Windows Analysis Report
Archive.zip

Overview

General Information

Sample name: Archive.zip
Analysis ID: 1541179
MD5: c60cd0df4975d745722d1776d5be95b5
SHA1: f8e2eb05478108eae1f8fa28f70ebb64163d032d
SHA256: f1ed181ee30a70c0f71aacf7c592be0e6589421bc479e379109c4c3f572bb663
Infos:

Detection

Score: 34
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Accesses ntoskrnl, likely to find offsets for exploits
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

Source: is-NULG8.tmp.14.dr Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_833af754-6

Exploits
barindex
Accesses ntoskrnl, likely to find offsets for exploits
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe File opened: C:\Windows\System32\ntkrnlmp.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND ICECREAM APPS LIMITED ("ICECREAMAPPS.COM"). USE OF THE SOFTWARE PROVIDED WITH THIS EULA (THE "SOFTWARE") CONSTITUTES YOUR ACCEPTANCE OF THESE TERMS. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT INSTALL AND/OR USE THIS SOFTWARE. BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. 1. LICENSE GRANT. The Software is licensed on per user basis not per computer site or company. This license is not transferable to any other system or to another organization or individual. You are not allowed to remove any proprietary notices or labels from the SOFTWARE. The PRO license can be used on ONE computer belonging to ONE user. The PRO license applies to the version of the program on which it is activated.2. WARRANTY DISCLAIMER. THIS SOFTWARE AND ANY RELATED DOCUMENTATION is PROVIDED "AS IS" AND COMES WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OR MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THE USE AND PERFORMANCE OF THIS SOFTWARE ARE SOLELY AT YOUR OWN RISK.3. FREE USE. You may install and use the SOFTWARE free of charge for personal educational (non-profit) use. In these cases you are granted the right to use and to make an unlimited number of copies of this software. Some features of the SOFTWARE may be limited or unavailable in free version of the SOFTWARE. To enable all the features you need to upgrade the SOFTWARE to PRO version. Full list of limited features is presented on Upgrade page of the SOFTWARE at icecreamapps.com.4. COMMERCIAL USE. For usage in corporate or commercial environment you will need to upgrade the SOFTWARE to PRO version by obtaining an activation key at icecreamapps.com. 5. REVERSE ENGINEERING. You agree that you will not attempt to reverse compile modify translate or disassemble the Software in whole or in part. 6. COPYRIGHT. The SOFTWARE is intellectual property of Icecream Apps Ltd and is protected by law. You acknowledge that all intellectual property rights in the SOFTWARE anywhere in the world belong to Icecream Apps Ltd that rights in the SOFTWARE are licensed (not sold) to you and that you have no rights in or to the SOFTWARE other than the right to use them in accordance with the terms of this License. You are not allowed to resell charge for rent lease loan sublicense or assign the SOFTWARE or any copy thereof including any related documentation.7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ICECREAM APPS LTD BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (IN
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND ICECREAM APPS LIMITED ("ICECREAMAPPS.COM"). USE OF THE SOFTWARE PROVIDED WITH THIS EULA (THE "SOFTWARE") CONSTITUTES YOUR ACCEPTANCE OF THESE TERMS. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT INSTALL AND/OR USE THIS SOFTWARE. BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. 1. LICENSE GRANT. The Software is licensed on per user basis not per computer site or company. This license is not transferable to any other system or to another organization or individual. You are not allowed to remove any proprietary notices or labels from the SOFTWARE. The PRO license can be used on ONE computer belonging to ONE user. The PRO license applies to the version of the program on which it is activated.2. WARRANTY DISCLAIMER. THIS SOFTWARE AND ANY RELATED DOCUMENTATION is PROVIDED "AS IS" AND COMES WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OR MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THE USE AND PERFORMANCE OF THIS SOFTWARE ARE SOLELY AT YOUR OWN RISK.3. FREE USE. You may install and use the SOFTWARE free of charge for personal educational (non-profit) use. In these cases you are granted the right to use and to make an unlimited number of copies of this software. Some features of the SOFTWARE may be limited or unavailable in free version of the SOFTWARE. To enable all the features you need to upgrade the SOFTWARE to PRO version. Full list of limited features is presented on Upgrade page of the SOFTWARE at icecreamapps.com.4. COMMERCIAL USE. For usage in corporate or commercial environment you will need to upgrade the SOFTWARE to PRO version by obtaining an activation key at icecreamapps.com. 5. REVERSE ENGINEERING. You agree that you will not attempt to reverse compile modify translate or disassemble the Software in whole or in part. 6. COPYRIGHT. The SOFTWARE is intellectual property of Icecream Apps Ltd and is protected by law. You acknowledge that all intellectual property rights in the SOFTWARE anywhere in the world belong to Icecream Apps Ltd that rights in the SOFTWARE are licensed (not sold) to you and that you have no rights in or to the SOFTWARE other than the right to use them in accordance with the terms of this License. You are not allowed to resell charge for rent lease loan sublicense or assign the SOFTWARE or any copy thereof including any related documentation.7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ICECREAM APPS LTD BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (IN
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: is-EH0TS.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: is-SS9TM.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: is-HDI2E.tmp.14.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: is-US2TH.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\Work\PdfEditor\icepdfeditor-Desktop_Qt_5_15_1_MSVC2019_32bit\bin\icepdfeditor.pdb source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: is-9LV8H.tmp.14.dr, is-9JTNT.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: is-I5AN5.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb''! source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: is-IUBHJ.tmp.14.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: is-HINO1.tmp.14.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: is-MDI6D.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcr120.i386.pdb source: is-GS8SF.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbV source: is-HDI2E.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: is-CJEQM.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\distr\development\crashrpt\CrashRpt_v.1.4.3_r1645\bin\CrashSender.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: is-SS9TM.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, is-3RLDL.tmp.14.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: is-OPH5U.tmp.14.dr, is-S3L1J.tmp.14.dr
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040A3B8 FindFirstFileA,GetLastError, 20_2_0040A3B8
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040A07E FindFirstFileA,FindClose, 20_2_0040A07E
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040A190 FindFirstFileA,FindClose, 20_2_0040A190
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00406490 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, 20_2_00406490
Source: chrome.exe Memory has grown: Private usage: 1MB later: 28MB
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 92.223.124.62 92.223.124.62
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /PDF-Editor/thankyou.html?v=3.27 HTTP/1.1Host: icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: icecreamapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ic_d=671a42dfcaa3b8.16240271
Source: global traffic DNS traffic detected: DNS query: icecreamapps.com
Source: global traffic DNS traffic detected: DNS query: static.icecreamapps.com
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/crashrpt/wiki/FAQ
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327018701.0000000002530000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000003.1330439365.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 0000000D.00000003.1568641147.0000000002845000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1564277828.0000000003620000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://counter-strike.com.ua/
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: is-NULG8.tmp.14.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: is-NULG8.tmp.14.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: Patch.exe, 00000014.00000002.1955126707.00000000005FB000.00000040.00000001.01000000.0000000B.sdmp String found in binary or memory: http://fontawesome.io
Source: Patch.exe, 00000014.00000002.1955126707.00000000005FB000.00000040.00000001.01000000.0000000B.sdmp String found in binary or memory: http://fontawesome.io/license/
Source: Patch.exe, 00000014.00000002.1955126707.00000000005FB000.00000040.00000001.01000000.0000000B.sdmp String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1574191607.00000000023C4000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000003.1571218371.0000000002434000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 0000000D.00000003.1569236366.00000000023B4000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1565046981.0000000002434000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://icecreamapps.com/PDF-Editor/
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327018701.0000000002530000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000003.1330439365.0000000003300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://icecreamapps.com/PDF-Editor/Fhttp://icecreamapps.com/PDF-Editor/Fhttp://icecreamapps.com/PDF-
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1574191607.00000000023C4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://icecreamapps.com/PDF-Editor/QN
Source: pdf_editor_setup_Downloadly.ir.exe, 0000000D.00000003.1569236366.00000000023B4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://icecreamapps.com/PDF-Editor/QN;
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: http://icecreamapps.com/act/crashfix/index.php/crashReport/uploadExternalCould
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://ocsp.thawte.com0
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://t2.symcb.com0
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://tl.symcd.com0&
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: http://updates.icecreamapps.com/check.php
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: http://updates.icecreamapps.com/check.phphttps://icecreamapps.comhttps://icecreamapps.com/PDF-Editor
Source: is-CJEQM.tmp.14.dr String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: is-CJEQM.tmp.14.dr String found in binary or memory: http://www.color.org)
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327018701.0000000002530000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000003.1330439365.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 0000000D.00000003.1569236366.00000000022A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1565046981.0000000002320000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.dk-soft.org/
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002530000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000000.1329214810.0000000000401000.00000020.00000001.01000000.00000007.sdmp String found in binary or memory: http://www.innosetup.com/
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000000.1325513201.0000000000401000.00000020.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1574191607.0000000002381000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327018701.0000000002530000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000003.1330439365.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1566060255.000000000082A000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1565046981.0000000002320000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1564277828.0000000003561000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1566202511.00000000007E0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.mpegla.com
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327018701.0000000002530000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000003.1330439365.0000000003300000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 0000000D.00000003.1569236366.00000000022A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1564277828.0000000003620000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.palkornel.hu/innosetup%1
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002530000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FD10000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000000.1329214810.0000000000401000.00000020.00000001.01000000.00000007.sdmp String found in binary or memory: http://www.remobjects.com/ps
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.winimage.com/zLibDll
Source: is-NULG8.tmp.14.dr String found in binary or memory: https://curl.se/V
Source: is-NULG8.tmp.14.dr String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: is-NULG8.tmp.14.dr String found in binary or memory: https://curl.se/docs/copyright.htmlD
Source: is-NULG8.tmp.14.dr String found in binary or memory: https://curl.se/docs/hsts.html
Source: is-NULG8.tmp.14.dr String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://data.icecreamapps.com
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://data.icecreamapps.com/?pid=%1&ver=%2&dev=%3Send
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://google.ru
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://google.ruSome
Source: Patch.exe, Patch.exe, 00000014.00000002.1955126707.0000000000401000.00000040.00000001.01000000.0000000B.sdmp, icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://icecreamapps.com
Source: Patch.exe, 00000014.00000002.1961130684.0000000000767000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.com/
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://icecreamapps.com/Howto/how-to-make-icecream-pdf-editor-your-default-PDF-reader.html
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000002.1567194365.0000000000822000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.com/PDF-Edito
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1565046981.0000000002434000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.com/PDF-Editor
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://icecreamapps.com/PDF-Editor/changelog.html
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1563496269.0000000000830000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1566202511.00000000007E0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.274
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000002.1566748638.0000000000616000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27C:
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1566060255.0000000000830000.00000004.00000020.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1563496269.0000000000830000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27l
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1565046981.00000000023EC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.com/PDF-Editor/uninstall.html?v=3.27
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://icecreamapps.com/PDF-Editor/upgrade.html?v=%1&t=%2
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://icecreamapps.com/act/license.php
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://icecreamapps.com/act/license.phphttps://icecreamapps.com/go/license_date.phpInvalid
Source: Patch.exe, 00000014.00000003.1947588604.0000000000757000.00000004.00000020.00020000.00000000.sdmp, Patch.exe, 00000014.00000002.1961130684.0000000000767000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.com/b
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://icecreamapps.com/go/help.php?prod=pde
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://icecreamapps.com/go/license_date.php
Source: Patch.exe, 00000014.00000002.1955126707.0000000000401000.00000040.00000001.01000000.0000000B.sdmp String found in binary or memory: https://icecreamapps.comU
Source: Patch.exe, 00000014.00000003.1947588604.0000000000757000.00000004.00000020.00020000.00000000.sdmp, Patch.exe, 00000014.00000002.1961130684.0000000000767000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://icecreamapps.comb
Source: Patch.exe, Patch.exe, 00000014.00000002.1955126707.0000000000401000.00000040.00000001.01000000.0000000B.sdmp, Patch.exe, 00000014.00000003.1951122666.0000000000D8C000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 0000001C.00000002.2477537453.0000000000D9A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ko-fi.com/radixx11
Source: Patch.exe, 00000014.00000003.1951122666.0000000000D8C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ko-fi.com/radixx11Q
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://mail.ru
Source: Patch.exe, 0000001C.00000002.2477537453.0000000000D9A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://radixx11rce3.blogspot.com
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: https://sectigo.com/CPS0
Source: pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1328241437.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.exe, 00000009.00000003.1327884876.0000000002663000.00000004.00001000.00020000.00000000.sdmp, Patch.exe, 00000014.00000003.1637001077.0000000005E21000.00000004.00000020.00020000.00000000.sdmp, is-NULG8.tmp.14.dr String found in binary or memory: https://www.globalsign.com/repository/0
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: https://www.thawte.com/cps0/
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp, pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp, is-HDI2E.tmp.14.dr, is-EH0TS.tmp.14.dr, is-IUBHJ.tmp.14.dr, is-3RLDL.tmp.14.dr String found in binary or memory: https://www.thawte.com/repository0W
Source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://ya.ru
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Contains functionality for read data from the clipboard
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00407EAE OpenClipboard, 20_2_00407EAE
Contains functionality to modify clipboard data
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00407F5E SetClipboardData, 20_2_00407F5E
Contains functionality to read the clipboard data
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00407C0E GetClipboardData, 20_2_00407C0E
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00407BDE GetAsyncKeyState, 20_2_00407BDE
Yara detected Keylogger Generic
Source: Yara match File source: Process Memory Space: Patch.exe PID: 2268, type: MEMORYSTR
Contains functionality to call native functions
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00407AE6 NtdllDefWindowProc_A, 20_2_00407AE6
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00402364 20_2_00402364
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00405E20 20_2_00405E20
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: String function: 00411D24 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: String function: 00404D38 appears 69 times
PE file contains executable resources (Code or Archives)
Source: pdf_editor_setup_Downloadly.ir.tmp.9.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: pdf_editor_setup_Downloadly.ir.tmp.9.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: pdf_editor_setup_Downloadly.ir.tmp.13.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: pdf_editor_setup_Downloadly.ir.tmp.13.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-JCBAO.tmp.14.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-JCBAO.tmp.14.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
PE file does not import any functions
Source: is-MJ811.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-G9D6N.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-V173U.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-US2TH.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-M2DS0.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-HINO1.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-EF39E.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-9JTNT.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-045QH.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-S3L1J.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-T1BNR.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-IQNAL.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-71RVD.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-OPH5U.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-MDI6D.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-B7R59.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-I5AN5.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-4RU8B.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-32IQI.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-QMD9M.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-6PKIS.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-AH44U.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-OE5OD.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-8CTAA.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-5NCII.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-SD5L0.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-NIFON.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-4VH3K.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-NR85U.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-I5I15.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-9LV8H.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-REGAU.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-7RINB.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-CTDA2.tmp.14.dr Static PE information: No import functions for PE file found
Source: is-HDI2E.tmp.14.dr Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: is-5FD3K.tmp.14.dr Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engine Classification label: sus34.expl.winZIP@36/176@8/3
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040A62A GetDiskFreeSpaceA, 20_2_0040A62A
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00410616 CoCreateInstance, 20_2_00410616
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0041C724 FindResourceA, 20_2_0041C724
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Mutant created: \Sessions\1\BaseNamedObjects\Patch.exe_IcecreamAppsPatch_2.3.0.2
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe File created: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp Jump to behavior
Source: Yara match File source: 20.2.Patch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000014.00000002.1955126707.0000000000401000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Process created: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp "C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$601F8,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe"
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$602C2 /NOTIFYWND=$601F8
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Process created: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp "C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$70300,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$602C2 /NOTIFYWND=$601F8
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1952,i,74056811706744733,4401257274020997871,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,7196489178614102710,14503791149393765188,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Process created: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp "C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$601F8,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Process created: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp "C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp" /SL5="$70300,22152334,238080,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe" /SPAWNWND=$602C2 /NOTIFYWND=$601F8 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1952,i,74056811706744733,4401257274020997871,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,7196489178614102710,14503791149393765188,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: colorui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: compstui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: inetres.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: websocket.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: riched32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: samlib.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: thumbcache.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: networkexplorer.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: zipfldr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: drprov.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: ntlanman.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: davclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: davhlpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: playtodevice.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: devdispitemprovider.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: portabledeviceapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: occache.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: fontext.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: webcheck.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: colorui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: compstui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: inetres.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: websocket.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: riched32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: libcurl.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: crashrpt1403.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: qt5svg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: qt5winextras.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: qt5network.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117-2.zip\icepdfeditor.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: Icecream PDF Editor 3.lnk.14.dr LNK file: ..\..\..\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
Source: Icecream PDF Editor 3.lnk0.14.dr LNK file: ..\..\..\..\..\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Window found: window name: TSelectLanguageForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND ICECREAM APPS LIMITED ("ICECREAMAPPS.COM"). USE OF THE SOFTWARE PROVIDED WITH THIS EULA (THE "SOFTWARE") CONSTITUTES YOUR ACCEPTANCE OF THESE TERMS. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT INSTALL AND/OR USE THIS SOFTWARE. BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. 1. LICENSE GRANT. The Software is licensed on per user basis not per computer site or company. This license is not transferable to any other system or to another organization or individual. You are not allowed to remove any proprietary notices or labels from the SOFTWARE. The PRO license can be used on ONE computer belonging to ONE user. The PRO license applies to the version of the program on which it is activated.2. WARRANTY DISCLAIMER. THIS SOFTWARE AND ANY RELATED DOCUMENTATION is PROVIDED "AS IS" AND COMES WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OR MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THE USE AND PERFORMANCE OF THIS SOFTWARE ARE SOLELY AT YOUR OWN RISK.3. FREE USE. You may install and use the SOFTWARE free of charge for personal educational (non-profit) use. In these cases you are granted the right to use and to make an unlimited number of copies of this software. Some features of the SOFTWARE may be limited or unavailable in free version of the SOFTWARE. To enable all the features you need to upgrade the SOFTWARE to PRO version. Full list of limited features is presented on Upgrade page of the SOFTWARE at icecreamapps.com.4. COMMERCIAL USE. For usage in corporate or commercial environment you will need to upgrade the SOFTWARE to PRO version by obtaining an activation key at icecreamapps.com. 5. REVERSE ENGINEERING. You agree that you will not attempt to reverse compile modify translate or disassemble the Software in whole or in part. 6. COPYRIGHT. The SOFTWARE is intellectual property of Icecream Apps Ltd and is protected by law. You acknowledge that all intellectual property rights in the SOFTWARE anywhere in the world belong to Icecream Apps Ltd that rights in the SOFTWARE are licensed (not sold) to you and that you have no rights in or to the SOFTWARE other than the right to use them in accordance with the terms of this License. You are not allowed to resell charge for rent lease loan sublicense or assign the SOFTWARE or any copy thereof including any related documentation.7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ICECREAM APPS LTD BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (IN
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND ICECREAM APPS LIMITED ("ICECREAMAPPS.COM"). USE OF THE SOFTWARE PROVIDED WITH THIS EULA (THE "SOFTWARE") CONSTITUTES YOUR ACCEPTANCE OF THESE TERMS. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT INSTALL AND/OR USE THIS SOFTWARE. BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. 1. LICENSE GRANT. The Software is licensed on per user basis not per computer site or company. This license is not transferable to any other system or to another organization or individual. You are not allowed to remove any proprietary notices or labels from the SOFTWARE. The PRO license can be used on ONE computer belonging to ONE user. The PRO license applies to the version of the program on which it is activated.2. WARRANTY DISCLAIMER. THIS SOFTWARE AND ANY RELATED DOCUMENTATION is PROVIDED "AS IS" AND COMES WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OR MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THE USE AND PERFORMANCE OF THIS SOFTWARE ARE SOLELY AT YOUR OWN RISK.3. FREE USE. You may install and use the SOFTWARE free of charge for personal educational (non-profit) use. In these cases you are granted the right to use and to make an unlimited number of copies of this software. Some features of the SOFTWARE may be limited or unavailable in free version of the SOFTWARE. To enable all the features you need to upgrade the SOFTWARE to PRO version. Full list of limited features is presented on Upgrade page of the SOFTWARE at icecreamapps.com.4. COMMERCIAL USE. For usage in corporate or commercial environment you will need to upgrade the SOFTWARE to PRO version by obtaining an activation key at icecreamapps.com. 5. REVERSE ENGINEERING. You agree that you will not attempt to reverse compile modify translate or disassemble the Software in whole or in part. 6. COPYRIGHT. The SOFTWARE is intellectual property of Icecream Apps Ltd and is protected by law. You acknowledge that all intellectual property rights in the SOFTWARE anywhere in the world belong to Icecream Apps Ltd that rights in the SOFTWARE are licensed (not sold) to you and that you have no rights in or to the SOFTWARE other than the right to use them in accordance with the terms of this License. You are not allowed to resell charge for rent lease loan sublicense or assign the SOFTWARE or any copy thereof including any related documentation.7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ICECREAM APPS LTD BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER (IN
Source: Archive.zip Static file information: File size 25201421 > 1048576
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbDD source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: is-EH0TS.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: is-SS9TM.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: is-HDI2E.tmp.14.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: is-US2TH.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\Work\PdfEditor\icepdfeditor-Desktop_Qt_5_15_1_MSVC2019_32bit\bin\icepdfeditor.pdb source: icepdfeditor.exe, 0000001D.00000000.2422453008.00000000006A7000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: is-9LV8H.tmp.14.dr, is-9JTNT.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: is-I5AN5.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb''! source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: is-IUBHJ.tmp.14.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: is-HINO1.tmp.14.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: is-MDI6D.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcr120.i386.pdb source: is-GS8SF.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbV source: is-HDI2E.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: is-CJEQM.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbTT source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\distr\development\crashrpt\CrashRpt_v.1.4.3_r1645\bin\CrashSender.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000060A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: is-SS9TM.tmp.14.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.0000000006694000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: pdf_editor_setup_Downloadly.ir.tmp, 0000000E.00000003.1560005725.00000000066EE000.00000004.00001000.00020000.00000000.sdmp, is-3RLDL.tmp.14.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: is-OPH5U.tmp.14.dr, is-S3L1J.tmp.14.dr
Binary contains a suspicious time stamp
Source: is-D2OAP.tmp.14.dr Static PE information: 0x747F8DCC [Mon Dec 8 17:13:48 2031 UTC]
PE file contains sections with non-standard names
Source: is-HDI2E.tmp.14.dr Static PE information: section name: .qtmimed
Source: is-GIDFB.tmp.14.dr Static PE information: section name: .didata
Source: is-M4EGV.tmp.14.dr Static PE information: section name: .00cfg
Source: is-IQ6N1.tmp.14.dr Static PE information: section name: .00cfg
Source: is-2DG5N.tmp.14.dr Static PE information: section name: .didat
Source: is-33JEM.tmp.14.dr Static PE information: section name: _RDATA
Source: is-5FD3K.tmp.14.dr Static PE information: section name: .qtmimed
Source: is-EH0TS.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-B31EP.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-IUBHJ.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-H3B6T.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-2PJLM.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-K7OKT.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-C5UR9.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-348E9.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-3RLDL.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-EOFBO.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-NOM8F.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-GOQN9.tmp.14.dr Static PE information: section name: .qtmetad
Source: is-C4NAE.tmp.14.dr Static PE information: section name: .didata
Source: is-F9SRF.tmp.14.dr Static PE information: section name: .00cfg
Source: is-E29SC.tmp.14.dr Static PE information: section name: .00cfg
Source: is-PBJI8.tmp.14.dr Static PE information: section name: .didat
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0041B900 push ecx; mov dword ptr [esp], edx 20_2_0041B905
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_004080C8 push ecx; mov dword ptr [esp], eax 20_2_004080C9
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0041E1AC push ecx; mov dword ptr [esp], edx 20_2_0041E1AD
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_004243CC push ecx; mov dword ptr [esp], edx 20_2_004243CE
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040F40C push ecx; mov dword ptr [esp], edx 20_2_0040F411
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_004096C4 push ecx; mov dword ptr [esp], ecx 20_2_004096C9
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0041B6BC push ecx; mov dword ptr [esp], eax 20_2_0041B6BD
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0041873C push 004187B2h; ret 20_2_004187AA
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_004188EC push ecx; mov dword ptr [esp], ecx 20_2_004188EF
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_004039A4 push eax; ret 20_2_004039E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00419AEC push 00419B39h; ret 20_2_00419B31
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0041BB5C push ecx; mov dword ptr [esp], edx 20_2_0041BB61
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00418BC8 push ecx; mov dword ptr [esp], ecx 20_2_00418BCA
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040FC56 push 0040FDF3h; ret 20_2_0040FDEB
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0041BC7C push ecx; mov dword ptr [esp], edx 20_2_0041BC81
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0041BCC0 push ecx; mov dword ptr [esp], edx 20_2_0041BCC5
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00406FA6 push 00407003h; ret 20_2_00406FFB
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 28_2_0019E224 push eax; iretd 28_2_0019E225
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 28_2_0019E458 push 870019E4h; iretd 28_2_0019E45D
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 28_2_0019C451 push ss; iretd 28_2_0019C546
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 28_2_0019E464 push eax; iretd 28_2_0019E465
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 28_2_0019ED98 push FFFFFF9Eh; retf 28_2_0019ED9A
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 28_2_0019C2A7 push 00000014h; ret 28_2_0019C2A9
Source: is-EQQK5.tmp.14.dr Static PE information: section name: .text entropy: 6.9566713846558015
Source: is-GS8SF.tmp.14.dr Static PE information: section name: .text entropy: 6.9566713846558015
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-LCLTR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-T1BNR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qicns.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\vcruntime140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe File created: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-string-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-C4NAE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-F9SRF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe File created: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe.BAK Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-NIFON.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-JCCI9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Gui.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-heap-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-8CTAA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-2DG5N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-KBLEA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-045QH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-HDI2E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-2PJLM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-utility-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\libssl-1_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-SI4OP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-M2DS0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-E2EPR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\libcurl.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-CJEQM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\libcrypto-1_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-IKESB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\styles\is-GOQN9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qico.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-32IQI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-O4563.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-QMD9M.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-K28TK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\msvcp140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-9JTNT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-MDI6D.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\msvcp120.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qgif.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-processthreads-l1-1-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwbmp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Network.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-B31EP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\msvcr120.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-V173U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-HQS0M.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-6PKIS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-US2TH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-I5I15.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\platforms\qwindows.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-ME4M5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-TFOAP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-locale-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-BH5LP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\ucrtbase.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-math-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-71RVD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-MJ811.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-GS8SF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-timezone-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-E29SC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-HUMQ2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qjpeg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-HINO1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Widgets.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-H2HIE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-K7OKT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\is-EH0TS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-I5AN5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-PBJI8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\pdfcore-x86.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Core.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-JO2A2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-AVR5I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-0J7P8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-filesystem-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\CrashRpt1403.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\styles\qwindowsvistastyle.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\platforms\is-NOM8F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-AH44U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-runtime-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-REGAU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-9LV8H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtga.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-4RU8B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-G9D6N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-NV1R0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-SD5L0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-OPH5U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Users\user\AppData\Local\Temp\is-UP5T5.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-CTDA2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-IQNAL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-S3L1J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-IQ6N1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-EF39E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-GIDFB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\qsvgicon.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe File created: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-M4EGV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\CrashSender1403.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-stdio-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-4VH3K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-EOFBO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-EQQK5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-NR85U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5Svg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-H3B6T.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-FEC93.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-NULG8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-JCBAO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\DebenuPDFLibraryDLL1212.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-convert-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-0VCGO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-C5UR9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-OE5OD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-5NCII.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-IUBHJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-348E9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-louserzation-l1-2-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-B7R59.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\Qt5WinExtras.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qsvg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-time-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-A1NMJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-5FD3K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-environment-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwebp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l1-2-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-632VQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\msvcp140_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtiff.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-33JEM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-7RINB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-SS9TM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-3RLDL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l2-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-synch-l1-2-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\Program Files (x86)\Icecream PDF Editor 3\is-D2OAP.tmp Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe File created: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe.BAK Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream PDF Editor 3.lnk Jump to behavior
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00407DEE IsIconic, 20_2_00407DEE
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Window / User API: threadDelayed 9916 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Window / User API: threadDelayed 9996 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-LCLTR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-T1BNR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qicns.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-string-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-C4NAE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe.BAK Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-F9SRF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-NIFON.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-JCCI9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-heap-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-8CTAA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-2DG5N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-KBLEA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-045QH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-utility-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-HDI2E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-2PJLM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\libssl-1_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-SI4OP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-M2DS0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-E2EPR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-CJEQM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\libcrypto-1_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\styles\is-GOQN9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-IKESB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qico.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-32IQI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-O4563.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-QMD9M.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-K28TK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-9JTNT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-MDI6D.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\msvcp120.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qgif.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwbmp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-processthreads-l1-1-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-B31EP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\msvcr120.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-V173U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-HQS0M.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-6PKIS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-US2TH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\icepdfeditor.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-I5I15.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\platforms\qwindows.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-ME4M5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-locale-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-TFOAP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-BH5LP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-math-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-71RVD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-MJ811.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-GS8SF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-timezone-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-E29SC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-HUMQ2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qjpeg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-HINO1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-K7OKT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-H2HIE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\is-EH0TS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-I5AN5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-PBJI8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\pdfcore-x86.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-AVR5I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-JO2A2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-0J7P8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-filesystem-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\styles\qwindowsvistastyle.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\platforms\is-NOM8F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-AH44U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-runtime-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-REGAU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-9LV8H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtga.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-4RU8B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-G9D6N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-NV1R0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-SD5L0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-OPH5U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-CTDA2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-UP5T5.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-IQNAL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-S3L1J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-IQ6N1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-EF39E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-GIDFB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\iconengines\qsvgicon.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-M4EGV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\CrashSender1403.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-stdio-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-4VH3K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-EOFBO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-EQQK5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-NR85U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-H3B6T.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-FEC93.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-NULG8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\DebenuPDFLibraryDLL1212.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-convert-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-0VCGO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-C5UR9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-OE5OD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-5NCII.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-IUBHJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-348E9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-louserzation-l1-2-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qsvg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-B7R59.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-time-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-A1NMJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-5FD3K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-crt-environment-l1-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qwebp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l1-2-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-632VQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\msvcp140_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\qtiff.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-33JEM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-7RINB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-SS9TM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\imageformats\is-3RLDL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-synch-l1-2-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\api-ms-win-core-file-l2-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Dropped PE file which has not been started: C:\Program Files (x86)\Icecream PDF Editor 3\is-D2OAP.tmp Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe API coverage: 6.4 %
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BA69I.tmp\pdf_editor_setup_Downloadly.ir.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040A3B8 FindFirstFileA,GetLastError, 20_2_0040A3B8
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040A07E FindFirstFileA,FindClose, 20_2_0040A07E
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040A190 FindFirstFileA,FindClose, 20_2_0040A190
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00406490 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, 20_2_00406490
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040757E GetSystemInfo, 20_2_0040757E
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000002.1572444290.0000000000749000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9-
Source: pdf_editor_setup_Downloadly.ir.tmp, 0000000A.00000002.1572444290.0000000000749000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: Patch.exe, 00000014.00000003.1947588604.000000000074A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Patch.exe, 0000001C.00000002.2473359257.000000000094C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process information queried: ProcessInformation Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 28_2_008F0000 LdrInitializeThunk, 28_2_008F0000
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://icecreamapps.com/ Jump to behavior
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Process created: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp "c:\users\user\appdata\local\temp\is-7k9qh.tmp\pdf_editor_setup_downloadly.ir.tmp" /sl5="$70300,22152334,238080,c:\users\user\appdata\local\temp\temp1_mde_file_sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_downloadly.ir.exe" /spawnwnd=$602c2 /notifywnd=$601f8
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_Downloadly.ir.exe Process created: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp "c:\users\user\appdata\local\temp\is-7k9qh.tmp\pdf_editor_setup_downloadly.ir.tmp" /sl5="$70300,22152334,238080,c:\users\user\appdata\local\temp\temp1_mde_file_sample_274f715c8cf38126dbbd4bcae3b6fed8ecedb649.zip\pdf_editor_setup_downloadly.ir.exe" /spawnwnd=$602c2 /notifywnd=$601f8 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00407298 AllocateAndInitializeSid,RegCreateKeyExA,RegQueryValueExA,CopyFileA,CreateMutexA, 20_2_00407298
Source: Patch.exe, 00000014.00000002.1955126707.0000000000401000.00000040.00000001.01000000.0000000B.sdmp Binary or memory string: Shell_TrayWndSVW
Source: Patch.exe, Patch.exe, 00000014.00000002.1955126707.0000000000401000.00000040.00000001.01000000.0000000B.sdmp Binary or memory string: Shell_TrayWnd
Source: Patch.exe, 00000014.00000002.1955126707.0000000000401000.00000040.00000001.01000000.0000000B.sdmp Binary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, 20_2_00406654
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: GetLocaleInfoA, 20_2_0040D2E8
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: GetLocaleInfoA, 20_2_0040D29C
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7K9QH.tmp\pdf_editor_setup_Downloadly.ir.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Queries volume information: C:\Users\user\Desktop\Archive.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Queries volume information: C:\Users\user\Desktop\Archive.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Queries volume information: C:\Users\user\Desktop\Archive.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Queries volume information: C:\Users\user\Desktop\Archive.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Queries volume information: C:\Users\user\Desktop\Archive.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Queries volume information: C:\Users\user\Desktop\Archive.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040BBCC GetLocalTime, 20_2_0040BBCC
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00407386 GetUserNameA, 20_2_00407386
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_00407596 GetTimeZoneInformation, 20_2_00407596
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf-2.zip\Patch.exe Code function: 20_2_0040E290 GetVersionExA, 20_2_0040E290
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1541179 Sample: Archive.zip Startdate: 24/10/2024 Architecture: WINDOWS Score: 34 9 pdf_editor_setup_Downloadly.ir.exe 2 2->9         started        12 Patch.exe 3 19 2->12         started        15 Patch.exe 3 2->15         started        17 4 other processes 2->17 file3 40 C:\...\pdf_editor_setup_Downloadly.ir.tmp, PE32 9->40 dropped 19 pdf_editor_setup_Downloadly.ir.tmp 1 9->19         started        42 C:\...\icepdfeditor.exe.BAK, PE32 12->42 dropped 66 Accesses ntoskrnl, likely to find offsets for exploits 12->66 21 chrome.exe 12->21         started        signatures4 process5 process6 23 pdf_editor_setup_Downloadly.ir.exe 2 19->23         started        26 chrome.exe 21->26         started        dnsIp7 38 C:\...\pdf_editor_setup_Downloadly.ir.tmp, PE32 23->38 dropped 29 pdf_editor_setup_Downloadly.ir.tmp 44 135 23->29         started        60 static.icecreamapps.com 26->60 62 icecreamapps.com 26->62 64 2 other IPs or domains 26->64 file8 process9 file10 44 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 29->44 dropped 46 C:\...\vcruntime140.dll (copy), PE32 29->46 dropped 48 C:\...\unins000.exe (copy), PE32 29->48 dropped 50 134 other files (none is malicious) 29->50 dropped 32 chrome.exe 29->32         started        process11 dnsIp12 52 239.255.255.250 unknown Reserved 32->52 35 chrome.exe 32->35         started        process13 dnsIp14 54 icecreamapps.com 37.58.52.149, 443, 49704, 49710 LEASEWEB-DE-FRA-10DE Germany 35->54 56 cl-2d703670.gcdn.co 92.223.124.62, 443, 49708, 49709 GCOREAT Austria 35->56 58 2 other IPs or domains 35->58
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
92.223.124.62
 cl-2d703670.gcdn.co Austria
199524 GCOREAT false
37.58.52.149
 icecreamapps.com Germany
28753 LEASEWEB-DE-FRA-10DE false

Contacted Domains

Name IP Active
icecreamapps.com 37.58.52.149 true
cl-2d703670.gcdn.co 92.223.124.62 true
static.icecreamapps.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://icecreamapps.com/PDF-Editor/thankyou.html?v=3.27 false
    		unknown
    https://icecreamapps.com/ false
      		unknown