                                                                                                                                          • Instruction ID: 39d7488d5252617bc629c71f1b51ede6515f0395e25e7805149dbde686e4dc39
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6bb45a4ab979f4702b9d378431415994253ac56f2ce1c2b0e03d07efa9f64d6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2701E521A047518ED3209A679801B63B6E8EF51325F44C83FD88AA73C1DB3DA857C76A
                                                                                                                                                                                                          Function 00405608 Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 143 405608-40560a 144 405610-40561a SysAllocStringLen 143->144 145 405518-40551c 143->145 146 405620-40562a SysFreeString 144->146 147 4054e8-4054f2 144->147 148 40552c-40555a 145->148 149 40551e-40552b SysFreeString 145->149 156 405504 147->156 157 4054f4-4054fe SysAllocStringLen 147->157 148->145 152 405560-405565 148->152 149->148 152->145 153 40556b-405575 SysReAllocStringLen 152->153 153->147 154 40557b 153->154 157->147 157->156
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00405526
                                                                                                                                                                                                          • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00405613
                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00405625
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: String$Free$Alloc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 986138563-0
                                                                                                                                                                                                          • Opcode ID: 215ac1b110bc87d70b44df13d0749045dc8f860a145eb18e22fc63fcdf352066
                                                                                                                                                                                                          • Instruction ID: 6436cffdaf6eaabc757a165559f5519ef1923151ceaac96e34cdbf2466f1e31f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 215ac1b110bc87d70b44df13d0749045dc8f860a145eb18e22fc63fcdf352066
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24E0ECB81016016EFF282F229C01B3B2629EF82745B64847EBC00AA6A5D63DCC419A3C
                                                                                                                                                                                                          Function 0040F877 Relevance: 3.0, APIs: 2, Instructions: 34libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 158 40f877-40f8c1 SetErrorMode call 4051c8 LoadLibraryA 161 40f8c6-40f8cb 158->161
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNEL32 ref: 0040F882
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,0040F8CC,?,00000000,0040F8EA), ref: 0040F8B1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLibraryLoadMode
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2987862817-0
                                                                                                                                                                                                          • Opcode ID: 20f3760fa09fcb2a6f3df42155c06b6e840e7404fb08432e6eca0bbf61358a2d
                                                                                                                                                                                                          • Instruction ID: 30d02633c5d47571a6d8ddcbadbbbf09f36c91a1831e0395f73516d042239ee0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20f3760fa09fcb2a6f3df42155c06b6e840e7404fb08432e6eca0bbf61358a2d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88F0E271A14704BFCB116F768C6286BBFACEB0EB1435288B6F800B2AD1E63D5810C664
                                                                                                                                                                                                          Function 0040A408 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 173 40a408-40a41a FindNextFileA 174 40a425-40a42b GetLastError 173->174 175 40a41c-40a424 call 40a334 173->175
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 0040A413
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?), ref: 0040A425
                                                                                                                                                                                                            • Part of subcall function 0040A334: FileTimeToLocalFileTime.KERNEL32(?), ref: 0040A364
                                                                                                                                                                                                            • Part of subcall function 0040A334: FileTimeToDosDateTime.KERNEL32(?,?), ref: 0040A373
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileTime$DateErrorFindLastLocalNext
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2103556486-0
                                                                                                                                                                                                          • Opcode ID: bf48ae8132c5bbad6d0b18798e47058994b7da0b2b185a2c3f278ea7eeecab57
                                                                                                                                                                                                          • Instruction ID: 26c6c634826ea2bb1f8ee83a6a69aef5031f3afcc71ae0614744ca739c1c9f22
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf48ae8132c5bbad6d0b18798e47058994b7da0b2b185a2c3f278ea7eeecab57
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEC012A26052011BCB40EFB69CC1897229C1A4820931414BBBA04DA183EA3CD420431A
                                                                                                                                                                                                          Function 00403CA8 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 211 403ca8-403cb3 212 403d21-403d25 211->212 213 403cb5-403cbc 211->213 214 403d26-403d34 212->214 213->214 215 403cbe-403cc9 213->215 218 403d35 214->218 216 403d36-403d65 call 403cf8 call 404f9c call 404ff8 call 4051c8 call 404ff8 call 4051c8 215->216 217 403ccb-403cce 215->217 231 403d6a-403d85 CompareStringA 216->231 217->218 219 403cd0-403cd2 217->219 219->212 232 403d8a-403d92 call 404d38 231->232
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CompareStringA.KERNEL32(00000800,00000001,00000000,00000000,00000000,00000000), ref: 00403D72
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CompareString
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1825529933-0
                                                                                                                                                                                                          • Opcode ID: f833a957531f3198c24e00bad8447986c7ee58f6d77920d5a0193ca85148cd9a
                                                                                                                                                                                                          • Instruction ID: b0bffb1f98e96099bff94250f95a98b93a505e35f1539525066c2b05e79d391f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f833a957531f3198c24e00bad8447986c7ee58f6d77920d5a0193ca85148cd9a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 981101711082456EC711EAA48D83AAE7F6CDF53316B1005ABF144F50D3C77C4E028699
                                                                                                                                                                                                          Function 00403D0C Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CompareStringA.KERNEL32(00000800,00000001,00000000,00000000,00000000,00000000), ref: 00403D72
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CompareString
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1825529933-0
                                                                                                                                                                                                          • Opcode ID: 66db23c4af2a0212c26ae08eb7662cbe355c2cfd915a4f247a02a9d7d9deb789
                                                                                                                                                                                                          • Instruction ID: bf3e2969fa572b5fe117b4410219aa4d86d51cb0f0ad4154b7570edc3f996cd0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66db23c4af2a0212c26ae08eb7662cbe355c2cfd915a4f247a02a9d7d9deb789
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5301A271644609AFDB10FB69DC83A9E77ACDF44708F1104BAF509F22D1DB785F005958
                                                                                                                                                                                                          Function 004080FA Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 266 4080fa-408144 call 403478 CreateWindowExA call 403468 270 408149-408150 266->270
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040813B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                                                          • Opcode ID: f42c82351ad1b37ab34b25bc097aeb501a8c09cfcdc322f85b8bed3a1f932ba1
                                                                                                                                                                                                          • Instruction ID: ad932a6a948a3c5feed10dba432ea932d9e79b86078704e8990aba0154553035
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f42c82351ad1b37ab34b25bc097aeb501a8c09cfcdc322f85b8bed3a1f932ba1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36F07FB2704118BF9B80DE9DDC81E9B77ECEB4D2A4B05412ABA08E7201D634ED108BB4
                                                                                                                                                                                                          Function 00404CBA Relevance: 1.5, APIs: 1, Instructions: 39threadCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 271 404cba-404cd4 272 404ce2-404cee call 402ef4 271->272 273 404cd6-404ce0 271->273 277 404cf1-404d16 CreateThread 272->277 273->277
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateThread.KERNEL32(?,?,Function_00004C84,00000000,?,?), ref: 00404D0C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                          • Opcode ID: e61563ba41f31488982ff2a5faf7dc01e67ea7ddb2fd76e41a90a46a2a3ee832
                                                                                                                                                                                                          • Instruction ID: 66961fe841b21d30eee555e34491a277d3e0da27be9a75b63725a3affb8da9d0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e61563ba41f31488982ff2a5faf7dc01e67ea7ddb2fd76e41a90a46a2a3ee832
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79F049B1205104AFE304CB4DD848E6ABBBCEB98354F11807AF608EB291D6789D05A764
                                                                                                                                                                                                          Function 00406F48 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 278 406f48-406f57 279 406f96-406f9e 278->279 280 406f59-406f60 278->280 281 406f62-406f85 call 406438 LoadStringA call 404e28 280->281 282 406f8c-406f91 call 404f30 280->282 287 406f8a 281->287 282->279 287->279
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadStringA.USER32(00000000,00010000,?,00001000), ref: 00406F7A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LoadString
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2948472770-0
                                                                                                                                                                                                          • Opcode ID: e5f3f2f5daca680838bb5ab9b9fa9b35bd84d13e5e8b722b34b14af275e2fb06
                                                                                                                                                                                                          • Instruction ID: 7266ca9aeeea33bb1d7e311ce3770e57ea93848e3c688ed763b85c9757603669
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5f3f2f5daca680838bb5ab9b9fa9b35bd84d13e5e8b722b34b14af275e2fb06
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13F0A0713001119FDB00EA5DD9C1B4673CC5B48359B048176B609EB39ADB78DC5447AA
                                                                                                                                                                                                          Function 004063F0 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040640E
                                                                                                                                                                                                            • Part of subcall function 00406654: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00400000,005C479C), ref: 00406670
                                                                                                                                                                                                            • Part of subcall function 00406654: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,005C479C), ref: 0040668E
                                                                                                                                                                                                            • Part of subcall function 00406654: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,005C479C), ref: 004066AC
                                                                                                                                                                                                            • Part of subcall function 00406654: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 004066CA
                                                                                                                                                                                                            • Part of subcall function 00406654: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,00406759,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00406713
                                                                                                                                                                                                            • Part of subcall function 00406654: RegQueryValueExA.ADVAPI32(?,004068C0,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00406759,?,80000001), ref: 00406731
                                                                                                                                                                                                            • Part of subcall function 00406654: RegCloseKey.ADVAPI32(?,00406760,00000000,?,?,00000000,00406759,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 00406753
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2796650324-0
                                                                                                                                                                                                          • Opcode ID: abac612f75250b08581bf10912bde2aacbf5807ae285d540184a2da58441a3ed
                                                                                                                                                                                                          • Instruction ID: fb10f14d2388350335a3caff1dff8197c0d98d05fe9597fdbecf33185411c522
                                                                                                                                                                                                          • Opcode Fuzzy Hash: abac612f75250b08581bf10912bde2aacbf5807ae285d540184a2da58441a3ed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0E06D71A002108BCB10EE6C88C1A4337D8AB08758F0149A6FD59EF38BD375DD6087D8
                                                                                                                                                                                                          Function 0040A218 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0040A223
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                          • Opcode ID: 91fccbd3ad660715366a5321cff66658ddcbed32dc57101da8d53921c73b3b82
                                                                                                                                                                                                          • Instruction ID: 63ec7d5eace984003e1fdd5c63894d894c8859e58cf07fbbc42fef255d16a1ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91fccbd3ad660715366a5321cff66658ddcbed32dc57101da8d53921c73b3b82
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EC08CB2A153001EDE1061FD0CC124B02C84A162393641BBFF028F27C2D23FA833201B
                                                                                                                                                                                                          Function 00407406 Relevance: 1.5, APIs: 1, Instructions: 15synchronizationCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateMutexA.KERNEL32(?,?,?,?,?,?), ref: 0040741E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateMutex
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1964310414-0
                                                                                                                                                                                                          • Opcode ID: 4e517a16085b8900b141571b75f19e29287a41f7ed24e47c7e5cc36522aeb123
                                                                                                                                                                                                          • Instruction ID: 9a9a85cdcff9b6a95a761c4839a8f4e9b907ca30e9718645d57da8c7f3a21ee1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e517a16085b8900b141571b75f19e29287a41f7ed24e47c7e5cc36522aeb123
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4D01273650248AFC700EEBDCC05DAB33DC9718609B00C425B918C7101D139E9508B64
                                                                                                                                                                                                          Function 0040A42C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindClose.KERNEL32(?,?,0040A3F6,00000000,?), ref: 0040A438
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseFind
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1863332320-0
                                                                                                                                                                                                          • Opcode ID: c26c13cbd83c84a6ed108d6e09f7139fcd72b322156912d4988866782952bca2
                                                                                                                                                                                                          • Instruction ID: 1fc7bc96447c977406962759ab81ac49ef083fef72283a891163336f70df389d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c26c13cbd83c84a6ed108d6e09f7139fcd72b322156912d4988866782952bca2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68C04CB0504700478B549E7D48C850626985A053383604755A434EA3D6D77CD8664B16
                                                                                                                                                                                                          Function 0040F8D3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(?,0040F8F1), ref: 0040F8E4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                          • Opcode ID: 3082e556ee0debdba9740fbada703ad87fd9c4545d49f6ca09dacbc7bacb9987
                                                                                                                                                                                                          • Instruction ID: 6acc0c3c93c696db9196c294dd10fb011bd360a14317706941a6c35da799448d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3082e556ee0debdba9740fbada703ad87fd9c4545d49f6ca09dacbc7bacb9987
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FB09B7BF0C7405DE715A799641595863D4E7C87203B18877F400D35C0D53D58048518
                                                                                                                                                                                                          Function 00404D1C Relevance: 1.5, APIs: 1, Instructions: 10threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExitThreadUser
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3424019298-0
                                                                                                                                                                                                          • Opcode ID: 390a04012c348916109d37acc256f88604f61c3d212b215cb5fcfb9ab0fc82d6
                                                                                                                                                                                                          • Instruction ID: c1a2205b8840a768eae7cab5653bf5a53821b9119abf951373921811c30329b9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 390a04012c348916109d37acc256f88604f61c3d212b215cb5fcfb9ab0fc82d6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FC09BA22406004FC3017B756CDDF4625EC7758357F9128BA7306F91A2C67CC4CCDA14
                                                                                                                                                                                                          Function 0040F8EF Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(?,0040F8F1), ref: 0040F8E4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                          • Opcode ID: 1c223485a1a9538c41f45f127dd5ac03f7499f024feef4f9e8d3bbe448de613d
                                                                                                                                                                                                          • Instruction ID: bf4399709d15c45cb43fcb2abd70df7768303de8cec79f43ffeed5c639de5566
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c223485a1a9538c41f45f127dd5ac03f7499f024feef4f9e8d3bbe448de613d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8A0222EC08000B2CE20B3E88008C8C23282A0C3803C08CB23002B3080C23EA800A20A
                                                                                                                                                                                                          Function 004016EC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004), ref: 00401702
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                          • Opcode ID: 6e0bff8d6e8b4105093eeb0d2ffe0f5546724f21840a69308321dd630b14feb6
                                                                                                                                                                                                          • Instruction ID: 2b29ffa86247d17962adf5f00faf49e67d4e06e8c3c36d2ff9d94ca15018a347
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e0bff8d6e8b4105093eeb0d2ffe0f5546724f21840a69308321dd630b14feb6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6F04FB0B007004FDB049F799D45B057AE5E789344F10813DE909EB3E8E77594059B24
                                                                                                                                                                                                          Function 004229D4 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a7ba2fdf1eabfef8bd50fa8f59f2f696325aa43e2fba63eca2461a347fd678db
                                                                                                                                                                                                          • Instruction ID: 42ce314c97841a770da3bdd424195237949b3faf278c71f7686cd9062883ba7d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7ba2fdf1eabfef8bd50fa8f59f2f696325aa43e2fba63eca2461a347fd678db
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E81C574A00218EFCB04DF99DA8199DBBF1FF48304B6181A6E800AB761D778EE41DF94
                                                                                                                                                                                                          Function 0040E31E Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b1b5f01a7b1715167eb2f2d8519d2293185b0b431e83310c7d1ed55f9406fd25
                                                                                                                                                                                                          • Instruction ID: 0117d53b91ea201d1bbc938fc2a986d9bec24dcc7ac79b511844e89e91a7115f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1b5f01a7b1715167eb2f2d8519d2293185b0b431e83310c7d1ed55f9406fd25
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC213171A14609AFDB01DFA6CD829AFBBFCEB48300751487AB900F36D1D778AD10DA64
                                                                                                                                                                                                          Function 0041C88C Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 088959e49e9e807b774b8aea3a37d63d817137a3117818110b8db37d3039e491
                                                                                                                                                                                                          • Instruction ID: 419a28d7e6a6ba75b8486ab66df59c9424a48577ebbc1c3b013edce4f59e10ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 088959e49e9e807b774b8aea3a37d63d817137a3117818110b8db37d3039e491
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62018471640618AFC700EF69CCC28DEB7E8DF88304B518476F404E7251DB78AF858A99
                                                                                                                                                                                                          Function 0041B900 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CompareString
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1825529933-0
                                                                                                                                                                                                          • Opcode ID: 0d36c59de15e91a14baaad9626bd955da292daa19a2f348c102b82c3e896b0b4
                                                                                                                                                                                                          • Instruction ID: e9fb6474ad7724c6e36856aaadf6d58c1f7d54461eab5a7875ab067b695ce4ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d36c59de15e91a14baaad9626bd955da292daa19a2f348c102b82c3e896b0b4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE018FB13141158B8B10AE2AD48096BBBE9DF8475472982ABE948CB326CB24DC43C7E4
                                                                                                                                                                                                          Function 0041C934 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6986e3dcf7d975ea7d45ea17c58d8046ca44750e1be97a11cf26ab7093b1a343
                                                                                                                                                                                                          • Instruction ID: de48b260d3bd25df338cbb88e578744343e1e779eb8a6680c2f996573ad0a097
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6986e3dcf7d975ea7d45ea17c58d8046ca44750e1be97a11cf26ab7093b1a343
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 120104B0594684AFD716AB65CC927EDBFF4EF05700F9540A6F400922A1D7385DD0C62D
                                                                                                                                                                                                          Function 0040497C Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 88d47741c8cd15b5dba197ba13559d246a801b8ceb43766c400bd75365850563
                                                                                                                                                                                                          • Instruction ID: 08030087587a6ee85ffc5e97d626147cf383f547580f6f76f45c105ac705df3b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88d47741c8cd15b5dba197ba13559d246a801b8ceb43766c400bd75365850563
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F096F2605A149FD3118F69D98181BB7E9E789720392407BE604E3B90D535AC1096D4
                                                                                                                                                                                                          Function 0041FEC4 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8ca0b3ebf65304d1ea70bee557be8683eb900cca75265dfeceb3dddf6db36973
                                                                                                                                                                                                          • Instruction ID: c4806730101312c23d37bd83ccea392c5135513b4e2c501fba54bfa7030e9bf2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ca0b3ebf65304d1ea70bee557be8683eb900cca75265dfeceb3dddf6db36973
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97F05530708204AFD704DF29DC92899BBE8E389700B914076F000C3391DA782C428648
                                                                                                                                                                                                          Function 004049E5 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: aea5a045aa6e8871d733413e20106fba1c1d66f51322a78fce6f48eac40ecc24
                                                                                                                                                                                                          • Instruction ID: 6c51278ef6db3c408db0b09c134cf7f4390433daca311a38506d83b55b3adb2f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: aea5a045aa6e8871d733413e20106fba1c1d66f51322a78fce6f48eac40ecc24
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2F082D15055814EC3218B78A8C9F817FE1F692220F9811BE9995DAAE2E23C808AE765
                                                                                                                                                                                                          Function 00404C84 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1fd0098eaa6de629c1b11c432e0f6faf2592bba81e7c715499d1a734aff617ba
                                                                                                                                                                                                          • Instruction ID: ec1406aaee5e8a0eeeea323655bfc0848e992f118621779835688d1d54dc4c64
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fd0098eaa6de629c1b11c432e0f6faf2592bba81e7c715499d1a734aff617ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5E0DF762083045FA308EF22E822C26B7A9D7C9B10310C87EF80497A80DD38B821C468
                                                                                                                                                                                                          Function 004049E4 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b398cdb6b7cdcbe81d0b63fab30bea108b87a9ff51807b2de5585e09ac1691c9
                                                                                                                                                                                                          • Instruction ID: f40aec02eeb643f7f1e97c73159844c22d46298ce6ef83d232369520bae71fce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b398cdb6b7cdcbe81d0b63fab30bea108b87a9ff51807b2de5585e09ac1691c9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86E0E2B0801A008EC700DF68A888E02BAF1F765348F8091BE9408F7271E378804DABA5
                                                                                                                                                                                                          Function 00403E18 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6a3c7b9f1797a488de21e861749322422cbf90c3622f26d40c67571f13affa8d
                                                                                                                                                                                                          • Instruction ID: 6e6bf14b64d685fd7bb707e775c28699e5a01b8ddc0e80424c2b23bf5ee1386a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a3c7b9f1797a488de21e861749322422cbf90c3622f26d40c67571f13affa8d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6B012306000014B8E00CE11C14C1157F655A4130930010A4C4028F290CE679904CB40

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 00406490 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,?,00400000,005C479C), ref: 004064AD
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 004064C4
                                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,?,?,00400000,005C479C), ref: 004064F4
                                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,?,kernel32.dll,?,00400000,005C479C), ref: 00406558
                                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,?,00400000,005C479C), ref: 0040658E
                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,?,00400000,005C479C), ref: 004065A1
                                                                                                                                                                                                          • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00400000,005C479C), ref: 004065B3
                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00400000,005C479C), ref: 004065BF
                                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00400000), ref: 004065F3
                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll), ref: 004065FF
                                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 00406621
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                                          • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                                                                                          • API String ID: 3245196872-1565342463
                                                                                                                                                                                                          • Opcode ID: af7636f1ac12b4715a3e1ddca8c73b8177f910e7d62148824903c52b939d34fe
                                                                                                                                                                                                          • Instruction ID: 10ee413f2eb17d2eb30b6eb06b35ca201cc2411c92d10b1534f8901507da16e9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: af7636f1ac12b4715a3e1ddca8c73b8177f910e7d62148824903c52b939d34fe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C418E71D00619ABDB10DBE8CD89ADFB7FCAF08344F0505BAA546F7291D6389E508B58
                                                                                                                                                                                                          Function 0040A07E Relevance: 3.0, APIs: 2, Instructions: 25fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 0040A094
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?), ref: 0040A09F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                          • Opcode ID: 76c00b5a001a9ad399836e5a6c9c772ced64ee8b6fa141093e4c215e1c1cdf3f
                                                                                                                                                                                                          • Instruction ID: fcd2cf5c1ee45d019d12990ab37e1e58ab873d0aacf31eaccfd065d3ef86398a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76c00b5a001a9ad399836e5a6c9c772ced64ee8b6fa141093e4c215e1c1cdf3f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04E06530A1030D47CB20EF798C45ADA339CAB08324F000777B928D33D0E638DD608697
                                                                                                                                                                                                          Function 0040A190 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?), ref: 0040A1AB
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?), ref: 0040A1B6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                          • Opcode ID: d547afc37ae67694dac33bc9427c58825812c941f46c0851e7db3a44b0c9b28c
                                                                                                                                                                                                          • Instruction ID: 2582233e79da3d6712f1643d185eef4100e87e37fa9b7f609966eb7befc25ac0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d547afc37ae67694dac33bc9427c58825812c941f46c0851e7db3a44b0c9b28c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96E0CD3191430C12C71051FA0C8579B768C5B04328F0407BBFD5CF12D2E67D9514045B
                                                                                                                                                                                                          Function 0040A62A Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 0040A64D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DiskFreeSpace
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1705453755-0
                                                                                                                                                                                                          • Opcode ID: 4677c480db41a5919d73ddeb0dcf2db105663cbc8e9aa77ca5ffcb3b7ef35041
                                                                                                                                                                                                          • Instruction ID: 422348533f56fd3d349ea577a88bcee3b5014827bf4accb1bc82763b7bf30eb1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4677c480db41a5919d73ddeb0dcf2db105663cbc8e9aa77ca5ffcb3b7ef35041
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E11C0B5E00209AFDB04CF99C8819AFB7F9EFC8304B14C56AA509E7254E6319E018B94
                                                                                                                                                                                                          Function 0040D29C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040D2BA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                          • Opcode ID: bf36a3683dfcfd5ed2b9b0fe9a56c4ea51107a501e1cb39fa635c3c93430f12e
                                                                                                                                                                                                          • Instruction ID: e517db6e09904afc974c349e5dfa122a21d1fe16b9bb3eb40bc0ba448f1bbeec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf36a3683dfcfd5ed2b9b0fe9a56c4ea51107a501e1cb39fa635c3c93430f12e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09E0D872B0421817D311A5A98C82AF7B25CAB58320F0002BFBE09E73C5EDB4DD8442ED
                                                                                                                                                                                                          Function 0040E290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Version
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1889659487-0
                                                                                                                                                                                                          • Opcode ID: d3765a44ea23ffd174db987aa9a6078b78e92e617b3328f2af16296b17a0c507
                                                                                                                                                                                                          • Instruction ID: 7e7803f747c259e265a1e28fd324745637ae4dbdca50d3502b6bd23008ee2547
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3765a44ea23ffd174db987aa9a6078b78e92e617b3328f2af16296b17a0c507
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1F017B05087019FC340DF69D861E1577E4FB59710F018A3EE498D73D0D738981A9F56
                                                                                                                                                                                                          Function 0040D2E8 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,?,?,00000002), ref: 0040D2FB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                          • Opcode ID: 7a49a5b6450d6858172dc4dd861cfb31e109720f08f1095ea788c1aee210495f
                                                                                                                                                                                                          • Instruction ID: 06437d22d00813501e517c8f103118be5a42ed783dba3d3633909b98c2f95b31
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a49a5b6450d6858172dc4dd861cfb31e109720f08f1095ea788c1aee210495f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AD05E6270D2603AE210519B2D95DBB5EDCCAC57B1F10413BFA48D6281E2248C0A927A
                                                                                                                                                                                                          Function 0040BBCC Relevance: 1.5, APIs: 1, Instructions: 13timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 481472006-0
                                                                                                                                                                                                          • Opcode ID: ffecdcc069200d56f7138628c2879d8177b73864d41669e8442184d02e6143fe
                                                                                                                                                                                                          • Instruction ID: 4da99afc40f1f98a46de33cd03a6bcaa7dbbee62c1106452e4c43042e8d24836
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffecdcc069200d56f7138628c2879d8177b73864d41669e8442184d02e6143fe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1D0926040C621A1C2007B16C88147EBBE4AE81A05F808DAEF8C8901E1EB39D5A4D36B
                                                                                                                                                                                                          Function 00402364 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                                                          • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                                                                                                                                          Function 00405E20 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d17ffc1b7c175c9f3f133bcf490b3ef334a0cf6f2a578ee1034f9dfeca47056c
                                                                                                                                                                                                          • Instruction ID: 84055fddaba81569a5d8b2d82b2ee482eff4282c83ee4910e97257892026859f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d17ffc1b7c175c9f3f133bcf490b3ef334a0cf6f2a578ee1034f9dfeca47056c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A701C432B017110B870CDD3ECD9862BB6D3ABC8910F09C63E95C9C72C4DE318C1AC686
                                                                                                                                                                                                          Function 00407386 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 93a0601c067ca857fdb21d9c4cc9a89154ff08232491ff9cf2ada0e2e0072270
                                                                                                                                                                                                          • Instruction ID: 8be714bd0922a41daacc2ac92aa2a127ffcd341ce1cbe069f47596bb33d13b03
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93a0601c067ca857fdb21d9c4cc9a89154ff08232491ff9cf2ada0e2e0072270
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0040757E Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 47ce66c076135909b43150318d1ed897b7cb87cc9fb7e0d192ab8b8c94ffa1cd
                                                                                                                                                                                                          • Instruction ID: be517312669848e78ddb251ee1510fb2c772ffb862241685daf4a367c6f2c35f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47ce66c076135909b43150318d1ed897b7cb87cc9fb7e0d192ab8b8c94ffa1cd
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 00407596 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 82bacb4e5e0897c9c52d6f33446234db0bf306de5e4065b18cc4022b7481dd0b
                                                                                                                                                                                                          • Instruction ID: 0e3a928910145dff67c2b6bb05e154c5528f3c0bbb04a2fdc2c0aa17a17cb04e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82bacb4e5e0897c9c52d6f33446234db0bf306de5e4065b18cc4022b7481dd0b
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 00410616 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cd84ffe6ea6a81c4340570ca6209e6b4f33e955ef5bde5832221e54f37e4dc04
                                                                                                                                                                                                          • Instruction ID: 0fc36bcf4fd42df20c963f6a891dc8fdd16caa04d2384bbc12abbbfce4a7cffb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd84ffe6ea6a81c4340570ca6209e6b4f33e955ef5bde5832221e54f37e4dc04
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 00407AE6 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 09678ce9b8719395b471a4889fb3da65c48f231be5c76d04a4415aed8521aeb0
                                                                                                                                                                                                          • Instruction ID: ccce525f6f6be9adbc1ae2ffa7d47bd0e551b4685be3238b98922294dc034860
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09678ce9b8719395b471a4889fb3da65c48f231be5c76d04a4415aed8521aeb0
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 00407BDE Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 9687dbfc2d74068449d80db22adf3b5f11521e9f515cdbb23a067c9dea8ecc70
                                                                                                                                                                                                          • Instruction ID: bd3d806b864222197137e147694fb30cbe0f9892faa18bc1da1a80bb22eb5736
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9687dbfc2d74068449d80db22adf3b5f11521e9f515cdbb23a067c9dea8ecc70
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 00407C0E Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6d3e9f496195e2c5ceb10e8575df81110131f91c0edbb68defc78aea3677f3a6
                                                                                                                                                                                                          • Instruction ID: 9e3839eb7f6ff53a5b0c63efa45c393c42b4130d6daf6bebf45960ab6ef0b1a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d3e9f496195e2c5ceb10e8575df81110131f91c0edbb68defc78aea3677f3a6
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 00407DEE Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4e2ae50f9b3e9052029a7e5d490ee08ed846f38c8d29f6eae88bb7dcd1cb6c90
                                                                                                                                                                                                          • Instruction ID: 5805db2efda80558d7c64ede829084e8fea8faa27671ae35df1c06b79080d963
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e2ae50f9b3e9052029a7e5d490ee08ed846f38c8d29f6eae88bb7dcd1cb6c90
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 00407EAE Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a71fd40d3044a45c558ec3c06f5914df48140acd3f981dfaa54bf272d70c7eeb
                                                                                                                                                                                                          • Instruction ID: 0e44d411f39d25679ebce584135f8b2d1780aba4ea5c023ee45b5d00b5e73a8e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a71fd40d3044a45c558ec3c06f5914df48140acd3f981dfaa54bf272d70c7eeb
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 00407F5E Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 06d1da923a1647c9e76e466e3a5a7946d7c1b4709d7de6ca4b3704c922e3cca2
                                                                                                                                                                                                          • Instruction ID: c513f6b1168a9112d575e2bf3b821372c0cbfd5a4983372f5057f1c6570498d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06d1da923a1647c9e76e466e3a5a7946d7c1b4709d7de6ca4b3704c922e3cca2
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 00410B1C Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 00410B25
                                                                                                                                                                                                            • Part of subcall function 00410AF0: GetProcAddress.KERNEL32(00000000), ref: 00410B09
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                          • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                                                                          • API String ID: 1646373207-1918263038
                                                                                                                                                                                                          • Opcode ID: 2433f4a8f5941641ec323bd1de4e45f469cc96b9fa5bd255fbe26df3147f67c6
                                                                                                                                                                                                          • Instruction ID: 41f02b592aec5c50c35ec929f01136ce0f58b28e0beaaa74dd9ced15939b7816
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2433f4a8f5941641ec323bd1de4e45f469cc96b9fa5bd255fbe26df3147f67c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 754137B16C67046B5350ABAE78228EA37D8DAA4754760C03FF4048B756DFF8B8C1962D
                                                                                                                                                                                                          Function 0040325C Relevance: 27.1, APIs: 9, Strings: 9, Instructions: 110COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                                          • String ID: $ $ $"$"$"$"$"$"
                                                                                                                                                                                                          • API String ID: 3213498283-3597982963
                                                                                                                                                                                                          • Opcode ID: d879601b215014b92cbdc9bf6d7a60d161fa4f9c74acb53613478e46e0586e0c
                                                                                                                                                                                                          • Instruction ID: b1f1235257fcfa91303e850b047b93378a5f67fcad0b885d2a6807929ea4b06c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d879601b215014b92cbdc9bf6d7a60d161fa4f9c74acb53613478e46e0586e0c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A3165916083D42EEB322AB99CC432B2FCC4B56356F1809FFA541B63D7D97C4941835E
                                                                                                                                                                                                          Function 00408154 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindWindowA.USER32(MouseZ,Magellan MSWHEEL), ref: 0040816C
                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(MSWHEEL_ROLLMSG), ref: 00408178
                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(MSH_WHEELSUPPORT_MSG), ref: 00408187
                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(MSH_SCROLL_LINES_MSG), ref: 00408193
                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 004081AB
                                                                                                                                                                                                          • SendMessageA.USER32(00000000,?,00000000,00000000), ref: 004081CF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClipboardFormatRegister$MessageSend$FindWindow
                                                                                                                                                                                                          • String ID: MSH_SCROLL_LINES_MSG$MSH_WHEELSUPPORT_MSG$MSWHEEL_ROLLMSG$Magellan MSWHEEL$MouseZ
                                                                                                                                                                                                          • API String ID: 1416857345-3736581797
                                                                                                                                                                                                          • Opcode ID: d0c41299d180edd0e764bf78713709fa2df66d28c53138fce63a93990b22f3ff
                                                                                                                                                                                                          • Instruction ID: e97d43b0015e8c277e894943645c5a764ef86f3b6875960b9750d38bca844fa2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0c41299d180edd0e764bf78713709fa2df66d28c53138fce63a93990b22f3ff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27117071644302AFE310AF55CD41B6AB7A8EF49354F20447FF880AF3C1DAB86C418BA9
                                                                                                                                                                                                          Function 00402814 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 00402BB2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                          • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                                                                                                                                                          • API String ID: 2030045667-32948583
                                                                                                                                                                                                          • Opcode ID: 6d2f583770a5c284393d97a9bebb9e295efe89f44ea87cbb6e75609412fb254c
                                                                                                                                                                                                          • Instruction ID: 485fee4f3643b5c2487d1ddf534532fecee11c890710d85dc15118134b43ced6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d2f583770a5c284393d97a9bebb9e295efe89f44ea87cbb6e75609412fb254c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82A1B730B042548BDF21AB2DC988B9977F4EB09714F1441F6E849BB3C2CBBD9985CB59
                                                                                                                                                                                                          Function 00411DCC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 00411E65
                                                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00411E81
                                                                                                                                                                                                          • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00411EBA
                                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00411F37
                                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 00411F50
                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?), ref: 00411F85
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 351091851-3916222277
                                                                                                                                                                                                          • Opcode ID: be779c32383df5b142a194d8c9856758cccf68a2a87930905684b97ec98eec7f
                                                                                                                                                                                                          • Instruction ID: 9baf8a980d0ccaf320f07e7202fd15771a3ed65a479e5a3214ff70033aed8183
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be779c32383df5b142a194d8c9856758cccf68a2a87930905684b97ec98eec7f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0351FE759006299BCB22DB59C891BD9B3BCAF48304F0441DAF609E7222D674AFC58F69
                                                                                                                                                                                                          Function 00404B04 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00404BCB,?,?,?,00000002,00404C76,00402FF7,0040303E), ref: 00404B3D
                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00404BCB,?,?,?,00000002,00404C76,00402FF7,0040303E), ref: 00404B43
                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,00404B8C,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00404BCB), ref: 00404B58
                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,00404B8C,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00404BCB), ref: 00404B5E
                                                                                                                                                                                                          • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404B7C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                                                                                                          • Opcode ID: 6a952aef6b86e8421f31a1654be8ea45b291cd1ba05ff82fa8df48dd4f12f1c1
                                                                                                                                                                                                          • Instruction ID: 95f7bf47fd5bac37786e481b8911072f2d792de778d0dc8cebeba5fefc4a3777
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a952aef6b86e8421f31a1654be8ea45b291cd1ba05ff82fa8df48dd4f12f1c1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F0C2906843047CE71073A05D46F5A397C9390B25F50037EB710F80E183B8D485D629
                                                                                                                                                                                                          Function 00401F7C Relevance: 10.9, APIs: 7, Instructions: 363COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a67e46f8ce095458af0e74cff360f127cba7c71261f7416f51138922ef96dee5
                                                                                                                                                                                                          • Instruction ID: 461ec9cea5e30582e286b9bffb55b73c57a87c2e0b693082e5bed6dbfc7a2916
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a67e46f8ce095458af0e74cff360f127cba7c71261f7416f51138922ef96dee5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64B126727006000BE714AA7DDE897AAB2C5DBC4325F18827FE615EB3E5DABCC945C358
                                                                                                                                                                                                          Function 0040D99C Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0040D814: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040D831
                                                                                                                                                                                                            • Part of subcall function 0040D814: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040D855
                                                                                                                                                                                                            • Part of subcall function 0040D814: GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040D870
                                                                                                                                                                                                            • Part of subcall function 0040D814: LoadStringA.USER32(00000000,0000FFEE,?,00000100), ref: 0040D906
                                                                                                                                                                                                          • CharToOemA.USER32(?,?), ref: 0040D9D3
                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?,00000400), ref: 0040D9F0
                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?,00000400), ref: 0040D9F6
                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,0040DA60,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?,00000400), ref: 0040DA0B
                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,0040DA60,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?,00000400), ref: 0040DA11
                                                                                                                                                                                                          • LoadStringA.USER32(00000000,0000FFEF,?,00000040), ref: 0040DA33
                                                                                                                                                                                                          • MessageBoxA.USER32(00000000,?,?,00002010), ref: 0040DA49
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 185507032-0
                                                                                                                                                                                                          • Opcode ID: a72e73c4192a100ac1f38243dc821976b9244392e5e5f19123c626da31d8f479
                                                                                                                                                                                                          • Instruction ID: 60332324d68d38bab062788468906de983c3a53a11919fc75f72b2eb778bef05
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a72e73c4192a100ac1f38243dc821976b9244392e5e5f19123c626da31d8f479
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08111FB6948204BED200E7A5CC46F9B77ECAB55704F40453AB254F70E2DA78E948C76B
                                                                                                                                                                                                          Function 00403C10 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 49registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403C32
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,f,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403C65
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,00403C88,00000000,?,00000004,00000000,f,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403C7B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL$f
                                                                                                                                                                                                          • API String ID: 3677997916-3321666425
                                                                                                                                                                                                          • Opcode ID: 58718a7227738a0a28020428883a39dc93366d2a92f69202d090ca0cc01582f1
                                                                                                                                                                                                          • Instruction ID: 9fabdff2624ff567f3a2a95476d4a4a2560c1bf14ff57ef392c0b58da0016998
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58718a7227738a0a28020428883a39dc93366d2a92f69202d090ca0cc01582f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0019276944318BBFB11DFD18D42FA977ECDB08B02F600076BA00F69D0E6786B10D658
                                                                                                                                                                                                          Function 00401A00 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,004019CE), ref: 00401AB7
                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?,004019CE), ref: 00401ACD
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,004019CE), ref: 00401AFB
                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?,?,?,004019CE), ref: 00401B11
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                                                          • Opcode ID: b32e8edd63c856b015ad2b2410a02b16e4615c69ddaf36e8f1ab17b42d89104d
                                                                                                                                                                                                          • Instruction ID: 3656e19f794ca123336682b9b1b31931462c5f0d8faa41f4f7cd4ee0bc97cfd3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b32e8edd63c856b015ad2b2410a02b16e4615c69ddaf36e8f1ab17b42d89104d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95C136726006408FDB15CF68D8C4B56BBE0EB95310F1882BFE409EB3E5D378A845DBA4
                                                                                                                                                                                                          Function 004030C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 004030F5
                                                                                                                                                                                                          • SetCurrentDirectoryA.KERNEL32(?,00000105,?), ref: 004030FB
                                                                                                                                                                                                          • GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 0040310A
                                                                                                                                                                                                          • SetCurrentDirectoryA.KERNEL32(?,00000105,?), ref: 0040311B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                                          • Opcode ID: 22ccac4db5180eea816c3e9c892c9d427bf1f892fd5cd068f788252a728ced4c
                                                                                                                                                                                                          • Instruction ID: 06a94c7a72b9c871e16b1c73e7d3e6c0996a5a500bab6bd0aacfa0833e3f3c48
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22ccac4db5180eea816c3e9c892c9d427bf1f892fd5cd068f788252a728ced4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78F096712447801AE310F7658852BDB76DC8F55344F08446EBAC8DB3C2E6B88944436B
                                                                                                                                                                                                          Function 00417798 Relevance: 7.8, APIs: 5, Instructions: 334COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f4549996bfa13d4b9f38fd646470c6cdf78f58488e6ef24fa1c69105d6e1a2e0
                                                                                                                                                                                                          • Instruction ID: 80d5a27828f1022e61cf45ae5d09fc5737e64e464381dfc9404cecae29974433
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4549996bfa13d4b9f38fd646470c6cdf78f58488e6ef24fa1c69105d6e1a2e0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22D1A135A08109EFCB00EF95C4818FEBBB6EF49714F5444E6E840A7251D738AEC6DB69
                                                                                                                                                                                                          Function 004164F8 Relevance: 7.8, APIs: 5, Instructions: 271COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitVariant
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1927566239-0
                                                                                                                                                                                                          • Opcode ID: 4911b6a26c548f54303722d07d34286d6cb54ff458c9949ded4dcb0a4d31b2d7
                                                                                                                                                                                                          • Instruction ID: f01cf8445ffd19b773396495c4335c74ba7f42d999c6f683ee4624693c273b46
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4911b6a26c548f54303722d07d34286d6cb54ff458c9949ded4dcb0a4d31b2d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCB13635A00208EFDB00EF99C5918EDB7B5EF49714FA144A6F904A7251D738EE86DB28
                                                                                                                                                                                                          Function 00401D84 Relevance: 7.7, APIs: 6, Instructions: 196sleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,00000000,004019F6), ref: 00401E1A
                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,004019F6), ref: 00401E34
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                                                          • Opcode ID: 77ad57c363d88f75ba560a31a55394f396bb6e612e569e80a296e1808953bda4
                                                                                                                                                                                                          • Instruction ID: 0a087b3c5d231e40dd406a35759a09e7f25f376514f37027b140ab86fdd1c782
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77ad57c363d88f75ba560a31a55394f396bb6e612e569e80a296e1808953bda4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9461DF316006008FE715CF69C984B5ABBE0EF95314F1882BFE848EB3E2D7789845C795
                                                                                                                                                                                                          Function 0040D528 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,0040D5BF,?,?,00000000), ref: 0040D540
                                                                                                                                                                                                            • Part of subcall function 0040D29C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040D2BA
                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0040D5BF,?,?,00000000), ref: 0040D570
                                                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(Function_0000D474,00000000,00000000,00000004), ref: 0040D57B
                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000003,Function_0000D474,00000000,00000000,00000004,00000000,0040D5BF,?,?,00000000), ref: 0040D599
                                                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(0040D4B0,00000000,00000000,00000003), ref: 0040D5A4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4102113445-0
                                                                                                                                                                                                          • Opcode ID: bfb531df73c8672920384914e30a92e5ba40c610330c824214a82654d39d9556
                                                                                                                                                                                                          • Instruction ID: f5f252ea509f9ecdc69f0780ef4a3f58556b440c577e1b0fa6ec6e20b2c1fc46
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfb531df73c8672920384914e30a92e5ba40c610330c824214a82654d39d9556
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F601DF70E442447FE701A6A58C02B5A729CDB4272CFA10A76F900B66C1D63CAE04866E
                                                                                                                                                                                                          Function 0040D5D7 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,0040D7A8,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0040D607
                                                                                                                                                                                                            • Part of subcall function 0040D29C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040D2BA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                                                          • String ID: eeee$ggg$yyyy
                                                                                                                                                                                                          • API String ID: 4232894706-1253427255
                                                                                                                                                                                                          • Opcode ID: 67c101257e44f971c4972e470f39b920877b4845e9cbca7da88b74db75d5031b
                                                                                                                                                                                                          • Instruction ID: d797eac4a9e6cae31c09b2f6d0bdcff9bad086bf29bc0c75a8b6d75e9d92d03a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67c101257e44f971c4972e470f39b920877b4845e9cbca7da88b74db75d5031b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0414575E045014BC711A6EA88816BFB2E6CF84308F20483BF651F73C5E63DDD0A9A2E
                                                                                                                                                                                                          Function 0040A0CA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,GetFileAttributesExA), ref: 0040A0D9
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A0DF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                          • String ID: GetFileAttributesExA$kernel32.dll
                                                                                                                                                                                                          • API String ID: 1646373207-595542130
                                                                                                                                                                                                          • Opcode ID: ac6230348a09734ce87039792d598dba1c406c730d372e854d2c1639ef35621f
                                                                                                                                                                                                          • Instruction ID: c0f85174c7450fa4a85f186928e03e335167b655d6d07729e7dec8d865d6a888
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac6230348a09734ce87039792d598dba1c406c730d372e854d2c1639ef35621f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3E09AB060034CAFD740DFAADC89E8A33E8E754304F404026B508E7280C238A4A4DB6A
                                                                                                                                                                                                          Function 0040F314 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0040F31A
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0040F32B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                          • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                                                          • API String ID: 1646373207-3712701948
                                                                                                                                                                                                          • Opcode ID: 75556612eff1239cb34c352eb592c6c3717f74eb728dbf82f464e320982c0cbc
                                                                                                                                                                                                          • Instruction ID: ae67c5600653d80dc8f73497acb555c10e5221c35283fa442612f7809b08d3c5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75556612eff1239cb34c352eb592c6c3717f74eb728dbf82f464e320982c0cbc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DD05EA0A007425ED320ABB05CD1E0A35D4C320778F64203BA400B6AC1D67CE84CDB09
                                                                                                                                                                                                          Function 00411B2C Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 00411BDB
                                                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00411BF7
                                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00411C6E
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00411C97
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 920484758-0
                                                                                                                                                                                                          • Opcode ID: 25f00927699ec67a5ca034748394e04e8f27b3e26281d1f12c6bde646a72501e
                                                                                                                                                                                                          • Instruction ID: 1e44c53e162fb4676ee38a7fb7f7efbaab35e41f6b89ae998a35828e43e08f4c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25f00927699ec67a5ca034748394e04e8f27b3e26281d1f12c6bde646a72501e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2410F75A0161D9FCB61DF59C890BD9B3BCAF58354F0041DAE649E7222DA38AFC08F58
                                                                                                                                                                                                          Function 0040D814 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040D831
                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040D855
                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040D870
                                                                                                                                                                                                          • LoadStringA.USER32(00000000,0000FFEE,?,00000100), ref: 0040D906
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3990497365-0
                                                                                                                                                                                                          • Opcode ID: f860166b532c3af716bbbece521f5770e8c20068ee10bf8d49e5018779eb9291
                                                                                                                                                                                                          • Instruction ID: 0fce914919b44e1faf5299836b0e99388da7786b0365e15d7e2ac5b3acfd5dca
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f860166b532c3af716bbbece521f5770e8c20068ee10bf8d49e5018779eb9291
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33413271E002589BDB21EB69CC85BDAB7FCAB18304F0044FAA548F7291D7789F888F55
                                                                                                                                                                                                          Function 0040A334 Relevance: 6.1, APIs: 4, Instructions: 54timefileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 0040A345
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?), ref: 0040A34E
                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?), ref: 0040A364
                                                                                                                                                                                                          • FileTimeToDosDateTime.KERNEL32(?,?), ref: 0040A373
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileTime$DateErrorFindLastLocalNext
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2103556486-0
                                                                                                                                                                                                          • Opcode ID: 4c645fc4e9945dfbf6ab1bfdc392314a6803a0bda5320683aeb8161cacbb14da
                                                                                                                                                                                                          • Instruction ID: c0dcf7b789d7dd47380177407dc866caf821f7edcc3f99afbc2d43f938e30893
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c645fc4e9945dfbf6ab1bfdc392314a6803a0bda5320683aeb8161cacbb14da
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 761165B26042009FDB44EF69C8C1C9777ECAF8834471585B7ED49DB28AF634E9108BA6
                                                                                                                                                                                                          Function 004206D8 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindResourceA.KERNEL32(?,?,?), ref: 004206EF
                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00420774,?,?,?,0041AD6C,?,00000001,00000000,?,0042061A,00000000,?), ref: 00420709
                                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00420774,?,00420774,?,?,?,0041AD6C,?,00000001,00000000,?,0042061A,00000000,?), ref: 00420723
                                                                                                                                                                                                          • LockResource.KERNEL32(00420278,00000000,?,00420774,?,00420774,?,?,?,0041AD6C,?,00000001,00000000,?,0042061A,00000000), ref: 0042072D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3473537107-0
                                                                                                                                                                                                          • Opcode ID: ead9b0915ce55c5a808a1445240f695a2a1c0e8a92e249ac09a53045f7a1dd0d
                                                                                                                                                                                                          • Instruction ID: 3261ba44ed7c091bc0b74157ae87bf511306d7e1f8e785b0a0508299de5fc338
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ead9b0915ce55c5a808a1445240f695a2a1c0e8a92e249ac09a53045f7a1dd0d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF0ADB26052186F8744EF5DA881D5BB3DCEE88264350042FF808D7203DA39ED1147B9
                                                                                                                                                                                                          Function 004041A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 004043A2
                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?), ref: 004043DF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                          • String ID: <D@
                                                                                                                                                                                                          • API String ID: 3192549508-821628535
                                                                                                                                                                                                          • Opcode ID: 2f00dbeed84912c4b243a80969af43ac1edb29cb7e89bf37cd8bdfd030483d63
                                                                                                                                                                                                          • Instruction ID: 26bb5c2dc2421805375e836a328842dd2d7b88f794bd139a53bf4507f8f96212
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f00dbeed84912c4b243a80969af43ac1edb29cb7e89bf37cd8bdfd030483d63
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD318EB4604300AFD720EB51C885F2BB7A9EBC4714F15856EFA18A72D2C738EC44DB69
                                                                                                                                                                                                          Function 0040BF28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0040C016), ref: 0040BFAE
                                                                                                                                                                                                          • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0040C016), ref: 0040BFB4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DateFormatLocaleThread
                                                                                                                                                                                                          • String ID: yyyy
                                                                                                                                                                                                          • API String ID: 3303714858-3145165042
                                                                                                                                                                                                          • Opcode ID: 05bc9bbeb911436f3ac1e15ca48baaff7fd1fb517ecb601d31d9e3ed9366eefd
                                                                                                                                                                                                          • Instruction ID: 2e937bf58fc9bd524c66c0e40e301741e8b3460a66582825558e693687b4a696
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05bc9bbeb911436f3ac1e15ca48baaff7fd1fb517ecb601d31d9e3ed9366eefd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B215371A00218DBDB11DF95C881AAEB3B8EF48744F5141BBF904F76C1D6389E40DBA9
                                                                                                                                                                                                          Function 00424308 Relevance: 5.1, Strings: 4, Instructions: 51COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.2289932697.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289718600.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005D1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005F0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.00000000005FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2289932697.0000000000658000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.2318942227.0000000000666000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_Patch.jbxd
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: False$Null$True$nil
                                                                                                                                                                                                          • API String ID: 0-1063864068
                                                                                                                                                                                                          • Opcode ID: f9be124854951d1cde669dc8d6ed7335e01f9d56fbf6fd9d3cc454722440f9c7
                                                                                                                                                                                                          • Instruction ID: bcc2f4389d2369f2cf936d7f358a5f085a67e590d78937b69c1edcbb6e7270af
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9be124854951d1cde669dc8d6ed7335e01f9d56fbf6fd9d3cc454722440f9c7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F0C411B14A30038605FE6A3C8659E42568AC126D3E4A87BFD52AB753CA7DCD1A038E

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 06321585 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001D.00000003.1836888062.000000000631A000.00000004.00000020.00020000.00000000.sdmp, Offset: 0631A000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_29_3_62c3000_icepdfeditor.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6b4339a5016c41d1d9f2d930dfe004f6276324f53cb5fba85d56c08efd6d6c36
                                                                                                                                                                                                          • Instruction ID: 2731e20d8eab7400ebbde3d66c895f2e96e2a43c7eb2b2a92c7bffef83b20480
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b4339a5016c41d1d9f2d930dfe004f6276324f53cb5fba85d56c08efd6d6c36
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC21792604F7C25FC7139B785CA26927FB45E57260B2E08EBD4C4DF4A3D1584A5AC3B2