Windows Analysis Report
http://www.free-pdf-creator.com

Overview

General Information

Sample URL: http://www.free-pdf-creator.com
Analysis ID: 1417187
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Downloads suspicious files via Chrome
Queries memory information (via WMI often done to detect virtual machines)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
PE file overlay found
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Tries to load missing DLLs

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: http://www.free-pdf-creator.com Avira URL Cloud: detection malicious, Label: malware
Antivirus detection for URL or domain
Source: https://www.free-pdf-creator.com/lps/typ/not-completed.html?screen=second Avira URL Cloud: Label: malware
Source: https://api.free-pdf-creator.com/first_run.php Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/legal/privacy.html Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/lps/typ/ Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/lps/typ/?offer=true Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/lps/typ/?offer=falseC: Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/lps/typ/?offer=falsePSModulePath=C: Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/lps/typ/not-completed.html?screen=first Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/lps/typ/uninstall.htmlhtml Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/lps/typ/?offer=false0 Avira URL Cloud: Label: malware
Source: http://api.free-pdf-creator.com:443/P Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/legal/eula.html Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/legal/terms.html Avira URL Cloud: Label: malware
Source: https://www.free-pdf-creator.com/lps/typ/?offer=false HTTP Parser: No favicon
Source: https://www.free-pdf-creator.com/lps/typ/?offer=false HTTP Parser: No favicon
Source: https://www.free-pdf-creator.com/lps/typ/?offer=false HTTP Parser: No favicon
Source: Binary string: Microsoft.CSharp.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.Concurrent.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.ComponentModel.DataAnnotations/Release/net8.0-windows/System.ComponentModel.DataAnnotations.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Diagnostics.Process.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: Microsoft.Win32.Registry.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\bin\PenImc\x64\Release\PenImc_cor3.pdb source: PenImc_cor3.dll.13.dr
Source: Binary string: Microsoft.VisualBasic.Core.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections\Release\net8.0\System.Collections.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/WindowsBase/x64/Release/net8.0/WindowsBase.pdb source: free-pdf-creator.exe, 0000000D.00000002.1634658956.000001E763AE0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: free-pdf-creator.exe, 0000000D.00000002.1475614013.000001A6CAB30000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.VisualBasic.Core\Release\net8.0-windows\Microsoft.VisualBasic.Core.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.NonGeneric\Release\net8.0\System.Collections.NonGeneric.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: free-pdf-creator.exe, 0000000D.00000000.1341510994.00007FF7D7F74000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Concurrent\Release\net8.0\System.Collections.Concurrent.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.ComponentModel.DataAnnotations/Release/net8.0-windows/System.ComponentModel.DataAnnotations.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/WindowsBase/x64/Release/net8.0/WindowsBase.pdbRSDS source: free-pdf-creator.exe, 0000000D.00000002.1634658956.000001E763AE0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.NonGeneric.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Xaml.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475781727.000001A6CAB52000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Diagnostics.Debug/Release/net8.0-windows/System.Diagnostics.Debug.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.EventBasedAsync.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Xaml/x64/Release/net8.0/System.Xaml.pdbRSDS source: free-pdf-creator.exe, 0000000D.00000002.1475781727.000001A6CAB52000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Private.CoreLib.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256r[ source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdbSHA256z source: free-pdf-creator.exe, 0000000D.00000002.1475614013.000001A6CAB30000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: System.Diagnostics.FileVersionInfo.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.Specialized.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.TypeConverter.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdbSHA2564g source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/PresentationFramework/x64/Release/net8.0/PresentationFramework.pdb source: free-pdf-creator.exe, 0000000D.00000002.1571928316.000001E761C10000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: WindowsBase.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1634658956.000001E763AE0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Annotations\Release\net8.0\System.ComponentModel.Annotations.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Xaml/x64/Release/net8.0/System.Xaml.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475781727.000001A6CAB52000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: C:\development\pdfconfigurator\PDFConfigurator\PDFConfigurator\obj\Release\net8.0-windows\win-x64\PDFConfigurator.pdb source: free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebHeaderCollection\Release\net8.0\System.Net.WebHeaderCollection.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475436107.000001A6CAB01000.00000020.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel\Release\net8.0\System.ComponentModel.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.IO.Packaging/Release/net8.0/System.IO.Packaging.pdb source: free-pdf-creator.exe, 0000000D.00000002.1479206646.000001A6CACB0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: System.Net.WebHeaderCollection.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475436107.000001A6CAB01000.00000020.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.TypeConverter\Release\net8.0\System.ComponentModel.TypeConverter.pdbSHA2568 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.Immutable.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475614013.000001A6CAB30000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.TypeConverter\Release\net8.0\System.ComponentModel.TypeConverter.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Console.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: C:\development\pdfconfigurator\PDFConfigurator\PDFConfigurator\obj\Release\net8.0-windows\win-x64\PDFConfigurator.pdbSHA256l source: free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475614013.000001A6CAB30000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Diagnostics.Debug/Release/net8.0-windows/System.Diagnostics.Debug.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Data.Common.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Specialized\Release\net8.0\System.Collections.Specialized.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.EventBasedAsync\Release\net8.0\System.ComponentModel.EventBasedAsync.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\bin\PresentationNative\x64\Release\PresentationNative_cor3.pdb source: PresentationNative_cor3.dll.13.dr
Source: Binary string: System.IO.Packaging.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1479206646.000001A6CACB0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\bin\PenImc\x64\Release\PenImc_cor3.pdbII source: PenImc_cor3.dll.13.dr
Source: Binary string: PresentationFramework.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1571928316.000001E761C10000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.FileVersionInfo\Release\net8.0-windows\System.Diagnostics.FileVersionInfo.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.Annotations.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: z: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: x: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: v: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: t: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: r: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: p: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: n: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: l: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: j: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: h: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: f: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: b: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: y: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: w: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: u: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: s: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: q: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: o: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: m: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: k: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: i: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: g: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: e: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: c: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: a: Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData\Local\Microsoft Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData\Local\Microsoft\Media Player Jump to behavior
Source: chrome.exe Memory has grown: Private usage: 1MB later: 46MB
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: http://.css
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: http://.jpg
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA17000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://api.free-pdf-creator.com:443/P
Source: chromecache_157.1.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA41000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/PDFConfigurator;component/Resources/Images/NextWhite.pngP
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CD800000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/PDFConfigurator;component/Resources/Images/ShutDownWhite.pngP
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA41000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://foo/Resources/Images/NextWhite.pngP
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CD800000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://foo/Resources/Images/ShutDownWhite.png
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA41000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/resources/images/nextwhite.png
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA41000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/resources/images/nextwhite.pngP
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CD800000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/resources/images/shutdownwhite.png
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: http://html4/loose.dtd
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA41000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: http://nsis.sourceforge.net/Docs/AppendixG.html
Source: chromecache_157.1.dr String found in binary or memory: http://ocsp.thawte.com0
Source: chromecache_157.1.dr String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: chromecache_157.1.dr String found in binary or memory: http://s2.symcb.com0
Source: C5C8CC0A7FE31816B4641D04654025600.0.dr String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt
Source: chromecache_157.1.dr String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: chromecache_157.1.dr String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: chromecache_157.1.dr String found in binary or memory: http://sv.symcd.com0&
Source: chromecache_157.1.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: chromecache_157.1.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: chromecache_157.1.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: chromecache_157.1.dr String found in binary or memory: http://www.fontfont.com/https://www.fontfont.com/licensingAlternate
Source: chromecache_157.1.dr String found in binary or memory: http://www.symauth.com/cps0(
Source: chromecache_157.1.dr String found in binary or memory: http://www.symauth.com/rpa00
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://aka.ms/GlobalizationInvariantMode
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75FFB9000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1479206646.000001A6CACB0000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/binaryformatter
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/dotnet-core-applaunch?
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/dotnet-core-applaunch?Description:
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75FFB9000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://aka.ms/dotnet-illink/com
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75FFB9000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://aka.ms/dotnet-illink/nativehost
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75FFB9000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://aka.ms/dotnet-illink/nativehostt
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/dotnet/app-launch-failed
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/dotnet/download
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/dotnet/download%s%sInstall
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/dotnet/info
Source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/dotnet/sdk-not-found
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://aka.ms/nativeaot-compatibility
Source: free-pdf-creator.exe, 0000000D.00000002.1479206646.000001A6CACB0000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
Source: chromecache_144.1.dr String found in binary or memory: https://api.cloudconvert.com/v2/tasks/008027f8-d08d-418b-a1df-890060f3486a
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://api.free-pdf-creator.com/first_run.php
Source: f31152c9-f4dc-4293-a2e0-88b4317cc86f.tmp.0.dr String found in binary or memory: https://cdn.jsdelivr.net/npm/
Source: chromecache_147.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Source: chrome.exe, 0000000F.00000003.1415308424.000016C0002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1415203060.000016C0002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chromecache_157.1.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: chromecache_157.1.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: chromecache_127.1.dr String found in binary or memory: https://fontawesome.com
Source: chromecache_127.1.dr String found in binary or memory: https://fontawesome.com/license/free
Source: f31152c9-f4dc-4293-a2e0-88b4317cc86f.tmp.0.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:100
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfABc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBxc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfCBc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfCRc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfChc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfCxc4EsA.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_141.1.dr, chromecache_162.1.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7jsDJT9g.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7ksDJT9g.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7osDJT9g.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDJT9g.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7qsDJT9g.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7rsDJT9g.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidg18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidh18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidi18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidj18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkido18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidv18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdg18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdh18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdj18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdo18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdv18Smxg.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmxduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlBduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmBduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmhduz8A.woff2)
Source: chromecache_152.1.dr String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmxduz8A.woff2)
Source: chromecache_164.1.dr, chromecache_131.1.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_131.1.dr String found in binary or memory: https://github.com/StartBootstrap/startbootstrap-stylish-portfolio/blob/master/LICENSE)
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/dotnet/runtime
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/dotnet/runtime%
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://github.com/dotnet/runtime/blob/bbc898f3e5678135b242faeb6eefd8b24bf04f3c/src/native/corehost/
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/dotnet/runtime/issues/50821
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://github.com/dotnet/runtime/issues/71847
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/dotnet/runtimeVL
Source: free-pdf-creator.exe, 0000000D.00000002.1571928316.000001E762732000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1571928316.000001E761C10000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1475781727.000001A6CAB52000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://github.com/dotnet/wpf
Source: free-pdf-creator.exe, 0000000D.00000002.1571928316.000001E762732000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1571928316.000001E761C10000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1475781727.000001A6CAB52000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://github.com/dotnet/wpf4
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/mono/linker/issues/1187
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/mono/linker/issues/1416.
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/mono/linker/issues/1731
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/mono/linker/issues/1895v
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/mono/linker/issues/1906.
Source: Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/mono/linker/issues/1981
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://github.com/mono/linker/issues/378
Source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp String found in binary or memory: https://github.com/mono/linker/pull/649
Source: chromecache_164.1.dr, chromecache_131.1.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_164.1.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA41000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://marketplace.firefox.com/developers/docs/policies/agreement
Source: chromecache_147.1.dr String found in binary or memory: https://netjs.org/conversion.js?p=ic_cfpp&r=
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://pc.amazing-search.com
Source: chromecache_147.1.dr String found in binary or memory: https://pdf.activegn.com/
Source: chromecache_131.1.dr String found in binary or memory: https://startbootstrap.com/theme/stylish-portfolio)
Source: chromecache_147.1.dr String found in binary or memory: https://v.compiler.pw/conversion.js?cid=
Source: free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.amazing-search.com/legal/contact.html
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.amazing-search.com/legal/license.html
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.amazing-search.com/legal/privacy.html
Source: free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.free-pdf-creator.com/legal/eula.html
Source: free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.free-pdf-creator.com/legal/privacy.html
Source: free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.free-pdf-creator.com/legal/terms.html
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.free-pdf-creator.com/lps/typ/
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.1418231589.00002BB8002A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.1414839126.000016C0002AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.1417030980.000016C000238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.1417585859.00002BB800230000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.1416165830.0000013D804D0000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.free-pdf-creator.com/lps/typ/?offer=false
Source: free-pdf-creator.exe, 0000000D.00000002.1481363915.000001A6CD5C3000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.free-pdf-creator.com/lps/typ/?offer=false0
Source: chrome.exe, 0000000F.00000002.1418050574.00002BB800278000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.1416165830.0000013D804D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.free-pdf-creator.com/lps/typ/?offer=falseC:
Source: chrome.exe, 0000000F.00000002.1417030980.000016C000238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.free-pdf-creator.com/lps/typ/?offer=falsePSModulePath=C:
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.free-pdf-creator.com/lps/typ/?offer=true
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.free-pdf-creator.com/lps/typ/not-completed.html?screen=first
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.free-pdf-creator.com/lps/typ/not-completed.html?screen=second
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.free-pdf-creator.com/lps/typ/uninstall.htmlhtml
Source: free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA41000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.pdf.smart-websearch.com/legal/contact.html
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1481363915.000001A6CD400000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA41000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.pdf.smart-websearch.com/legal/privacy.html.
Source: free-pdf-creator.exe, 0000000D.00000002.1551472952.000001E761170000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, free-pdf-creator.exe, 0000000D.00000002.1481363915.000001A6CD400000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA41000.00000004.00001000.00020000.00000000.sdmp, free-pdf-creator.exe, 0000000D.00000002.1487074260.000001A6CDA1D000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 395789.crdownload.0.dr String found in binary or memory: https://www.pdf.smart-websearch.com/legal/uninstallation.html

System Summary
barindex
Downloads suspicious files via Chrome
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File dump: C:\Users\user\Desktop\Free PDF Creator.lnk Jump to dropped file
PE file contains executable resources (Code or Archives)
Source: Unconfirmed 395789.crdownload.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
PE file contains strange resources
Source: wpfgfx_cor3.dll.13.dr Static PE information: Resource name: RT_RCDATA type: MacBinary, ID 0xc0, comment length 220, 2nd header length 57600, Tue Jul 10 02:10:40 2040 INVALID date, modified Mon Feb 6 07:28:16 2040, creator ' ', type ' ', 131073 bytes "\377\377" , at 0x20081 65542 bytes resource
Source: wpfgfx_cor3.dll.13.dr Static PE information: Resource name: RT_RCDATA type: MacBinary, ID 0xc0, comment length 220, 2nd header length 57600, Tue Jul 10 02:10:40 2040 INVALID date, modified Mon Feb 6 07:28:16 2040, creator ' ', type ' ', 131073 bytes "\377\377" , at 0x20081 65542 bytes resource
Source: wpfgfx_cor3.dll.13.dr Static PE information: Resource name: RT_RCDATA type: MacBinary, ID 0xc0, comment length 216, char. code 0x2, 2nd header length 61440, Sat Jul 7 01:21:36 2040 INVALID date, modified Mon Feb 6 07:28:16 2040, creator ' ', type ' ', 131072 bytes "\377\377" , at 0x20080 65538 bytes resource
PE file does not import any functions
Source: 1f4527b0-ea2c-485b-a693-22c42c540383.tmp.0.dr Static PE information: No import functions for PE file found
PE file overlay found
Source: 1f4527b0-ea2c-485b-a693-22c42c540383.tmp.0.dr Static PE information: Data appended to the last section found
Tries to load missing DLLs
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: icu.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: d3dcompiler_47_cor3.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dxva2.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wmp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wmploc.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wmnetmgr.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: msv1_0.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ntlmshared.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: cryptdll.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wdigest.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wshunix.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: msctfui.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mf.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mfcore.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ksuser.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mftranscode.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wmpeffects.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: msdmo.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mfasfsrcsnk.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: avrt.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: evr.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: colorcnv.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: comppkgsup.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: windows.media.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: windows.applicationmodel.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: appxdeploymentclient.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wmvdecod.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wmadmod.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: resampledmo.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: mfps.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: classification engine Classification label: mal64.evad.win@30/114@0/29
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Mutant created: NULL
Source: C:\Users\user\Downloads\free-pdf-creator.exe File created: C:\Users\user\AppData\Local\Temp\.net Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.free-pdf-creator.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,986595434633665258,420894585385562774,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1940,i,986595434633665258,420894585385562774,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Users\user\Downloads\free-pdf-creator.exe "C:\Users\user\Downloads\free-pdf-creator.exe"
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.free-pdf-creator.com/lps/typ/?offer=false
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,986595434633665258,420894585385562774,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1940,i,986595434633665258,420894585385562774,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Users\user\Downloads\free-pdf-creator.exe "C:\Users\user\Downloads\free-pdf-creator.exe" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.free-pdf-creator.com/lps/typ/?offer=false Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InprocServer32 Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Free PDF Creator.lnk.0.dr LNK file: ..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Free PDF Creator.lnk0.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Free PDF Creator.lnk1.0.dr LNK file: ..\..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Binary string: Microsoft.CSharp.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.Concurrent.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.ComponentModel.DataAnnotations/Release/net8.0-windows/System.ComponentModel.DataAnnotations.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Diagnostics.Process.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: Microsoft.Win32.Registry.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\bin\PenImc\x64\Release\PenImc_cor3.pdb source: PenImc_cor3.dll.13.dr
Source: Binary string: Microsoft.VisualBasic.Core.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections\Release\net8.0\System.Collections.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/WindowsBase/x64/Release/net8.0/WindowsBase.pdb source: free-pdf-creator.exe, 0000000D.00000002.1634658956.000001E763AE0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: free-pdf-creator.exe, 0000000D.00000002.1475614013.000001A6CAB30000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.VisualBasic.Core\Release\net8.0-windows\Microsoft.VisualBasic.Core.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.NonGeneric\Release\net8.0\System.Collections.NonGeneric.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: free-pdf-creator.exe, 0000000D.00000000.1341510994.00007FF7D7F74000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Concurrent\Release\net8.0\System.Collections.Concurrent.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.ComponentModel.DataAnnotations/Release/net8.0-windows/System.ComponentModel.DataAnnotations.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/WindowsBase/x64/Release/net8.0/WindowsBase.pdbRSDS source: free-pdf-creator.exe, 0000000D.00000002.1634658956.000001E763AE0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.NonGeneric.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Xaml.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475781727.000001A6CAB52000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Diagnostics.Debug/Release/net8.0-windows/System.Diagnostics.Debug.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.EventBasedAsync.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Xaml/x64/Release/net8.0/System.Xaml.pdbRSDS source: free-pdf-creator.exe, 0000000D.00000002.1475781727.000001A6CAB52000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Private.CoreLib.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256r[ source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdbSHA256z source: free-pdf-creator.exe, 0000000D.00000002.1475614013.000001A6CAB30000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: System.Diagnostics.FileVersionInfo.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.Specialized.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.TypeConverter.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdbSHA2564g source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/PresentationFramework/x64/Release/net8.0/PresentationFramework.pdb source: free-pdf-creator.exe, 0000000D.00000002.1571928316.000001E761C10000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: WindowsBase.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1634658956.000001E763AE0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Annotations\Release\net8.0\System.ComponentModel.Annotations.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Xaml/x64/Release/net8.0/System.Xaml.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475781727.000001A6CAB52000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: C:\development\pdfconfigurator\PDFConfigurator\PDFConfigurator\obj\Release\net8.0-windows\win-x64\PDFConfigurator.pdb source: free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebHeaderCollection\Release\net8.0\System.Net.WebHeaderCollection.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475436107.000001A6CAB01000.00000020.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: free-pdf-creator.exe, 0000000D.00000000.1340982274.00007FF7D7D98000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: free-pdf-creator.exe, 0000000D.00000002.1512280340.000001E75F840000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel\Release\net8.0\System.ComponentModel.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.IO.Packaging/Release/net8.0/System.IO.Packaging.pdb source: free-pdf-creator.exe, 0000000D.00000002.1479206646.000001A6CACB0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: System.Net.WebHeaderCollection.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475436107.000001A6CAB01000.00000020.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.TypeConverter\Release\net8.0\System.ComponentModel.TypeConverter.pdbSHA2568 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Collections.Immutable.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475614013.000001A6CAB30000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.TypeConverter\Release\net8.0\System.ComponentModel.TypeConverter.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Console.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: C:\development\pdfconfigurator\PDFConfigurator\PDFConfigurator\obj\Release\net8.0-windows\win-x64\PDFConfigurator.pdbSHA256l source: free-pdf-creator.exe, 0000000D.00000002.1552512777.000001E761570000.00000002.00000001.00040000.00000006.sdmp, Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: free-pdf-creator.exe, 0000000D.00000002.1475614013.000001A6CAB30000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Diagnostics.Debug/Release/net8.0-windows/System.Diagnostics.Debug.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.Data.Common.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Specialized\Release\net8.0\System.Collections.Specialized.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.EventBasedAsync\Release\net8.0\System.ComponentModel.EventBasedAsync.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\bin\PresentationNative\x64\Release\PresentationNative_cor3.pdb source: PresentationNative_cor3.dll.13.dr
Source: Binary string: System.IO.Packaging.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1479206646.000001A6CACB0000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\bin\PenImc\x64\Release\PenImc_cor3.pdbII source: PenImc_cor3.dll.13.dr
Source: Binary string: PresentationFramework.ni.pdb source: free-pdf-creator.exe, 0000000D.00000002.1571928316.000001E761C10000.00000002.00000001.00040000.00000006.sdmp
Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdbSHA256 source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.FileVersionInfo\Release\net8.0-windows\System.Diagnostics.FileVersionInfo.pdb source: Unconfirmed 395789.crdownload.0.dr
Source: Binary string: System.ComponentModel.Annotations.ni.pdb source: Unconfirmed 395789.crdownload.0.dr
Binary contains a suspicious time stamp
Source: vcruntime140_cor3.dll.13.dr Static PE information: 0x97A23CDB [Sat Aug 13 08:27:07 2050 UTC]
PE file contains an invalid checksum
Source: 1f4527b0-ea2c-485b-a693-22c42c540383.tmp.0.dr Static PE information: real checksum: 0x923a1d4 should be: 0x1a047
PE file contains sections with non-standard names
Source: 1f4527b0-ea2c-485b-a693-22c42c540383.tmp.0.dr Static PE information: section name: .CLR_UEF
Source: 1f4527b0-ea2c-485b-a693-22c42c540383.tmp.0.dr Static PE information: section name: .didat
Source: 1f4527b0-ea2c-485b-a693-22c42c540383.tmp.0.dr Static PE information: section name: Section
Source: 1f4527b0-ea2c-485b-a693-22c42c540383.tmp.0.dr Static PE information: section name: _RDATA
Source: Unconfirmed 395789.crdownload.0.dr Static PE information: section name: .CLR_UEF
Source: Unconfirmed 395789.crdownload.0.dr Static PE information: section name: .didat
Source: Unconfirmed 395789.crdownload.0.dr Static PE information: section name: Section
Source: Unconfirmed 395789.crdownload.0.dr Static PE information: section name: _RDATA
Source: PenImc_cor3.dll.13.dr Static PE information: section name: .orpc
Source: PenImc_cor3.dll.13.dr Static PE information: section name: _RDATA
Source: PresentationNative_cor3.dll.13.dr Static PE information: section name: _RDATA
Source: vcruntime140_cor3.dll.13.dr Static PE information: section name: fothk
Source: vcruntime140_cor3.dll.13.dr Static PE information: section name: _RDATA
Source: wpfgfx_cor3.dll.13.dr Static PE information: section name: .didat
Source: wpfgfx_cor3.dll.13.dr Static PE information: section name: _RDATA
Drops PE files
Source: C:\Users\user\Downloads\free-pdf-creator.exe File created: C:\Users\user\AppData\Local\Temp\.net\free-pdf-creator\e90\vcruntime140_cor3.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\1f4527b0-ea2c-485b-a693-22c42c540383.tmp Jump to dropped file
Source: C:\Users\user\Downloads\free-pdf-creator.exe File created: C:\Users\user\AppData\Local\Temp\.net\free-pdf-creator\e90\PenImc_cor3.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\free-pdf-creator.exe (copy) Jump to dropped file
Source: C:\Users\user\Downloads\free-pdf-creator.exe File created: C:\Users\user\AppData\Local\Temp\.net\free-pdf-creator\e90\D3DCompiler_47_cor3.dll Jump to dropped file
Source: C:\Users\user\Downloads\free-pdf-creator.exe File created: C:\Users\user\AppData\Local\Temp\.net\free-pdf-creator\e90\wpfgfx_cor3.dll Jump to dropped file
Source: C:\Users\user\Downloads\free-pdf-creator.exe File created: C:\Users\user\AppData\Local\Temp\.net\free-pdf-creator\e90\PresentationNative_cor3.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 395789.crdownload Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Free PDF Creator.lnk Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Downloads\free-pdf-creator.exe WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_PortConnector Where Tag="Port Connector 0"
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Downloads\free-pdf-creator.exe Memory allocated: 1A6CAA00000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Downloads\free-pdf-creator.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Downloads\free-pdf-creator.exe Window / User API: threadDelayed 589 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Downloads\free-pdf-creator.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\free-pdf-creator\e90\vcruntime140_cor3.dll Jump to dropped file
Source: C:\Users\user\Downloads\free-pdf-creator.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\free-pdf-creator\e90\PenImc_cor3.dll Jump to dropped file
Source: C:\Users\user\Downloads\free-pdf-creator.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\free-pdf-creator\e90\wpfgfx_cor3.dll Jump to dropped file
Source: C:\Users\user\Downloads\free-pdf-creator.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\free-pdf-creator\e90\PresentationNative_cor3.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Downloads\free-pdf-creator.exe TID: 3312 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData\Local\Microsoft Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe File opened: C:\Users\user\AppData\Local\Microsoft\Media Player Jump to behavior
Enables debug privileges
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Downloads\free-pdf-creator.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.free-pdf-creator.com/lps/typ/?offer=false Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\free-pdf-creator.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417187 URL: http://www.free-pdf-creator.com Startdate: 28/03/2024 Architecture: WINDOWS Score: 64 50 Antivirus detection for URL or domain 2->50 52 Antivirus / Scanner detection for submitted sample 2->52 54 Downloads suspicious files via Chrome 2->54 7 chrome.exe 43 2->7         started        process3 dnsIp4 38 104.18.21.226 CLOUDFLARENETUS United States 7->38 40 23.53.35.206 AKAMAI-ASN1EU United States 7->40 42 3 other IPs or domains 7->42 22 C:\Users\user\Desktop\Free PDF Creator.lnk, MS 7->22 dropped 24 C:\Users\user\...\free-pdf-creator.exe (copy), PE32+ 7->24 dropped 26 C:\Users\...\Unconfirmed 395789.crdownload, PE32+ 7->26 dropped 28 1f4527b0-ea2c-485b-a693-22c42c540383.tmp, PE32+ 7->28 dropped 11 free-pdf-creator.exe 39 46 7->11         started        15 chrome.exe 7->15         started        18 chrome.exe 7->18         started        file5 process6 dnsIp7 30 C:\Users\user\AppData\...\wpfgfx_cor3.dll, PE32+ 11->30 dropped 32 C:\Users\user\...\vcruntime140_cor3.dll, PE32+ 11->32 dropped 34 C:\Users\user\...\PresentationNative_cor3.dll, PE32+ 11->34 dropped 36 2 other files (none is malicious) 11->36 dropped 56 Queries memory information (via WMI often done to detect virtual machines) 11->56 20 chrome.exe 11->20         started        44 18.165.98.53 MIT-GATEWAYSUS United States 15->44 46 142.251.16.138 GOOGLEUS United States 15->46 48 22 other IPs or domains 15->48 file8 signatures9 process10
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
18.158.22.207
 unknown United States
16509 AMAZON-02US false
142.251.167.147
 unknown United States
15169 GOOGLEUS false
34.196.146.107
 unknown United States
14618 AMAZON-AESUS false
142.251.16.138
 unknown United States
15169 GOOGLEUS false
142.251.167.94
 unknown United States
15169 GOOGLEUS false
142.251.167.95
 unknown United States
15169 GOOGLEUS false
104.21.20.130
 unknown United States
13335 CLOUDFLARENETUS false
172.67.192.232
 unknown United States
13335 CLOUDFLARENETUS false
104.21.69.128
 unknown United States
13335 CLOUDFLARENETUS false
142.251.163.94
 unknown United States
15169 GOOGLEUS false
172.253.62.102
 unknown United States
15169 GOOGLEUS false
151.101.1.229
 unknown United States
54113 FASTLYUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
18.159.237.166
 unknown United States
16509 AMAZON-02US false
172.253.63.95
 unknown United States
15169 GOOGLEUS false
172.253.63.94
 unknown United States
15169 GOOGLEUS false
151.101.65.229
 unknown United States
54113 FASTLYUS false
104.18.21.226
 unknown United States
13335 CLOUDFLARENETUS false
23.53.35.206
 unknown United States
20940 AKAMAI-ASN1EU false
52.217.133.9
 unknown United States
16509 AMAZON-02US false
172.253.122.94
 unknown United States
15169 GOOGLEUS false
18.165.98.53
 unknown United States
3 MIT-GATEWAYSUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.251.16.95
 unknown United States
15169 GOOGLEUS false
104.17.25.14
 unknown United States
13335 CLOUDFLARENETUS false
142.251.163.84
 unknown United States
15169 GOOGLEUS false
172.64.207.38
 unknown United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.16
192.168.2.5

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://pdf.activegn.com/ false
    		unknown
    https://www.free-pdf-creator.com/lps/typ/?offer=false false
      		unknown
      file:///C:/Users/user/Downloads/download.htm false
      • Avira URL Cloud: safe
      		 low
      file:///C:/Users/user/Downloads/download%20(1).htm false
      • Avira URL Cloud: safe
      		 low
      https://www.free-pdf-creator.com/ false
        		unknown