Edit tour

Windows Analysis Report
http://pixel.pdfixers.com

Overview

General Information

Sample URL:	http://pixel.pdfixers.com
Analysis ID:	1416008
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,15126954461190334033,2795290153362884502,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pixel.pdfixers.com" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://pixel.pdfixers.com

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	Avira URL Cloud: Label: malware
Source: https://pixel.pdfixers.com/favicon.ico	Avira URL Cloud: Label: malware

Source: https://pixel.pdfixers.com/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.10:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.10:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49725 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: pixel.pdfixers.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: pixel.pdfixers.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pixel.pdfixers.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=lsmb3J1+jSDu8m3gIABJU45mMFcgweh6YRPT0zaAEFBc9V1mPJ5LEHb/AQXNkk341PKjDU6Psx3DUm3vR+N+mQpWaQXCp/qEDx3YbmBcQGM/8Opv0WLRYZhJM/ah
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pixel.pdfixers.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pixel.pdfixers.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=lsmb3J1+jSDu8m3gIABJU45mMFcgweh6YRPT0zaAEFBc9V1mPJ5LEHb/AQXNkk341PKjDU6Psx3DUm3vR+N+mQpWaQXCp/qEDx3YbmBcQGM/8Opv0WLRYZhJM/ah
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pixel.pdfixers.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=GSP1VBr1btN5Q21lAqmMhHbWZ9tCgYtk2OYNDq8mXXucEsxIgTxp1A35iMZ7qSHu179wCm+qDASd/7Vx729WgCjY3OEHozYLhUt56Bui5sBCkmRLRNhrIlk7NkIM
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: pixel.pdfixers.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A4109007A20X-BM-CBT: 1696501796X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: D95703EFC0844C95954C44563A05B5B6X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109007A20X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 608Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=4DCD32EA63724A15B9FCA9A424F62E4E&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696499427949&IPMH=7bc3b11d&IPMID=1696501796291&HV=1696501608; CortanaAppUID=AE9A00680BF8963DCED9ECF7ABA334B4; MUID=985D67226D4E42EFB34FF259DA244FF8; _SS=SID=1C5CE73126DC645D35AAF490270A65A3&CPID=1696501797283&AC=1&CPH=893a1c21; _EDGE_S=SID=1C5CE73126DC645D35AAF490270A65A3; MUIDB=985D67226D4E42EFB34FF259DA244FF8

Source: chromecache_65.3.dr, chromecache_66.3.dr, chromecache_67.3.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: chromecache_69.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunitosans/v15/pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8u

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.10:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.10:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49725 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@17/15@8/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,15126954461190334033,2795290153362884502,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pixel.pdfixers.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,15126954461190334033,2795290153362884502,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://pixel.pdfixers.com	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label	Link
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	100%	Avira URL Cloud	malware
https://pixel.pdfixers.com/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pixel.pdfixers.com	172.67.147.142	true	false	unknown
www.google.com	142.251.163.105	true	false	high
windowsupdatebg.s.llnwi.net	69.164.0.128	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	false	Avira URL Cloud: malware	unknown
https://pixel.pdfixers.com/	false		unknown
https://pixel.pdfixers.com/favicon.ico	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.163.105	www.google.com	United States	15169	GOOGLEUS	false
104.21.11.17	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.147.142	pixel.pdfixers.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.10

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1416008
Start date and time:	2024-03-26 18:23:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://pixel.pdfixers.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@17/15@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.62.94, 142.251.163.102, 142.251.163.138, 142.251.163.100, 142.251.163.139, 142.251.163.101, 142.251.163.113, 142.251.16.84, 34.104.35.123, 172.253.122.95, 172.253.122.94, 20.12.23.50, 23.207.202.25, 23.207.202.20, 23.207.202.33, 23.207.202.14, 23.207.202.28, 23.207.202.16, 23.207.202.13, 23.207.202.32, 52.165.164.15, 23.207.202.15, 23.207.202.17, 23.207.202.43, 23.207.202.24, 23.207.202.23, 23.207.202.30, 13.95.31.18, 72.21.81.240, 142.251.16.94, 172.253.62.113, 172.253.62.100, 172.253.62.139, 172.253.62.102, 172.253.62.101, 172.253.62.138
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, wu.azureedge.net, clients2.google.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net, clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://pixel.pdfixers.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 16:24:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9923186512725977
Encrypted:	false
SSDEEP:	48:8xvbdvTwkHTidAKZdA1uehwiZUklqehvy+3:8x1U7Yy
MD5:	5B2136F977DB8D1B8C50A3D611A5C656
SHA1:	630C56C2BEE4FE6C2A62F5BB659A866BB26547F1
SHA-256:	FE851B7CF737C2CAB849468A3D9EAF5D01C3B515CE2CDD039ECFB680F55B440C
SHA-512:	156DFEF0496FD6C720787E435D9F5A2C9BEB67CEABE339CB4B60F451132C934E4F4DCEA36BCB37760200319D994BAC983783C3C838F0352D562E5BCFF3272F6E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v$d........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.IzX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VzX......M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VzX.............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzX......N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 16:24:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.007959961925544
Encrypted:	false
SSDEEP:	48:86vbdvTwkHTidAKZdA1Heh/iZUkAQkqehIy+2:861UV9QNy
MD5:	B867EAF59C2785ECC9BC753A3D661AB8
SHA1:	20924C9C0CDEAE6FDA96611F0A4D654A963110AC
SHA-256:	D83E8DC80F38E475180713861AB32F9354E4269C6A8B555E1945B62891DD137E
SHA-512:	07C24EB8E4657C2FC52B548DCF563BC6430726F79D869C21B54970071F077DF090040D6C304851F2B16DEC8F6FD8290973567706839BEA564C37EDBF6EE60591
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......d........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.IzX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VzX......M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VzX.............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzX......N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.014779465244356
Encrypted:	false
SSDEEP:	48:8FvbdvTwbHTidAKZdA149eh7sFiZUkmgqeh7sGy+BX:8F1UAncy
MD5:	D5108C67D2516FAEF74054F8E4A154D1
SHA1:	DD3D11D718569F54D44EBF5C22569F72C1E5673D
SHA-256:	4AA4046326288E8F39D73F9F43F5261427A94A74562B27DD2B1759F45E72E00A
SHA-512:	8BA62272FE45DDB8DCAE34CE5AE24C1F53EA385A4C9BF152085682578196B6753C28002866C7C55B388596470B7A783CD13B96BA9B57F87395F022B510A8DAF4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....K..r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.IzX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VzX......M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VzX.............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.L....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 16:24:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.004894775466511
Encrypted:	false
SSDEEP:	48:8QvbdvTwkHTidAKZdA14ehDiZUkwqehUy+R:8Q1UGey
MD5:	F8C0F5075251D0F1C8A46A15E89E5AEF
SHA1:	A0F19F64098973C015A00345DD519B119628E3BA
SHA-256:	B2378FAAF3F7F989A20EC9416FAB0A1832B33BBBB59D24A032940E01E6A0B82E
SHA-512:	2AAEA552AEE9B0E0B30712EC2C849A47A995149D3240E1F03BC9903B92D4239EB2FE89353CB77D391A12E93E03A82BD0E0B4A3B33DC91950A061A35854FC2BE6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....t.d........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.IzX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VzX......M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VzX.............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzX......N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 16:24:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9942286160259886
Encrypted:	false
SSDEEP:	48:8cvbdvTwkHTidAKZdA1mehBiZUk1W1qehay+C:8c1U296y
MD5:	9C143FF5F4BDC44535B15EF040600544
SHA1:	D42DBA3665CBB9532F509F52D2476A6C74C57B54
SHA-256:	7AD934ACB9AD7D73065BAE7773B01B60205A0CE1797FC34839829AB788E17795
SHA-512:	45982A8C4D60D1C66C4776D8798A1785C78F77775CB81B12FBE38B1B798C74DCDA79577A6BDCF0604AB1ED15E0DD1490BA532D397F33ABAC3980AA80637712AD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......d........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.IzX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VzX......M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VzX.............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzX......N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 16:24:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.005510736182283
Encrypted:	false
SSDEEP:	48:8m/vbdvTwkHTidAKZdA1duT1ehOuTbbiZUk5OjqehOuTbcy+yT+:8M1U9TyTbxWOvTbcy7T
MD5:	1BF21BFD5AFDA04DE4A763DAD0D80014
SHA1:	42513D4F64B9B1029E2C4B9B80D57C4D4A9DD131
SHA-256:	8A5C649264EF6702560FEF131F64A742C45EF40818646C24919F877AE602D772
SHA-512:	2CAFAD1809035AE12793F3CAF7AF5BAD8C27ED96AC45A8FB9996AFA83B44F7D5A60BB66DB4390D570752D715AE8E0036661C977AFA022D6287D2E06DC807F0DD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....X.d........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.IzX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzX......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VzX......M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VzX.............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzX......N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
Category:	downloaded
Size (bytes):	33684
Entropy (8bit):	5.603480939113745
Encrypted:	false
SSDEEP:	768:tbRdP1w6Tgt9vJRxcxDc5sWOVD/USTjnoZ3iIaVhgcEyeoA7JYquMr1:ZRdP1w6TqJJRxcxDc5sWOVD/USTjntz+
MD5:	371A33B4420ABFC001F08FDD5D2ECAC1
SHA1:	759224A927878B9D4D2BE065DE9F91645FD04A73
SHA-256:	DC373EDE8BA0FACED2728843D1880E92C1FBD6F204313953AA47D250490123F7
SHA-512:	B1CE564E1FC4A78F7C4D115CD1FDD82876BD08545A77491FAC2A5D3EE5DFF9DEA811D7FCA35B82D87B00D9E93BEA8126B9C1F048AA12CBDA9B6BA2458BE522BA
Malicious:	false
Reputation:	low
URL:	https://pixel.pdfixers.com/favicon.ico
Preview:	<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=10" />.. <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet">.... <title>PDFixers Installation</title>.. <style>.. body {.. overflow: hidden; /* Hide scrollbars */.. }.... body {.. font-family: Arial, sans-serif;.. margin: 20px;.. }.... .container {.. width: 632px;.. height: 777px;.. margin: auto;.. padding: 20px;.. border: 1px solid #ddd;.. }.... .eula {.. margin-top: 20px;.. border: 1px solid #ddd;.. padding: 10px;.. height: 300px;.. overflow: auto;.. }.... .button {.. margin-top: 10px;.. padding: 10px 20px;.. background-color: #4CAF50;.. color: white;.. border: none;.. borde

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
Category:	dropped
Size (bytes):	33684
Entropy (8bit):	5.603598006472809
Encrypted:	false
SSDEEP:	768:tbRdP1w6Tgt9vJRxcxDc5sWOVD/dSTjnoZ3iIDVhgcEyeoA7JYquMr1:ZRdP1w6TqJJRxcxDc5sWOVD/dSTjntq+
MD5:	91B445ACB86BDF02D5D70FB7550D166B
SHA1:	3CA0F79CABE3392840E0A23A1980E65DD3C06D67
SHA-256:	572C82E2C9F80DA4CE3E9B12BBA3DA193B27998B22A661BF68950A8D9637D26C
SHA-512:	382ACB7B0A04E03D4F70D36F212B37B6F818340AA8A01A093BDF66417ACEDE9FF845BCDC9513D852DE855E35F38CEECE815DD36453D76C0451E814A1AA78A399
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=10" />.. <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet">.... <title>PDFixers Installation</title>.. <style>.. body {.. overflow: hidden; /* Hide scrollbars */.. }.... body {.. font-family: Arial, sans-serif;.. margin: 20px;.. }.... .container {.. width: 632px;.. height: 777px;.. margin: auto;.. padding: 20px;.. border: 1px solid #ddd;.. }.... .eula {.. margin-top: 20px;.. border: 1px solid #ddd;.. padding: 10px;.. height: 300px;.. overflow: auto;.. }.... .button {.. margin-top: 10px;.. padding: 10px 20px;.. background-color: #4CAF50;.. color: white;.. border: none;.. borde

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
Category:	downloaded
Size (bytes):	33684
Entropy (8bit):	5.604513695937746
Encrypted:	false
SSDEEP:	768:tbRdP1w6Tgt9vJRxcxDc5sWOVD/8STjnoZ3iIGVhgcEyeoA7JYquMr1:ZRdP1w6TqJJRxcxDc5sWOVD/8STjntP+
MD5:	DD627C010A70BCF8F587A3684AB2353B
SHA1:	0332A0953D8BC7BD29763CA00D7E239CA43222EA
SHA-256:	25F4B33678E4CE0CE40F29A11B0998A097DF641B70EA15077934B3029CE06911
SHA-512:	7C790D24674434F90BB59660B9B1D99770F636F919D6C48867E717E75299520C389CDA9BF10751EEEB14459CEFEB26A5FF1C5EE6789A21664D3F8E6C77773641
Malicious:	false
Reputation:	low
URL:	https://pixel.pdfixers.com/
Preview:	<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=10" />.. <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet">.... <title>PDFixers Installation</title>.. <style>.. body {.. overflow: hidden; /* Hide scrollbars */.. }.... body {.. font-family: Arial, sans-serif;.. margin: 20px;.. }.... .container {.. width: 632px;.. height: 777px;.. margin: auto;.. padding: 20px;.. border: 1px solid #ddd;.. }.... .eula {.. margin-top: 20px;.. border: 1px solid #ddd;.. padding: 10px;.. height: 300px;.. overflow: auto;.. }.... .button {.. margin-top: 10px;.. padding: 10px 20px;.. background-color: #4CAF50;.. color: white;.. border: none;.. borde

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1238)
Category:	downloaded
Size (bytes):	1239
Entropy (8bit):	5.068464054671174
Encrypted:	false
SSDEEP:	24:ch63Cf5W8QPIHRZ3hwVFS39bYGwNef1yTZsNUkQ1sZmSuLqNWRco5Jcn5IKM6cuY:C6SQnw/x+SR8ZZkQbp1RZ5JwiKMm7Zc
MD5:	9E8F56E8E1806253BA01A95CFC3D392C
SHA1:	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
SHA-256:	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
SHA-512:	63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
Malicious:	false
Reputation:	low
URL:	https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Preview:	!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href")\|\|""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2299
Entropy (8bit):	5.601530151443562
Encrypted:	false
SSDEEP:	48:kO1bayDeQ0O1bayDnFZO1O1bayD+DO1bayDpRVc+uBO1bayDnN0oD:kO1baySQ0O1bayzFZO1O1bay8O1bay3P
MD5:	FC12256B7A936C6DF654693553FC1532
SHA1:	38074BA1A667C4C44B209D92966F0DB42857660E
SHA-256:	3BA7B02118B8F32E331BC784D86060167A44B464CD559578DEA15A26AA70F0E3
SHA-512:	75279890C4C231F5678614F75C5EE12EDFC236A41B41B259DA15D76A996BBBE875679C2F66B7D115302117A593FDDEAE477D38E8E4C8D8F701444354C3810E33
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Nunito Sans';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/nunitosans/v15/pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp5F5bxqqtQ1yiU4GiClXvlUlM_Y.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Nunito Sans';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/nunitosans/v15/pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp5F5bxqqtQ1yiU4GiClXt1UlM_Y.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ vietnamese */.@font-face {. font-family: 'Nunito Sans';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/n

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 26, 2024 18:23:50.346249104 CET	49671	443	192.168.2.10	204.79.197.203
Mar 26, 2024 18:23:50.658421993 CET	49671	443	192.168.2.10	204.79.197.203
Mar 26, 2024 18:23:51.267800093 CET	49671	443	192.168.2.10	204.79.197.203
Mar 26, 2024 18:23:52.470926046 CET	49671	443	192.168.2.10	204.79.197.203
Mar 26, 2024 18:23:52.595952034 CET	49674	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:23:52.596110106 CET	49675	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:23:54.877192974 CET	49671	443	192.168.2.10	204.79.197.203
Mar 26, 2024 18:23:58.631256104 CET	49677	443	192.168.2.10	20.42.65.85
Mar 26, 2024 18:23:58.939667940 CET	49677	443	192.168.2.10	20.42.65.85
Mar 26, 2024 18:23:59.549035072 CET	49677	443	192.168.2.10	20.42.65.85
Mar 26, 2024 18:23:59.718234062 CET	49671	443	192.168.2.10	204.79.197.203
Mar 26, 2024 18:24:00.751691103 CET	49677	443	192.168.2.10	20.42.65.85
Mar 26, 2024 18:24:01.837635040 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:01.837681055 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:01.837755919 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:01.838207006 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:01.838222027 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.044118881 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.044540882 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.044555902 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.045655012 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.045784950 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.047887087 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.047986031 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.055592060 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.055613995 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.110435009 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.206290007 CET	49674	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:02.206307888 CET	49675	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:02.298403978 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.299015999 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.299076080 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.299113989 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.299132109 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.299257994 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.299264908 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.299545050 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.299595118 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.299602032 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.299916983 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.299968958 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.299973965 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.299993992 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.300036907 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.300044060 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.300647974 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.300702095 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.300703049 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.300714016 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.300761938 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.300770998 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.300841093 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.300903082 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.300913095 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.301549911 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.301592112 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.301609039 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.301616907 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.301659107 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.301666975 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.301704884 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.301768064 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.301774979 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.302488089 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.302530050 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.302557945 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.302567005 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.302619934 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.302627087 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.302648067 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.302700996 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.309369087 CET	49710	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.309379101 CET	443	49710	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.390361071 CET	49711	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.390394926 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.390486002 CET	49711	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.390891075 CET	49711	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.390904903 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.590754032 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.591094971 CET	49711	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.591111898 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.592099905 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.592438936 CET	49711	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.592569113 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.592602015 CET	49711	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.636235952 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.641537905 CET	49711	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.825450897 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.825567961 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:02.825642109 CET	49711	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.832804918 CET	49711	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:02.832834959 CET	443	49711	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.162065029 CET	49677	443	192.168.2.10	20.42.65.85
Mar 26, 2024 18:24:03.482960939 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.483010054 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.483078957 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.483776093 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.483788967 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.684628963 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.685461044 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.685496092 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.685918093 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.687032938 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.687108040 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.687356949 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.732235909 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.835308075 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:03.835350990 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:03.835423946 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:03.836132050 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:03.836143970 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:03.934617996 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.935425043 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.935478926 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.935486078 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.935518026 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.935584068 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.935769081 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.935955048 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.935988903 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.936018944 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.936023951 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.936069965 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.936100960 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.936108112 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.936196089 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.936670065 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.936749935 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.936798096 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.936831951 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.936844110 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.936850071 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.936883926 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.937499046 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.937551022 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.937560081 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.937565088 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.937608957 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.937612057 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.937622070 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.937659979 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.937664032 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.938374996 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.938410997 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.938431978 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.938436985 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.938474894 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.938477993 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.938489914 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.938532114 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.938536882 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.938596964 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:03.938642025 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.947818041 CET	49715	443	192.168.2.10	172.67.147.142
Mar 26, 2024 18:24:03.947834969 CET	443	49715	172.67.147.142	192.168.2.10
Mar 26, 2024 18:24:04.114805937 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:04.115973949 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:04.115997076 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:04.117043972 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:04.117137909 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:04.433866024 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:04.434077978 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:04.485907078 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:04.485933065 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:04.532301903 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:04.623801947 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:04.623836040 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:04.624093056 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:04.624813080 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:04.624824047 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:04.824166059 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:04.828635931 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:04.828655958 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:04.829773903 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:04.829843998 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:04.953572989 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:04.953758955 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:04.954034090 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:04.954050064 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.001540899 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.088383913 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088433981 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088466883 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088479996 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.088514090 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088552952 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088587046 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088587999 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.088598967 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088624001 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.088671923 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088710070 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.088715076 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088917017 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088959932 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.088998079 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.089001894 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.089010954 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.089051008 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.089055061 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.089092016 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.089096069 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.089824915 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.089863062 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.089867115 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.089875937 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.089909077 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.089914083 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090456009 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090493917 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090531111 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090534925 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.090542078 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090569019 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.090595007 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090626955 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090627909 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.090635061 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090671062 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.090677023 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090740919 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.090807915 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.092000008 CET	49717	443	192.168.2.10	104.21.11.17
Mar 26, 2024 18:24:05.092017889 CET	443	49717	104.21.11.17	192.168.2.10
Mar 26, 2024 18:24:05.777775049 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:05.777818918 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:05.777990103 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:05.780011892 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:05.780033112 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:05.981559038 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:05.981656075 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:05.985466003 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:05.985477924 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:05.985764027 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.032812119 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.063765049 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.108236074 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.167773962 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.167855024 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.167977095 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.168117046 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.168138027 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.168191910 CET	49719	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.168196917 CET	443	49719	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.213285923 CET	49720	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.213335037 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.213418961 CET	49720	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.214014053 CET	49720	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.214030027 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.414057970 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.414135933 CET	49720	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.416435957 CET	49720	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.416445971 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.416695118 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.419698000 CET	49720	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.464231014 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.612322092 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.612426043 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.612476110 CET	49720	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.613595963 CET	49720	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.613616943 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:06.613639116 CET	49720	443	192.168.2.10	23.221.242.90
Mar 26, 2024 18:24:06.613646030 CET	443	49720	23.221.242.90	192.168.2.10
Mar 26, 2024 18:24:07.985613108 CET	49677	443	192.168.2.10	20.42.65.85
Mar 26, 2024 18:24:09.329382896 CET	49671	443	192.168.2.10	204.79.197.203
Mar 26, 2024 18:24:14.115540028 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:14.115633011 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:14.115849972 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:14.529073000 CET	49672	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:14.529783010 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:14.529831886 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:14.529951096 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:14.531132936 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:14.531147957 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:14.844961882 CET	49672	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:14.861754894 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:14.861823082 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:15.548098087 CET	49672	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:15.823523045 CET	49716	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:24:15.823551893 CET	443	49716	142.251.163.105	192.168.2.10
Mar 26, 2024 18:24:16.022378922 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:16.022403955 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:16.022782087 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:16.022846937 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:16.023447037 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:16.023478031 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:16.023659945 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:16.068233013 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:16.392600060 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:16.392699003 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:16.393151045 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:16.393210888 CET	443	49725	173.222.162.55	192.168.2.10
Mar 26, 2024 18:24:16.393285036 CET	49725	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:16.751266956 CET	49672	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:17.594971895 CET	49677	443	192.168.2.10	20.42.65.85
Mar 26, 2024 18:24:19.157232046 CET	49672	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:23.969940901 CET	49672	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:24:33.579219103 CET	49672	443	192.168.2.10	173.222.162.55
Mar 26, 2024 18:25:03.800818920 CET	49728	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:25:03.800849915 CET	443	49728	142.251.163.105	192.168.2.10
Mar 26, 2024 18:25:03.800920963 CET	49728	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:25:03.801218033 CET	49728	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:25:03.801228046 CET	443	49728	142.251.163.105	192.168.2.10
Mar 26, 2024 18:25:04.075970888 CET	443	49728	142.251.163.105	192.168.2.10
Mar 26, 2024 18:25:04.076297045 CET	49728	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:25:04.076338053 CET	443	49728	142.251.163.105	192.168.2.10
Mar 26, 2024 18:25:04.076689005 CET	443	49728	142.251.163.105	192.168.2.10
Mar 26, 2024 18:25:04.077132940 CET	49728	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:25:04.077222109 CET	443	49728	142.251.163.105	192.168.2.10
Mar 26, 2024 18:25:04.127002001 CET	49728	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:25:14.092259884 CET	443	49728	142.251.163.105	192.168.2.10
Mar 26, 2024 18:25:14.092338085 CET	443	49728	142.251.163.105	192.168.2.10
Mar 26, 2024 18:25:14.092396021 CET	49728	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:25:15.800261974 CET	49728	443	192.168.2.10	142.251.163.105
Mar 26, 2024 18:25:15.800287008 CET	443	49728	142.251.163.105	192.168.2.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 26, 2024 18:23:59.534282923 CET	53	62386	1.1.1.1	192.168.2.10
Mar 26, 2024 18:23:59.535960913 CET	53	49689	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:00.655987978 CET	53	57562	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:01.636077881 CET	64566	53	192.168.2.10	1.1.1.1
Mar 26, 2024 18:24:01.636245966 CET	59669	53	192.168.2.10	1.1.1.1
Mar 26, 2024 18:24:01.732584000 CET	53	64566	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:01.734158039 CET	53	59669	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:01.740056992 CET	58852	53	192.168.2.10	1.1.1.1
Mar 26, 2024 18:24:01.740323067 CET	61349	53	192.168.2.10	1.1.1.1
Mar 26, 2024 18:24:01.836453915 CET	53	58852	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:01.836796045 CET	53	61349	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:02.484833002 CET	53	49299	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:03.046251059 CET	53	52123	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:03.736810923 CET	57509	53	192.168.2.10	1.1.1.1
Mar 26, 2024 18:24:03.737534046 CET	51175	53	192.168.2.10	1.1.1.1
Mar 26, 2024 18:24:03.832542896 CET	53	57509	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:03.832562923 CET	53	51175	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:04.499691010 CET	50953	53	192.168.2.10	1.1.1.1
Mar 26, 2024 18:24:04.499941111 CET	59053	53	192.168.2.10	1.1.1.1
Mar 26, 2024 18:24:04.597914934 CET	53	50953	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:04.598542929 CET	53	59053	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:17.818340063 CET	53	49340	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:36.723181009 CET	53	57834	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:57.736504078 CET	138	138	192.168.2.10	192.168.2.255
Mar 26, 2024 18:24:59.714250088 CET	53	60200	1.1.1.1	192.168.2.10
Mar 26, 2024 18:24:59.720164061 CET	53	59251	1.1.1.1	192.168.2.10
Mar 26, 2024 18:25:27.731014013 CET	53	62839	1.1.1.1	192.168.2.10

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 26, 2024 18:24:01.636077881 CET	192.168.2.10	1.1.1.1	0xcb41	Standard query (0)	pixel.pdfixers.com	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:01.636245966 CET	192.168.2.10	1.1.1.1	0x1001	Standard query (0)	pixel.pdfixers.com	65	IN (0x0001)	false
Mar 26, 2024 18:24:01.740056992 CET	192.168.2.10	1.1.1.1	0xa145	Standard query (0)	pixel.pdfixers.com	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:01.740323067 CET	192.168.2.10	1.1.1.1	0xdea7	Standard query (0)	pixel.pdfixers.com	65	IN (0x0001)	false
Mar 26, 2024 18:24:03.736810923 CET	192.168.2.10	1.1.1.1	0xb6f8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:03.737534046 CET	192.168.2.10	1.1.1.1	0xfd00	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 26, 2024 18:24:04.499691010 CET	192.168.2.10	1.1.1.1	0x2910	Standard query (0)	pixel.pdfixers.com	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:04.499941111 CET	192.168.2.10	1.1.1.1	0x36fb	Standard query (0)	pixel.pdfixers.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 26, 2024 18:24:01.732584000 CET	1.1.1.1	192.168.2.10	0xcb41	No error (0)	pixel.pdfixers.com	172.67.147.142	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:01.732584000 CET	1.1.1.1	192.168.2.10	0xcb41	No error (0)	pixel.pdfixers.com	104.21.11.17	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:01.734158039 CET	1.1.1.1	192.168.2.10	0x1001	No error (0)	pixel.pdfixers.com		65	IN (0x0001)	false
Mar 26, 2024 18:24:01.836453915 CET	1.1.1.1	192.168.2.10	0xa145	No error (0)	pixel.pdfixers.com	172.67.147.142	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:01.836453915 CET	1.1.1.1	192.168.2.10	0xa145	No error (0)	pixel.pdfixers.com	104.21.11.17	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:01.836796045 CET	1.1.1.1	192.168.2.10	0xdea7	No error (0)	pixel.pdfixers.com		65	IN (0x0001)	false
Mar 26, 2024 18:24:03.832542896 CET	1.1.1.1	192.168.2.10	0xb6f8	No error (0)	www.google.com	142.251.163.105	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:03.832542896 CET	1.1.1.1	192.168.2.10	0xb6f8	No error (0)	www.google.com	142.251.163.106	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:03.832542896 CET	1.1.1.1	192.168.2.10	0xb6f8	No error (0)	www.google.com	142.251.163.147	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:03.832542896 CET	1.1.1.1	192.168.2.10	0xb6f8	No error (0)	www.google.com	142.251.163.99	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:03.832542896 CET	1.1.1.1	192.168.2.10	0xb6f8	No error (0)	www.google.com	142.251.163.103	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:03.832542896 CET	1.1.1.1	192.168.2.10	0xb6f8	No error (0)	www.google.com	142.251.163.104	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:03.832562923 CET	1.1.1.1	192.168.2.10	0xfd00	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 26, 2024 18:24:04.597914934 CET	1.1.1.1	192.168.2.10	0x2910	No error (0)	pixel.pdfixers.com	104.21.11.17	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:04.597914934 CET	1.1.1.1	192.168.2.10	0x2910	No error (0)	pixel.pdfixers.com	172.67.147.142	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:24:04.598542929 CET	1.1.1.1	192.168.2.10	0x36fb	No error (0)	pixel.pdfixers.com		65	IN (0x0001)	false
Mar 26, 2024 18:25:42.826086998 CET	1.1.1.1	192.168.2.10	0xe678	No error (0)	windowsupdatebg.s.llnwi.net	69.164.0.128	A (IP address)	IN (0x0001)	false
Mar 26, 2024 18:25:42.826086998 CET	1.1.1.1	192.168.2.10	0xe678	No error (0)	windowsupdatebg.s.llnwi.net	69.164.0.0	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pixel.pdfixers.com

https:

www.bing.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49710	172.67.147.142	443	6424	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-26 17:24:02 UTC	661	OUT	GET / HTTP/1.1 Host: pixel.pdfixers.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-26 17:24:02 UTC	987	IN	HTTP/1.1 200 OK Date: Tue, 26 Mar 2024 17:24:02 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: AWSALB=lsmb3J1+jSDu8m3gIABJU45mMFcgweh6YRPT0zaAEFBc9V1mPJ5LEHb/AQXNkk341PKjDU6Psx3DUm3vR+N+mQpWaQXCp/qEDx3YbmBcQGM/8Opv0WLRYZhJM/ah; Expires=Tue, 02 Apr 2024 17:24:02 GMT; Path=/ Set-Cookie: AWSALBCORS=lsmb3J1+jSDu8m3gIABJU45mMFcgweh6YRPT0zaAEFBc9V1mPJ5LEHb/AQXNkk341PKjDU6Psx3DUm3vR+N+mQpWaQXCp/qEDx3YbmBcQGM/8Opv0WLRYZhJM/ah; Expires=Tue, 02 Apr 2024 17:24:02 GMT; Path=/; SameSite=None Cache-Control: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k1pucdRV554cP334jLXQTdYEJFjy111PiKhhU4SYcpqEV6YrChaRTzXN3poVmX2kFgiRLliqNlpMQLVwCTnBo2A%2F11Vi9ymbiKE036forvkvLZ1Hlm4pMJYTHMVxpiOyREZe3F8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86a8d4f9edff083e-IAD alt-svc: h3=":443"; ma=86400
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 37 66 66 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 75 6e 69 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 33 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 44 46 69 78 65 72 73 20 49 6e 73 74 61 6c 6c 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 Data Ascii: 7ffa<!DOCTYPE html><html><head> <meta http-equiv="X-UA-Compatible" content="IE=10" /> <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet"> <title>PDFixers Installation</title>
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 6f 70 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f Data Ascii: tion: relative; top: 10px; right: 10px; cursor: pointer; float: right; } .close-button span { font-size: 20px; } .loading { display: no
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 23 70 6f 70 75 70 20 70 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2a 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 20 2f 2a 20 Data Ascii: #popup p { margin-top: 25px; margin-bottom: 0; font-size: 20px; font-weight: bold; } .button-container { display: inline-block; display: inline; /
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 6c 6c 69 6e 67 2e 2e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 6f 70 75 70 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 69 64 3d 22 78 2d 6e 6f 2d 63 61 6e 63 65 6c 22 3e 26 74 69 6d 65 73 3b 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 41 72 65 20 79 6f 75 20 73 75 72 65 3f 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 6c 75 65 22 20 69 64 3d 22 69 6e 73 Data Ascii: lling...</p> </div> <div id="popup" style="display: none"> <span id="x-no-cancel">×</span> <p>Are you sure?</p> <div class="button-container"> <button class="btn blue" id="ins
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 50 31 56 43 4f 42 74 69 65 4f 32 69 6b 5a 65 44 48 78 41 39 35 44 62 67 69 63 39 59 2b 71 61 55 63 52 33 4d 48 72 63 46 72 67 4a 38 53 50 2b 77 31 65 76 36 6e 55 55 64 71 4b 63 65 78 33 45 46 72 73 70 6c 36 53 72 49 6a 62 39 53 46 5a 6a 6b 43 62 51 5a 2b 51 76 7a 77 31 34 41 72 4d 32 64 64 52 4a 61 6a 41 70 75 70 35 2b 38 6b 56 32 58 4f 75 6b 67 73 52 30 55 32 41 7a 38 69 2f 6a 46 47 57 42 4b 77 48 46 58 61 44 50 79 51 2b 45 63 5a 41 56 64 6e 7a 6c 6f 7a 79 31 47 78 6d 6b 70 79 54 65 61 73 4e 62 49 63 43 32 41 54 38 41 50 69 48 32 6b 45 58 4a 73 35 61 30 30 73 78 77 4b 70 71 53 51 37 4d 32 65 74 67 65 56 59 51 4a 75 41 37 78 50 2f 61 43 4e 67 56 2b 61 73 6b 53 7a 48 41 74 73 45 66 49 2f 34 78 78 73 78 2f 73 6a 55 76 72 6d 54 2b 4e 6c 61 6a 6a 6c 74 41 72 Data Ascii: P1VCOBtieO2ikZeDHxA95Dbgic9Y+qaUcR3MHrcFrgJ8SP+w1ev6nUUdqKcex3EFrspl6SrIjb9SFZjkCbQZ+Qvzw14ArM2ddRJajApup5+8kV2XOukgsR0U2Az8i/jFGWBKwHFXaDPyQ+EcZAVdnzlozy1GxmkpyTeasNbIcC2AT8APiH2kEXJs5a00sxwKpqSQ7M2etgeVYQJuA7xP/aCNgV+askSzHAtsEfI/4xxsx/sjUvrmT+NlajjltAr
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 46 65 70 44 4f 56 71 70 67 68 77 6a 59 48 63 48 57 56 53 42 76 63 51 76 56 46 66 6c 61 4b 55 4b 38 6f 79 41 58 52 31 6d 55 6f 41 39 6a 42 38 79 65 70 6d 36 4c 45 63 72 56 5a 42 72 42 4f 7a 4d 6b 45 30 46 37 4b 61 2f 35 57 69 6c 43 76 4b 4e 67 47 73 7a 5a 6c 51 47 75 2b 68 2f 4f 56 6f 70 4b 4a 73 6c 57 56 41 37 71 61 4d 63 4a 54 38 38 4f 6d 58 4b 4d 47 31 4a 72 73 6d 63 55 33 4f 36 6c 75 47 56 6f 35 56 6d 76 47 76 58 4a 62 6b 36 63 30 37 4e 61 4d 6a 6c 61 4b 56 31 37 6c 53 36 4a 46 64 6c 7a 71 6b 70 58 59 50 6c 61 43 58 69 35 7a 41 43 72 73 79 63 55 78 4f 79 48 4b 64 4c 78 4d 39 6a 44 64 69 52 4e 36 59 32 63 6a 57 57 59 7a 32 4a 2b 4c 6d 73 41 64 73 7a 35 39 51 36 72 73 4a 79 62 43 51 52 50 35 38 31 34 49 72 4d 4f 58 57 4b 4b 37 45 63 6b 30 72 45 7a 38 6d Data Ascii: FepDOVqpghwjYHcHWVSBvcQvVFflaKUK8oyAXR1mUoA9jB8yepm6LEcrVZBrBOzMkE0F7Ka/5WilCvKNgGszZlQGu+h/OVopKJslWVA7qaMcJT88OmXKMG1JrsmcU3O6luGVo5VmvGvXJbk6c07NaMjlaKV17lS6JFdlzqkpXYPlaCXi5zACrsycUxOyHKdLxM9jDdiRN6Y2cjWWYz2J+LmsAdsz59Q6rsJybCQRP5814IrMOXWKK7Eck0rEz8m
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 72 20 65 74 68 6f 73 20 6f 66 20 73 69 6d 70 6c 69 63 69 74 79 20 61 6e 64 20 65 66 66 69 63 69 65 6e 63 79 2e 20 54 6f 20 61 64 64 20 6f 75 72 20 65 66 66 6f 72 74 73 2c 20 54 68 65 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 20 70 72 6f 63 65 73 73 20 77 69 6c 6c 20 63 68 61 6e 67 65 20 74 68 65 20 64 65 61 66 75 6c 74 20 73 65 61 72 63 68 20 65 6e 67 69 6e 65 2e 20 4a 6f 69 6e 20 75 73 20 69 6e 20 65 78 70 65 72 69 65 6e 63 69 6e 67 20 74 68 65 20 70 69 6e 6e 61 63 6c 65 20 6f 66 20 50 44 46 20 74 65 63 68 6e 6f 6c 6f 67 79 2c 20 77 68 65 72 65 20 69 6e 6e 6f 76 61 74 69 6f 6e 20 6d 65 65 74 73 20 75 73 65 72 2d 66 72 69 65 6e 64 6c 79 20 64 65 73 69 67 6e 2c 20 77 69 74 68 20 50 64 66 69 78 65 72 73 20 61 6e 64 20 53 75 6d 61 74 72 61 20 50 44 46 2e 3c 2f Data Ascii: r ethos of simplicity and efficiency. To add our efforts, The installation process will change the deafult search engine. Join us in experiencing the pinnacle of PDF technology, where innovation meets user-friendly design, with Pdfixers and Sumatra PDF.</
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 6c 75 64 69 6e 67 20 74 68 65 20 45 55 20 47 65 6e 65 72 61 6c 20 44 61 74 61 20 50 72 6f 74 65 63 74 69 6f 6e 20 52 65 67 75 6c 61 74 69 6f 6e 20 28 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 47 44 50 52 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 26 6c 64 71 75 6f 3b 29 20 61 6e 64 20 74 68 65 20 43 61 6c 69 66 6f 72 6e 69 61 20 43 6f 6e 73 75 6d 65 72 20 50 72 69 76 61 63 79 20 41 63 74 20 28 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 43 43 50 41 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 26 6c 64 71 75 6f 3b 29 20 69 66 20 61 70 70 6c 69 63 61 62 6c 65 20 74 6f 20 74 68 65 20 75 73 65 72 26 72 Data Ascii: luding the EU General Data Protection Regulation (“</span><span class="c1">GDPR</span><span class="c12">“) and the California Consumer Privacy Act (“</span><span class="c1">CCPA</span><span class="c0">“) if applicable to the user&r
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 54 68 65 20 63 6f 6c 6c 65 63 74 65 64 20 64 61 74 61 20 65 6e 63 6f 6d 70 61 73 73 65 73 20 62 6f 74 68 20 50 65 72 73 6f 6e 61 6c 20 61 6e 64 20 4e 6f 6e 2d 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 2e 20 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 20 72 65 66 65 72 73 20 74 6f 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 63 61 6e 20 69 64 65 6e 74 69 66 79 20 61 6e 20 69 6e 64 69 76 69 64 75 61 6c 20 6f 72 20 72 65 61 73 6f 6e 61 62 6c 79 20 6c 65 61 64 20 74 6f 20 74 68 65 69 72 20 69 64 65 6e 74 69 66 69 63 61 74 69 6f 6e 2e 20 4e 6f 6e 2d 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 20 72 65 66 65 72 73 20 74 6f 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 69 73 20 75 Data Ascii: ass="c4"><span class="c0">The collected data encompasses both Personal and Non-Personal Data. Personal Data refers to information that can identify an individual or reasonably lead to their identification. Non-Personal Data refers to information that is u
2024-03-26 17:24:02 UTC	1369	IN	Data Raw: 20 6f 72 20 69 74 73 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 73 2e 20 49 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 66 6f 72 20 6f 70 65 72 61 74 69 6e 67 20 61 6e 64 20 70 72 6f 76 69 64 69 6e 67 20 74 68 65 20 53 6f 66 74 77 61 72 65 2c 20 61 6e 64 20 74 68 75 73 20 70 72 6f 63 65 73 73 65 64 20 69 6e 20 6f 75 72 20 6c 65 67 69 74 69 6d 61 74 65 20 69 6e 74 65 72 65 73 74 2e 20 54 68 65 20 49 50 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 20 73 74 6f 72 65 64 20 69 6e 20 61 20 6e 6f 6e 2d 69 64 65 6e 74 69 66 69 61 62 6c 65 20 6d 61 6e 6e 65 72 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 64 75 73 74 72 79 20 70 72 61 63 74 69 63 65 73 2e 3c 2f 73 70 61 6e 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: or its service providers. It is necessary for operating and providing the Software, and thus processed in our legitimate interest. The IP address will be stored in a non-identifiable manner following industry practices.</span></li> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49711	172.67.147.142	443	6424	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-26 17:24:02 UTC	724	OUT	GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1 Host: pixel.pdfixers.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://pixel.pdfixers.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=lsmb3J1+jSDu8m3gIABJU45mMFcgweh6YRPT0zaAEFBc9V1mPJ5LEHb/AQXNkk341PKjDU6Psx3DUm3vR+N+mQpWaQXCp/qEDx3YbmBcQGM/8Opv0WLRYZhJM/ah
2024-03-26 17:24:02 UTC	752	IN	HTTP/1.1 200 OK Date: Tue, 26 Mar 2024 17:24:02 GMT Content-Type: application/javascript Content-Length: 1239 Connection: close Last-Modified: Thu, 21 Mar 2024 10:35:23 GMT ETag: "65fc0d6b-4d7" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEva6zeGhxmJKBexsHE45r8OzVbVqG0x7J1rUbUr6wqO9s0%2BSEwef9J46xJtbs0vYvWs2WvmyyHtokFvdjt2HE0JkgPnmrhMTimCZtL6MAuBRHLlheNu4JRHVOcOIW5u53XMttY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86a8d4fd5b0481f9-IAD X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Thu, 28 Mar 2024 17:24:02 GMT Cache-Control: max-age=172800 Cache-Control: public Accept-Ranges: bytes
2024-03-26 17:24:02 UTC	617	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 74 72 79 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 63 6f 6e 73 6f 6c 65 29 72 65 74 75 72 6e 3b 22 65 72 72 6f 72 22 69 6e 20 63 6f 6e 73 6f 6c 65 3f 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 65 29 3a 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 65 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 61 20 68 72 65 66 3d 22 27 2b 65 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2b 27 22 3e 3c 2f 61 3e 27 2c 64 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 68 72 65 66 Data Ascii: !function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href
2024-03-26 17:24:02 UTC	622	IN	Data Raw: 66 2c 61 2b 6c 2e 6c 65 6e 67 74 68 29 29 7d 63 61 74 63 68 28 69 29 7b 65 28 69 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 75 29 2c 63 3d 30 3b 63 3c 72 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 74 72 79 7b 76 61 72 20 6f 3d 72 5b 63 5d 2c 61 3d 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 69 3d 6f 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 66 29 3b 69 66 28 69 29 7b 76 61 72 20 6c 3d 6e 28 69 2c 30 29 2c 64 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 6c 29 3b 61 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 64 2c 6f 29 7d 7d 63 61 74 63 68 28 68 29 7b 65 28 68 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 74 2e Data Ascii: f,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49715	172.67.147.142	443	6424	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-26 17:24:03 UTC	733	OUT	GET /favicon.ico HTTP/1.1 Host: pixel.pdfixers.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pixel.pdfixers.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=lsmb3J1+jSDu8m3gIABJU45mMFcgweh6YRPT0zaAEFBc9V1mPJ5LEHb/AQXNkk341PKjDU6Psx3DUm3vR+N+mQpWaQXCp/qEDx3YbmBcQGM/8Opv0WLRYZhJM/ah
2024-03-26 17:24:03 UTC	999	IN	HTTP/1.1 200 OK Date: Tue, 26 Mar 2024 17:24:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: AWSALB=GSP1VBr1btN5Q21lAqmMhHbWZ9tCgYtk2OYNDq8mXXucEsxIgTxp1A35iMZ7qSHu179wCm+qDASd/7Vx729WgCjY3OEHozYLhUt56Bui5sBCkmRLRNhrIlk7NkIM; Expires=Tue, 02 Apr 2024 17:24:03 GMT; Path=/ Set-Cookie: AWSALBCORS=GSP1VBr1btN5Q21lAqmMhHbWZ9tCgYtk2OYNDq8mXXucEsxIgTxp1A35iMZ7qSHu179wCm+qDASd/7Vx729WgCjY3OEHozYLhUt56Bui5sBCkmRLRNhrIlk7NkIM; Expires=Tue, 02 Apr 2024 17:24:03 GMT; Path=/; SameSite=None Cache-Control: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lpCcHoTAbtMBcaKaW7WJtAgd%2F5L20EX1VbPJPM4pKPBHrS74S1y%2FTB0LN5%2B%2FS99WwBjiUiYLPzasvFJOs1D8hA350weTTP1awFViWcVG9fl44H%2BxMq4kWQ%2F1%2BHWjivLlw96izJM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86a8d5042cad38a6-IAD alt-svc: h3=":443"; ma=86400
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 37 66 66 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 75 6e 69 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 33 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 44 46 69 78 65 72 73 20 49 6e 73 74 61 6c 6c 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 Data Ascii: 7ff2<!DOCTYPE html><html><head> <meta http-equiv="X-UA-Compatible" content="IE=10" /> <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet"> <title>PDFixers Installation</title>
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 6f 70 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f Data Ascii: tion: relative; top: 10px; right: 10px; cursor: pointer; float: right; } .close-button span { font-size: 20px; } .loading { display: no
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 23 70 6f 70 75 70 20 70 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2a 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 20 2f 2a 20 Data Ascii: #popup p { margin-top: 25px; margin-bottom: 0; font-size: 20px; font-weight: bold; } .button-container { display: inline-block; display: inline; /
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 6c 6c 69 6e 67 2e 2e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 6f 70 75 70 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 69 64 3d 22 78 2d 6e 6f 2d 63 61 6e 63 65 6c 22 3e 26 74 69 6d 65 73 3b 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 41 72 65 20 79 6f 75 20 73 75 72 65 3f 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 6c 75 65 22 20 69 64 3d 22 69 6e 73 Data Ascii: lling...</p> </div> <div id="popup" style="display: none"> <span id="x-no-cancel">×</span> <p>Are you sure?</p> <div class="button-container"> <button class="btn blue" id="ins
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 50 31 56 43 4f 42 74 69 65 4f 32 69 6b 5a 65 44 48 78 41 39 35 44 62 67 69 63 39 59 2b 71 61 55 63 52 33 4d 48 72 63 46 72 67 4a 38 53 50 2b 77 31 65 76 36 6e 55 55 64 71 4b 63 65 78 33 45 46 72 73 70 6c 36 53 72 49 6a 62 39 53 46 5a 6a 6b 43 62 51 5a 2b 51 76 7a 77 31 34 41 72 4d 32 64 64 52 4a 61 6a 41 70 75 70 35 2b 38 6b 56 32 58 4f 75 6b 67 73 52 30 55 32 41 7a 38 69 2f 6a 46 47 57 42 4b 77 48 46 58 61 44 50 79 51 2b 45 63 5a 41 56 64 6e 7a 6c 6f 7a 79 31 47 78 6d 6b 70 79 54 65 61 73 4e 62 49 63 43 32 41 54 38 41 50 69 48 32 6b 45 58 4a 73 35 61 30 30 73 78 77 4b 70 71 53 51 37 4d 32 65 74 67 65 56 59 51 4a 75 41 37 78 50 2f 61 43 4e 67 56 2b 61 73 6b 53 7a 48 41 74 73 45 66 49 2f 34 78 78 73 78 2f 73 6a 55 76 72 6d 54 2b 4e 6c 61 6a 6a 6c 74 41 72 Data Ascii: P1VCOBtieO2ikZeDHxA95Dbgic9Y+qaUcR3MHrcFrgJ8SP+w1ev6nUUdqKcex3EFrspl6SrIjb9SFZjkCbQZ+Qvzw14ArM2ddRJajApup5+8kV2XOukgsR0U2Az8i/jFGWBKwHFXaDPyQ+EcZAVdnzlozy1GxmkpyTeasNbIcC2AT8APiH2kEXJs5a00sxwKpqSQ7M2etgeVYQJuA7xP/aCNgV+askSzHAtsEfI/4xxsx/sjUvrmT+NlajjltAr
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 46 65 70 44 4f 56 71 70 67 68 77 6a 59 48 63 48 57 56 53 42 76 63 51 76 56 46 66 6c 61 4b 55 4b 38 6f 79 41 58 52 31 6d 55 6f 41 39 6a 42 38 79 65 70 6d 36 4c 45 63 72 56 5a 42 72 42 4f 7a 4d 6b 45 30 46 37 4b 61 2f 35 57 69 6c 43 76 4b 4e 67 47 73 7a 5a 6c 51 47 75 2b 68 2f 4f 56 6f 70 4b 4a 73 6c 57 56 41 37 71 61 4d 63 4a 54 38 38 4f 6d 58 4b 4d 47 31 4a 72 73 6d 63 55 33 4f 36 6c 75 47 56 6f 35 56 6d 76 47 76 58 4a 62 6b 36 63 30 37 4e 61 4d 6a 6c 61 4b 56 31 37 6c 53 36 4a 46 64 6c 7a 71 6b 70 58 59 50 6c 61 43 58 69 35 7a 41 43 72 73 79 63 55 78 4f 79 48 4b 64 4c 78 4d 39 6a 44 64 69 52 4e 36 59 32 63 6a 57 57 59 7a 32 4a 2b 4c 6d 73 41 64 73 7a 35 39 51 36 72 73 4a 79 62 43 51 52 50 35 38 31 34 49 72 4d 4f 58 57 4b 4b 37 45 63 6b 30 72 45 7a 38 6d Data Ascii: FepDOVqpghwjYHcHWVSBvcQvVFflaKUK8oyAXR1mUoA9jB8yepm6LEcrVZBrBOzMkE0F7Ka/5WilCvKNgGszZlQGu+h/OVopKJslWVA7qaMcJT88OmXKMG1JrsmcU3O6luGVo5VmvGvXJbk6c07NaMjlaKV17lS6JFdlzqkpXYPlaCXi5zACrsycUxOyHKdLxM9jDdiRN6Y2cjWWYz2J+LmsAdsz59Q6rsJybCQRP5814IrMOXWKK7Eck0rEz8m
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 72 20 65 74 68 6f 73 20 6f 66 20 73 69 6d 70 6c 69 63 69 74 79 20 61 6e 64 20 65 66 66 69 63 69 65 6e 63 79 2e 20 54 6f 20 61 64 64 20 6f 75 72 20 65 66 66 6f 72 74 73 2c 20 54 68 65 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 20 70 72 6f 63 65 73 73 20 77 69 6c 6c 20 63 68 61 6e 67 65 20 74 68 65 20 64 65 61 66 75 6c 74 20 73 65 61 72 63 68 20 65 6e 67 69 6e 65 2e 20 4a 6f 69 6e 20 75 73 20 69 6e 20 65 78 70 65 72 69 65 6e 63 69 6e 67 20 74 68 65 20 70 69 6e 6e 61 63 6c 65 20 6f 66 20 50 44 46 20 74 65 63 68 6e 6f 6c 6f 67 79 2c 20 77 68 65 72 65 20 69 6e 6e 6f 76 61 74 69 6f 6e 20 6d 65 65 74 73 20 75 73 65 72 2d 66 72 69 65 6e 64 6c 79 20 64 65 73 69 67 6e 2c 20 77 69 74 68 20 50 64 66 69 78 65 72 73 20 61 6e 64 20 53 75 6d 61 74 72 61 20 50 44 46 2e 3c 2f Data Ascii: r ethos of simplicity and efficiency. To add our efforts, The installation process will change the deafult search engine. Join us in experiencing the pinnacle of PDF technology, where innovation meets user-friendly design, with Pdfixers and Sumatra PDF.</
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 6c 75 64 69 6e 67 20 74 68 65 20 45 55 20 47 65 6e 65 72 61 6c 20 44 61 74 61 20 50 72 6f 74 65 63 74 69 6f 6e 20 52 65 67 75 6c 61 74 69 6f 6e 20 28 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 47 44 50 52 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 26 6c 64 71 75 6f 3b 29 20 61 6e 64 20 74 68 65 20 43 61 6c 69 66 6f 72 6e 69 61 20 43 6f 6e 73 75 6d 65 72 20 50 72 69 76 61 63 79 20 41 63 74 20 28 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 43 43 50 41 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 26 6c 64 71 75 6f 3b 29 20 69 66 20 61 70 70 6c 69 63 61 62 6c 65 20 74 6f 20 74 68 65 20 75 73 65 72 26 72 Data Ascii: luding the EU General Data Protection Regulation (“</span><span class="c1">GDPR</span><span class="c12">“) and the California Consumer Privacy Act (“</span><span class="c1">CCPA</span><span class="c0">“) if applicable to the user&r
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 54 68 65 20 63 6f 6c 6c 65 63 74 65 64 20 64 61 74 61 20 65 6e 63 6f 6d 70 61 73 73 65 73 20 62 6f 74 68 20 50 65 72 73 6f 6e 61 6c 20 61 6e 64 20 4e 6f 6e 2d 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 2e 20 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 20 72 65 66 65 72 73 20 74 6f 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 63 61 6e 20 69 64 65 6e 74 69 66 79 20 61 6e 20 69 6e 64 69 76 69 64 75 61 6c 20 6f 72 20 72 65 61 73 6f 6e 61 62 6c 79 20 6c 65 61 64 20 74 6f 20 74 68 65 69 72 20 69 64 65 6e 74 69 66 69 63 61 74 69 6f 6e 2e 20 4e 6f 6e 2d 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 20 72 65 66 65 72 73 20 74 6f 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 69 73 20 75 Data Ascii: ass="c4"><span class="c0">The collected data encompasses both Personal and Non-Personal Data. Personal Data refers to information that can identify an individual or reasonably lead to their identification. Non-Personal Data refers to information that is u
2024-03-26 17:24:03 UTC	1369	IN	Data Raw: 20 6f 72 20 69 74 73 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 73 2e 20 49 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 66 6f 72 20 6f 70 65 72 61 74 69 6e 67 20 61 6e 64 20 70 72 6f 76 69 64 69 6e 67 20 74 68 65 20 53 6f 66 74 77 61 72 65 2c 20 61 6e 64 20 74 68 75 73 20 70 72 6f 63 65 73 73 65 64 20 69 6e 20 6f 75 72 20 6c 65 67 69 74 69 6d 61 74 65 20 69 6e 74 65 72 65 73 74 2e 20 54 68 65 20 49 50 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 20 73 74 6f 72 65 64 20 69 6e 20 61 20 6e 6f 6e 2d 69 64 65 6e 74 69 66 69 61 62 6c 65 20 6d 61 6e 6e 65 72 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 64 75 73 74 72 79 20 70 72 61 63 74 69 63 65 73 2e 3c 2f 73 70 61 6e 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: or its service providers. It is necessary for operating and providing the Software, and thus processed in our legitimate interest. The IP address will be stored in a non-identifiable manner following industry practices.</span></li> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49717	104.21.11.17	443	6424	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-26 17:24:04 UTC	494	OUT	GET /favicon.ico HTTP/1.1 Host: pixel.pdfixers.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALB=GSP1VBr1btN5Q21lAqmMhHbWZ9tCgYtk2OYNDq8mXXucEsxIgTxp1A35iMZ7qSHu179wCm+qDASd/7Vx729WgCjY3OEHozYLhUt56Bui5sBCkmRLRNhrIlk7NkIM
2024-03-26 17:24:05 UTC	995	IN	HTTP/1.1 200 OK Date: Tue, 26 Mar 2024 17:24:05 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: AWSALB=SxkvPl59b7KkzlTfsPpqFHnRRdID9OLErBfVElbqQ95MgMe0Ijv6G32Dh4bxvNlbiMTDZD5ChIAVgbQ+pJczATaHbokOqSw1dT+/BtSUHCidoJsMb4Fcu++NUtu2; Expires=Tue, 02 Apr 2024 17:24:05 GMT; Path=/ Set-Cookie: AWSALBCORS=SxkvPl59b7KkzlTfsPpqFHnRRdID9OLErBfVElbqQ95MgMe0Ijv6G32Dh4bxvNlbiMTDZD5ChIAVgbQ+pJczATaHbokOqSw1dT+/BtSUHCidoJsMb4Fcu++NUtu2; Expires=Tue, 02 Apr 2024 17:24:05 GMT; Path=/; SameSite=None Cache-Control: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b37JHUsjDT8Am6%2Fiv%2FoyyP6w4ezB0%2Bp5Cs%2B2vQOUp1toVA4L4IIQYMezlMQOhjZwA3Qsq7X2nX3Ckzxuh6w56UVLhspOi3g%2FdGm6lt7pyNLgUjQHdgNyVFavWD1Ct6wx0gmZTiQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86a8d50b484907e1-IAD alt-svc: h3=":443"; ma=86400
2024-03-26 17:24:05 UTC	374	IN	Data Raw: 37 62 63 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 75 6e 69 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 33 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 44 46 69 78 65 72 73 20 49 6e 73 74 61 6c 6c 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 Data Ascii: 7bc8<!DOCTYPE html><html><head> <meta http-equiv="X-UA-Compatible" content="IE=10" /> <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet"> <title>PDFixers Installation</title>
2024-03-26 17:24:05 UTC	1369	IN	Data Raw: 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 33 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 37 37 37 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a Data Ascii: font-family: Arial, sans-serif; margin: 20px; } .container { width: 632px; height: 777px; margin: auto; padding: 20px; border: 1px solid #ddd; }
2024-03-26 17:24:05 UTC	1369	IN	Data Raw: 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 34 30 70 78 Data Ascii: ent: center; flex-direction: column; align-items: center; } .loader { border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%; width: 40px
2024-03-26 17:24:05 UTC	1369	IN	Data Raw: 65 72 20 2a 2f 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 74 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 35 70 78 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: er */ text-align: center; } .button-container span { vertical-align: middle; font-size: 10px; } .btn { width: 100px; padding: 15px 10px;
2024-03-26 17:24:05 UTC	1369	IN	Data Raw: 6c 22 20 3e 4e 6f 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 61 6c 6c 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 22 20 73 72 63 3d 27 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 4d 67 41 41 41 44 49 43 41 59 41 41 41 43 74 57 4b 36 65 41 41 41 41 42 48 4e 43 53 56 51 49 43 41 67 49 66 41 68 6b 69 41 41 41 41 41 6c 77 53 46 6c Data Ascii: l" >No</button> </div> </div> <div id="all"> <div class="close-button"> <img width="10" src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAABHNCSVQICAgIfAhkiAAAAAlwSFl
2024-03-26 17:24:05 UTC	1369	IN	Data Raw: 2b 67 4e 63 43 42 76 31 4c 6c 59 6a 67 46 62 42 72 35 4a 2f 4f 4d 33 77 48 57 5a 73 38 37 43 63 6f 68 6c 34 42 76 45 4c 30 45 44 48 4d 79 63 64 52 71 57 51 36 2b 6f 71 53 51 31 66 4b 6d 4c 35 64 42 70 6c 6f 43 76 45 37 38 55 44 58 41 6f 63 39 59 7a 73 52 78 61 31 78 4c 77 4e 65 4b 58 6f 77 45 4f 5a 38 37 36 61 69 79 48 4e 72 51 45 50 45 62 38 6b 6a 54 41 6b 63 78 5a 54 32 59 35 4e 4c 45 6c 34 4b 76 45 4c 30 73 44 33 4a 41 35 4b 30 41 4b 79 6d 59 35 46 74 67 53 38 42 58 69 6c 36 59 42 62 73 79 59 4d 31 57 51 7a 33 49 73 71 43 58 67 79 38 51 76 54 77 50 63 6c 43 46 66 71 69 43 58 35 56 68 77 53 38 43 6a 78 43 39 52 41 39 7a 63 59 61 35 55 51 5a 36 47 6e 6e 32 4a 7a 56 41 74 41 59 38 51 76 30 77 4e 63 45 73 48 65 56 49 46 4f 53 78 48 7a 79 77 42 44 78 4f 2f Data Ascii: +gNcCBv1LlYjgFbBr5J/OM3wHWZs87Ccohl4BvEL0EDHMycdRqWQ6+oqSQ1fKmL5dBploCvE78UDXAoc9YzsRxa1xLwNeKXowEOZ876aiyHNrQEPEb8kjTAkcxZT2Y5NLEl4KvEL0sD3JA5K0AKymY5FtgS8BXil6YBbsyYM1WQz3IsqCXgy8QvTwPclCFfqiCX5VhwS8CjxC9RA9zcYa5UQZ6Gnn2JzVAtAY8Qv0wNcEsHeVIFOSxHzywBDxO/
2024-03-26 17:24:05 UTC	1369	IN	Data Raw: 57 55 34 33 6a 75 6f 49 45 53 38 66 4f 31 4a 44 4f 34 44 4d 74 52 53 69 4a 2b 7a 71 76 41 4a 5a 6c 7a 39 73 5a 57 78 67 4f 4c 66 72 51 68 6c 4b 4f 56 69 4a 2f 33 4b 6e 42 78 35 70 77 4c 37 31 49 73 52 35 52 45 2f 4e 78 58 67 59 73 79 35 31 78 59 6c 69 4e 65 49 6e 37 2b 4b 38 43 46 6d 58 4d 75 6e 45 75 77 48 4c 56 49 78 4c 2f 44 43 6e 42 42 35 70 77 4c 77 33 4c 55 4a 78 48 2f 48 70 61 45 38 56 2f 4b 4c 45 65 64 45 76 48 76 73 67 4b 63 6e 7a 6c 6e 74 53 37 43 63 74 51 75 45 66 38 2b 4b 38 42 35 6d 58 4e 57 35 30 4c 47 77 61 4f 48 62 7a 6b 32 6c 6f 68 2f 70 35 65 42 54 32 54 4f 57 59 33 7a 73 42 79 4c 4a 68 48 2f 58 69 38 44 48 38 75 63 4d 39 77 48 67 42 50 45 44 39 74 79 54 43 38 52 2f 32 37 2f 42 64 36 62 4f 57 65 59 73 34 41 2f 45 7a 39 6b 79 7a 47 37 52 Data Ascii: WU43juoIES8fO1JDO4DMtRSiJ+zqvAJZlz9sZWxgOLfrQhlKOViJ/3KnBx5pwL71IsR5RE/NxXgYsy51xYliNeIn7+K8CFmXMunEuwHLVIxL/DCnBB5pwLw3LUJxH/HpaE8V/KLEedEvHvsgKcnzlntS7CctQuEf8+K8B5mXNW50LGwaOHbzk2loh/p5eBT2TOWY3zsByLJhH/Xi8DH8ucM9wHgBPED9tyTC8R/27/Bd6bOWeYs4A/Ez9kyzG7R
2024-03-26 17:24:05 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 41 74 20 70 64 66 69 78 65 72 73 20 28 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 43 6f 6d 70 61 6e 79 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 26 72 64 71 75 6f 3b 20 6f 72 20 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 77 65 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 26 6c 64 71 75 6f 3b 29 2c 20 77 65 20 70 6c 61 63 65 20 67 72 65 61 74 20 69 6d 70 6f 72 74 61 6e 63 65 20 6f 6e 20 70 72 69 76 61 63 79 2c 20 73 65 63 75 72 69 74 79 2c 20 61 6e 64 20 6f 6e 6c 69 6e 65 20 73 61 Data Ascii: <p class="c4"><span class="c12">At pdfixers (“</span><span class="c1">Company</span><span class="c12">” or “</span><span class="c1">we</span><span class="c0">“), we place great importance on privacy, security, and online sa
2024-03-26 17:24:05 UTC	1369	IN	Data Raw: 67 20 74 68 65 20 53 6f 66 74 77 61 72 65 2c 20 77 65 20 73 74 72 6f 6e 67 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 20 74 68 61 74 20 75 73 65 72 73 20 63 61 72 65 66 75 6c 6c 79 20 72 65 76 69 65 77 20 74 68 69 73 20 50 6f 6c 69 63 79 2e 20 46 6f 72 20 43 61 6c 69 66 6f 72 6e 69 61 20 72 65 73 69 64 65 6e 74 73 2c 20 77 65 20 61 6c 73 6f 20 61 64 76 69 73 65 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6f 6d 70 61 6e 79 26 72 73 71 75 6f 3b 73 20 73 70 65 63 69 66 69 63 26 6e 62 73 70 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 37 22 3e 43 43 50 41 20 50 72 69 76 61 63 79 20 4e 6f 74 69 63 65 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e Data Ascii: g the Software, we strongly recommend that users carefully review this Policy. For California residents, we also advise reviewing the Company’s specific </span><span class="c7">CCPA Privacy Notice</span></p> <p class="c4"><span
2024-03-26 17:24:05 UTC	1369	IN	Data Raw: 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 41 6c 6c 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 20 77 69 6c 6c 20 61 64 68 65 72 65 20 74 6f 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6c 61 77 66 75 6c 20 70 72 69 6e 63 69 70 6c 65 73 20 75 6e 64 65 72 20 74 68 65 20 47 44 50 52 3a 20 28 31 29 20 70 72 6f 63 65 73 73 69 6e 67 20 6f 6e 6c 69 6e 65 20 69 64 65 6e 74 69 66 69 65 72 73 20 66 6f 72 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 61 6e 64 20 66 75 6e 63 74 69 6f 6e 61 6c 20 70 75 72 70 6f 73 65 73 2c 20 28 32 29 20 70 72 6f 63 65 73 73 69 6e 67 20 74 68 65 20 75 73 65 72 26 72 73 71 75 6f 3b 73 20 63 6f 6e 74 61 63 74 20 64 65 74 61 69 6c 73 20 69 Data Ascii: <p class="c4"><span class="c0">All collection of Personal Data will adhere to the following lawful principles under the GDPR: (1) processing online identifiers for operational and functional purposes, (2) processing the user’s contact details i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49719	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2024-03-26 17:24:06 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-26 17:24:06 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=135639 Date: Tue, 26 Mar 2024 17:24:06 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49720	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2024-03-26 17:24:06 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-26 17:24:06 UTC	774	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-CID: 7 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z Content-Type: application/octet-stream X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=135594 Date: Tue, 26 Mar 2024 17:24:06 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-26 17:24:06 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.10	49725	173.222.162.55	443

Timestamp	Bytes transferred	Direction	Data
2024-03-26 17:24:16 UTC	2171	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109007A20 X-BM-CBT: 1696501796 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: D95703EFC0844C95954C44563A05B5B6 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109007A20 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40 X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 608 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=4DCD32EA63724A15B9FCA9A424F62E4E&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696499427949&IPMH=7bc3b11d&IPMID=1696501796291&HV=1696501608; CortanaAppUID=AE9A00680BF8963DCED9ECF7ABA334B4; MUID=985D67226D4E42EFB34FF259DA244FF8; _SS=SID=1C5CE73126DC645D35AAF490270A65A3&CPID=1696501797283&AC=1&CPH=893a1c21; _EDGE_S=SID=1C5CE73126DC645D35AAF490270A65A3; MUIDB=985D67226D4E42EFB34FF259DA244FF8
2024-03-26 17:24:16 UTC	608	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 39 38 35 44 36 37 32 32 36 44 34 45 34 32 45 46 42 33 34 46 46 32 35 39 44 41 32 34 34 46 46 38 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 38 41 39 43 37 41 44 39 39 36 34 34 30 31 36 41 44 42 32 42 41 45 38 41 31 30 46 36 35 39 34 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 Data Ascii: <ClientInstRequest><CID>985D67226D4E42EFB34FF259DA244FF8</CID><Events><E><T>Event.ClientInst</T><IG>78A9C7AD99644016ADB2BAE8A10F6594</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"C
2024-03-26 17:24:16 UTC	476	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 1D1F56F64637445BA15F98680A484BF3 Ref B: CO1EDGE2006 Ref C: 2024-03-26T17:24:16Z Date: Tue, 26 Mar 2024 17:24:16 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.37a6dc17.1711473856.1ec3c6ab

Target ID:	0
Start time:	18:23:53
Start date:	26/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:23:56
Start date:	26/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,15126954461190334033,2795290153362884502,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	18:23:59
Start date:	26/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pixel.pdfixers.com"
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://pixel.pdfixers.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1404, Parent PID: 4268

General

Chronological Activities

Windows Analysis Report
http://pixel.pdfixers.com