Windows Analysis Report
PDFixers.zip

Overview

General Information

Sample name:	PDFixers.zip
Analysis ID:	1426772
MD5:	5396742442ffdedba5c6aebb1769a289
SHA1:	e77ac4619cc0df6e6b9a2db47f7b6ff3d2308e6b
SHA256:	0708077484d29f5107ded46cbf35e9f7391efb9331279a25a7218c2bd7375d1e
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Allocates memory with a write watch (potentially for evading sandboxes)

Contains capabilities to detect virtual machines

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Searches for the Microsoft Outlook file path

Searches for user specific document files

Stores files to the Windows start menu directory

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Multi AV Scanner detection for domain / URL

Source: pixel.pdfixers.com	Virustotal: Detection: 6%	Perma Link
Source: https://pixel.pdfixers.com/;	Virustotal: Detection: 6%	Perma Link
Source: https://pixel.pdfixers.com/7	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/...	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/-	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/?	Virustotal: Detection: 6%	Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%	Virustotal: Detection: 5%	Perma Link

Multi AV Scanner detection for submitted file

Source: PDFixers.zip

Virustotal: Detection: 9%

Perma Link

Source: https://www.sumatrapdfreader.org/free-pdf-reader

HTTP Parser: No favicon

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.35:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49724 version: TLS 1.2

Source:	Binary string: All supported documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files. source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471631202.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1468163792.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1429387682.000001A1D8FFF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb;.prcl source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1466632808.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475633483.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471018670.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D9073000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D904A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbcts source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7640000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbzF source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1469024058.000001A1D9487000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2303045907.000001A1D9480000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrQ` source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: ps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcr source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdb.zip source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1470404711.000001A1D75E7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D75F8000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1469024058.000001A1D9487000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233837984.000001A1D75F8000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1465934467.000001A1D75DF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2303045907.000001A1D9480000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475430204.000001A1D75EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1468163792.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1429387682.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471631202.000001A1D8FF7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2234690596.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdbY source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D9585000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbolder!`)4a source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1470404711.000001A1D75E7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1465934467.000001A1D75DF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475430204.000001A1D75EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbL source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF64F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdb;.prc source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1466632808.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475633483.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471018670.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233228683.000001A1DF60E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF5E0000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D9073000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2234690596.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D904A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb3 source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbG source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D9585000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 172.67.147.142 172.67.147.142

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: /Referer: https://pixel.pdfixers.com/Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=LIibE+FlCXffoI/rgW5811m93O3dEq64G7f26KJ+lxn+8lUlux/LhOiKNThM3J2LW+6zj3459FGH1LTee0cGoo50scKSPZHUBwiO1DoAQn6PXTsdmodZ8V+6v3Wy; AWSALBCORS=LIibE+FlCXffoI/rgW5811m93O3dEq64G7f26KJ+lxn+8lUlux/LhOiKNThM3J2LW+6zj3459FGH1LTee0cGoo50scKSPZHUBwiO1DoAQn6PXTsdmodZ8V+6v3Wy
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sz8Nb+CKen4oyuo&MD=tgpGrDaO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAe19g6Apc3JDkxS6tTOSoMkmDDu%2B4kFt1L7VRq3%2B/xfByw44dStJFq2TsE3Fs/OX/OWx9LDkCRg3a4EiM7FFNVfX2zdL0Axektfnw288narUWXYcnz83jBHqneES5UVaBgiBAWhLeQPJg5mvAjBX32YyyqlrWkFZeSXJdHDUNEb%2ByZWvSSS2V/Sa1EqvP0SWrA%2B1ONT/9moyfCAfYPNTL/0Ndxl2crA5MQRzuP6XdtwYdTzVlyW%2B0Lk7Nf%2BiN2PCIEF7Ey3lnWeCYBS0hS6Fitz0i6M/JQ8iu3AFrGtyxjT/2zLRUh1MeElY89eyrbYJHNuG0iFIFzbbSVjkuEEi90YDZgAACPGB7g7F4Yp4qAGD5eX6nk/XhgeQGUoCvOq4Q2flEbyPRgOdWWo8uCMbSELHWInV8P%2BAtJOcGjkKehCEx0086PCrrDg%2BMSKuSErTVUYyEQHc/YDWDDyk8MV3%2Biywcdr98NM83dbq3/uXTBO1OcMXolvfB9X5MYhRLWRp53LdUPcuNVKSQkr2hysC3EeSxckY8HuE0DT2oTB2m1sJ8ScnVkGh5Lz%2BikRFBneQoLOXHCEOgcTDfRkIMH3KYEkjdBdg7uN/96hVCusQAQjiqRqylHsLpME4aFK0dO70Qh2oqgZKnVcH8GgvBzMXYT6NLB3tPPLlvk%2BbCsFY/6NSqa4YqLzgG8PUX8QjvJNBZecgNsmu3YqAR0lZKvUbPHd4NjdkA3oUXXBOOXnoBtTUAY233Ly5xECDvCLuZG1j/dHXe4I9YQJq0%2B3uVGn0qhCnopwcZTv134wj8qff5b/UNULwp5TtxmIdYOk7KtuJO4mmYVlcw7UE3Q0fo582jAeqdIjLXe8yxxgbeNSypzoQMRfnrUlKy3eWsT/LjDMEdsniFlc/xTf3ozQckmql9aq5j6fOND5A2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1713275250User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 5B9F9496EB344660AD7FA38842CD8490X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sz8Nb+CKen4oyuo&MD=tgpGrDaO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /free-pdf-reader HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /software/sumatrapdf/sumatralatest.js HTTP/1.1Host: files2.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sumatra.css HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /docs/img/homepage.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/homepage-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/format-pdf-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/format-epub-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@Merjia_ HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@EnercoConseils HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@r0x12ul HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@ronaldnzimora HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@CRTejaswi HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@Merjia_ HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@r0x12ul HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@ronaldnzimora HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@EnercoConseils HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dialog-langs-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@CRTejaswi HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/menu-view-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/menu-file-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/homepage-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/format-pdf-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/format-epub-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /docs/img/homepage.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dialog-langs-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/menu-view-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/menu-file-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: pixel.pdfixers.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4788Host: login.live.com

Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: chromecache_88.18.dr	String found in binary or memory: http://grsmto.github.io/simplebar/
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/documentstructure
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/fixedrepresentation
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D39F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.idpf.org/2007/opf
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.idpf.org/2007/opfapplication/xhtml
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://://https://translate.google.com/?op=translate&sl=auto&tl=$
Source: chromecache_90.18.dr	String found in binary or memory: https://blog.kowalczyk.info
Source: chromecache_88.18.dr	String found in binary or memory: https://csshint.com/css-box-shadow-examples/
Source: chromecache_88.18.dr	String found in binary or memory: https://dev.to/jonosellier/easy-overlay-scrollbars-variable-width-1mbh
Source: chromecache_88.18.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/scrollbar-gutter
Source: chromecache_90.18.dr	String found in binary or memory: https://files2.sumatrapdfreader.org/software/sumatrapdf/sumatralatest.js
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CAA000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/y
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/7
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/;
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbM
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/w
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2383063489.000002B0F7E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)
Source: PDFixers.exe, 00000002.00000002.2386042025.000002B0FA34E000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2385273170.000002B0FA130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-000019dc-Id-00000000:SubsetRegularVersion
Source: PDFixers.exe, 00000002.00000002.2383063489.000002B0F7E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)nu
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS6
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS9
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORSf
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, chromecache_90.18.dr, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF
Source: chromecache_88.18.dr	String found in binary or memory: https://kingsora.github.io/OverlayScrollbars/
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=23468998
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=3327197
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=37988872
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=5214372
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=5595328
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=576145
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=6465643
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=9527367
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=9690604
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1B76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/
Source: PDFixers.exe, 00000002.00000002.2344540190.000002B0EE658000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/-
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/...
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/...p
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/2
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/7
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1C6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/9
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/;
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/?
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1C6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/C:
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/G
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protection
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2345177289.000002B0EE6B8000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2346702608.000002B0F1B76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsd
Source: PDFixers.exe, 00000002.00000002.2367431693.000002B0F3B90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/ger
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/h
Source: PDFixers.exe, 00000002.00000002.2367431693.000002B0F3B90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ema
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/ll7
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/p
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFL
Source: PDFixers.exe, 00000002.00000002.2386042025.000002B0FA34E000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2385273170.000002B0FA130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLNunito
Source: PDFixers.exe, 00000002.00000002.2330213186.000002A8EC517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLV
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: chromecache_88.18.dr	String found in binary or memory: https://stackoverflow.com/a/64554893
Source: chromecache_88.18.dr	String found in binary or memory: https://stackoverflow.com/questions/13054797/how-to-prevent-a-webkit-scrollbar-from-pushing-over-the
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/CRTejaswi/status/1515454405600247809
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/EnercoConseils/status/1306843886451666944
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/Merjia_/status/1310790865539883008
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/kjk
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/r0x12ul/status/1444901425234911234
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/ronaldnzimora/status/1259107209172131843
Source: chromecache_90.18.dr	String found in binary or memory: https://unavatar.io/twitter/
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.deepl.com/translator#-/$
Source: PDFixers.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.google.com/search?q=$
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/Piracy/comments/u1m23x/good_windows_cbz_reader_other_than_cdisplayex/i
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/ProgrammerHumor/comments/rgz0nk/i_dont_think_that_goes_in_the_console/
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/assholedesign/comments/im0rbv/installing_the_last_windows_update_reset
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/assholedesign/comments/io05m4/adobe_survey_wont_let_you_use_acrobat_un
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/pcmasterrace/comments/tjdpbq/thats_it/i1mcy7o/?depth=1&showmore=fa
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/software/comments/j215uw/i_just_realized_that_windows_doesnt_have_a/g7
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/sysadmin/comments/u35hon/user_ticket_i_need_acrobat_pro_because_i_cant
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D90AE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D961B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D956A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF5E0000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D765A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233283123.000001A1D7621000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D962F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/0l74
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D961B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D962F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/2
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233283123.000001A1D7621000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/W
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D9675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/e.lllo
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D961B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D962F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/manual
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D961B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D962F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/manual1
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/manualArialwebsiteArial
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org0
Source: chromecache_90.18.dr	String found in binary or memory: https://www.tweetic.io/create

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.35:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49724 version: TLS 1.2

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Code function: 2_2_000002B0F2073097	2_2_000002B0F2073097
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Code function: 2_2_000002B0F2079CF1	2_2_000002B0F2079CF1
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Code function: 2_2_00007FF9CC45A501	2_2_00007FF9CC45A501

Searches for the Microsoft Outlook file path

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Source: classification engine

Classification label: mal56.winZIP@18/59@13/8

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\SQ5EF6KQ.htm

Jump to behavior

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Mutant created: NULL

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: PDFixers.zip

Virustotal: Detection: 9%

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe "C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sumatrapdfreader.org/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1940,i,11865487458500093638,9147501348541840663,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sumatrapdfreader.org/	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1940,i,11865487458500093638,9147501348541840663,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: t2embed.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: uianimation.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.fileexplorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: assignedaccessruntime.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.search.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ehstorshell.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmdeploy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: provsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Jump to behavior

Source: SumatraPDF.lnk.2.dr	LNK file: ..\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
Source: Google Drive.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Window detected: Number of UI elements: 13
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Window detected: Number of UI elements: 13

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Jump to behavior

Source: PDFixers.zip

Static file information: File size 8281125 > 1048576

Source:	Binary string: All supported documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files. source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471631202.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1468163792.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1429387682.000001A1D8FFF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb;.prcl source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1466632808.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475633483.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471018670.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D9073000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D904A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbcts source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7640000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbzF source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1469024058.000001A1D9487000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2303045907.000001A1D9480000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrQ` source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: ps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcr source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdb.zip source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1470404711.000001A1D75E7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D75F8000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1469024058.000001A1D9487000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233837984.000001A1D75F8000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1465934467.000001A1D75DF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2303045907.000001A1D9480000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475430204.000001A1D75EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1468163792.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1429387682.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471631202.000001A1D8FF7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2234690596.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdbY source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D9585000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbolder!`)4a source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1470404711.000001A1D75E7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1465934467.000001A1D75DF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475430204.000001A1D75EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbL source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF64F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdb;.prc source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1466632808.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475633483.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471018670.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233228683.000001A1DF60E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF5E0000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D9073000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2234690596.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D904A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb3 source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbG source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D9585000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr

PE file contains sections with non-standard names

Source: SumatraPDF-3.5.2-64.exe.2.dr

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Code function: 2_2_00007FF9CC45063D push ebx; iretd

2_2_00007FF9CC45066A

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

File created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2A8D3790000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2A8EB9F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE580000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE5C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE5E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE600000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F1F90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F1FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2010000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2070000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2090000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F20B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F20F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2130000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2150000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2170000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2190000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F21B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F21D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F21F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2230000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2250000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2270000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2290000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F22B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F22D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2310000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2330000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2550000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2570000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2590000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F25D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F25F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2610000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2630000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2650000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2670000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2690000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2E90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2EB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2ED0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2EF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2F10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2F50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2F70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2F90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2FB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2FF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3030000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3050000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3070000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3090000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F30B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F30D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3130000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3150000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3170000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3190000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F31B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F31F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3210000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3230000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3250000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3270000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3290000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F32D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F32F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3310000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3330000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3350000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3390000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F33B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F33D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3410000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3430000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3450000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3470000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3490000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F34B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F34D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3510000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3530000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3550000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3570000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3590000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F35B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F35D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F35F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3630000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3650000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3670000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3690000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F36B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F36D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F36F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3710000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3750000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3770000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3790000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F37B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F37D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F37F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3810000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3830000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3870000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3890000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F38B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F38D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F38F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3910000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3930000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3950000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3990000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F39B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F39D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F39F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3A10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3A30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3A50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3A90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3AB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3AD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3AF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3B10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3B30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3B50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3B70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3BB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3BD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3BF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3CD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3CF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3DB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3DF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3EB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3ED0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3FB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3FF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4030000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4050000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4070000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4090000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F40B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F40D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F40F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4150000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4170000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4190000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F41B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F41D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F41F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4210000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4230000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4270000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4290000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F42B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F42D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F42F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4310000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4330000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4370000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4390000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F43B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F43D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F43F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4410000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4430000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4450000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4490000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F44B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F44D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F44F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4510000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4530000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4550000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4570000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F45B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F45D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F45F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4610000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4630000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4650000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4670000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4690000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F46D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F46F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4710000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4730000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4750000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4770000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4790000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F47B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F47F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4810000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4830000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4850000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4870000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4890000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F48B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F48F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4910000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4930000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4950000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4970000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4990000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F49B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F49D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4AB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4AD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4AF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4B30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4B50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4B70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4B90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4BB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4FF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5010000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5050000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5070000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5090000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F50B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F50D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F50F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5130000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5170000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5190000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F51B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F51D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc

Jump to behavior

Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1C4A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CAA000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2327700273.000002A8EC32F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sumatrapdfreader.org/			Jump to behavior

Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr

Binary or memory string: Shell_TrayWndKillProcessesUsingInstallation()

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Searches for user specific document files

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.75.206	unavatar.io	United States	13335	CLOUDFLARENETUS	false
172.67.181.251	unknown	United States	13335	CLOUDFLARENETUS	false
104.26.9.244	files2.sumatrapdfreader.org	United States	13335	CLOUDFLARENETUS	false
64.233.177.104	www.google.com	United States	15169	GOOGLEUS	false
138.201.51.123	www.sumatrapdfreader.org	Germany	24940	HETZNER-ASDE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.147.142	pixel.pdfixers.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17

Contacted Domains

Name	IP	Active
pixel.pdfixers.com	172.67.147.142	true
unavatar.io	104.21.75.206	true
www.sumatrapdfreader.org	138.201.51.123	true
files2.sumatrapdfreader.org	104.26.9.244	true
www.google.com	64.233.177.104	true

Contacted URLs

Name	Malicious	Reputation
https://www.sumatrapdfreader.org/favicon.ico	false	high
https://unavatar.io/twitter/@EnercoConseils	false	unknown
https://unavatar.io/twitter/@CRTejaswi	false	unknown
https://unavatar.io/twitter/@r0x12ul	false	unknown
https://www.sumatrapdfreader.org/img/homepage-small.png	false	high
https://www.sumatrapdfreader.org/img/dialog-langs-small.png	false	high
https://files2.sumatrapdfreader.org/software/sumatrapdf/sumatralatest.js	false	high
https://www.sumatrapdfreader.org/img/format-pdf-small.png	false	high
https://www.sumatrapdfreader.org/sumatra.css	false	high
https://www.sumatrapdfreader.org/img/format-epub-small.png	false	high
https://www.sumatrapdfreader.org/	false	high

AV Detection

Multi AV Scanner detection for domain / URL

Source: pixel.pdfixers.com	Virustotal: Detection: 6%	Perma Link
Source: https://pixel.pdfixers.com/;	Virustotal: Detection: 6%	Perma Link
Source: https://pixel.pdfixers.com/7	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/...	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/-	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/?	Virustotal: Detection: 6%	Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%	Virustotal: Detection: 5%	Perma Link

Multi AV Scanner detection for submitted file

Source: PDFixers.zip

Virustotal: Detection: 9%

Perma Link

Source: https://www.sumatrapdfreader.org/free-pdf-reader

HTTP Parser: No favicon

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.35:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49724 version: TLS 1.2

Source:	Binary string: All supported documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files. source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471631202.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1468163792.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1429387682.000001A1D8FFF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb;.prcl source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1466632808.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475633483.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471018670.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D9073000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D904A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbcts source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7640000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbzF source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1469024058.000001A1D9487000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2303045907.000001A1D9480000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrQ` source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: ps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcr source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdb.zip source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1470404711.000001A1D75E7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D75F8000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1469024058.000001A1D9487000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233837984.000001A1D75F8000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1465934467.000001A1D75DF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2303045907.000001A1D9480000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475430204.000001A1D75EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1468163792.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1429387682.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471631202.000001A1D8FF7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2234690596.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdbY source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D9585000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbolder!`)4a source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1470404711.000001A1D75E7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1465934467.000001A1D75DF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475430204.000001A1D75EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbL source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF64F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdb;.prc source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1466632808.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475633483.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471018670.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233228683.000001A1DF60E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF5E0000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D9073000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2234690596.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D904A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb3 source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbG source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D9585000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr

HTTP GET or POST without a user agent

Source: global traffic

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 172.67.147.142 172.67.147.142

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: /Referer: https://pixel.pdfixers.com/Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=LIibE+FlCXffoI/rgW5811m93O3dEq64G7f26KJ+lxn+8lUlux/LhOiKNThM3J2LW+6zj3459FGH1LTee0cGoo50scKSPZHUBwiO1DoAQn6PXTsdmodZ8V+6v3Wy; AWSALBCORS=LIibE+FlCXffoI/rgW5811m93O3dEq64G7f26KJ+lxn+8lUlux/LhOiKNThM3J2LW+6zj3459FGH1LTee0cGoo50scKSPZHUBwiO1DoAQn6PXTsdmodZ8V+6v3Wy
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sz8Nb+CKen4oyuo&MD=tgpGrDaO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAe19g6Apc3JDkxS6tTOSoMkmDDu%2B4kFt1L7VRq3%2B/xfByw44dStJFq2TsE3Fs/OX/OWx9LDkCRg3a4EiM7FFNVfX2zdL0Axektfnw288narUWXYcnz83jBHqneES5UVaBgiBAWhLeQPJg5mvAjBX32YyyqlrWkFZeSXJdHDUNEb%2ByZWvSSS2V/Sa1EqvP0SWrA%2B1ONT/9moyfCAfYPNTL/0Ndxl2crA5MQRzuP6XdtwYdTzVlyW%2B0Lk7Nf%2BiN2PCIEF7Ey3lnWeCYBS0hS6Fitz0i6M/JQ8iu3AFrGtyxjT/2zLRUh1MeElY89eyrbYJHNuG0iFIFzbbSVjkuEEi90YDZgAACPGB7g7F4Yp4qAGD5eX6nk/XhgeQGUoCvOq4Q2flEbyPRgOdWWo8uCMbSELHWInV8P%2BAtJOcGjkKehCEx0086PCrrDg%2BMSKuSErTVUYyEQHc/YDWDDyk8MV3%2Biywcdr98NM83dbq3/uXTBO1OcMXolvfB9X5MYhRLWRp53LdUPcuNVKSQkr2hysC3EeSxckY8HuE0DT2oTB2m1sJ8ScnVkGh5Lz%2BikRFBneQoLOXHCEOgcTDfRkIMH3KYEkjdBdg7uN/96hVCusQAQjiqRqylHsLpME4aFK0dO70Qh2oqgZKnVcH8GgvBzMXYT6NLB3tPPLlvk%2BbCsFY/6NSqa4YqLzgG8PUX8QjvJNBZecgNsmu3YqAR0lZKvUbPHd4NjdkA3oUXXBOOXnoBtTUAY233Ly5xECDvCLuZG1j/dHXe4I9YQJq0%2B3uVGn0qhCnopwcZTv134wj8qff5b/UNULwp5TtxmIdYOk7KtuJO4mmYVlcw7UE3Q0fo582jAeqdIjLXe8yxxgbeNSypzoQMRfnrUlKy3eWsT/LjDMEdsniFlc/xTf3ozQckmql9aq5j6fOND5A2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1713275250User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 5B9F9496EB344660AD7FA38842CD8490X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sz8Nb+CKen4oyuo&MD=tgpGrDaO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /free-pdf-reader HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /software/sumatrapdf/sumatralatest.js HTTP/1.1Host: files2.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sumatra.css HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /docs/img/homepage.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/homepage-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/format-pdf-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/format-epub-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@Merjia_ HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@EnercoConseils HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@r0x12ul HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@ronaldnzimora HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@CRTejaswi HTTP/1.1Host: unavatar.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@Merjia_ HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@r0x12ul HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@ronaldnzimora HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@EnercoConseils HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dialog-langs-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /twitter/@CRTejaswi HTTP/1.1Host: unavatar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/menu-view-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/menu-file-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sumatrapdfreader.org/free-pdf-readerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/homepage-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/format-pdf-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/format-epub-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /docs/img/homepage.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/dialog-langs-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/menu-view-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/menu-file-small.png HTTP/1.1Host: www.sumatrapdfreader.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: pixel.pdfixers.com

Source: unknown

Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: chromecache_88.18.dr	String found in binary or memory: http://grsmto.github.io/simplebar/
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/documentstructure
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/fixedrepresentation
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D39F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.idpf.org/2007/opf
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: http://www.idpf.org/2007/opfapplication/xhtml
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://://https://translate.google.com/?op=translate&sl=auto&tl=$
Source: chromecache_90.18.dr	String found in binary or memory: https://blog.kowalczyk.info
Source: chromecache_88.18.dr	String found in binary or memory: https://csshint.com/css-box-shadow-examples/
Source: chromecache_88.18.dr	String found in binary or memory: https://dev.to/jonosellier/easy-overlay-scrollbars-variable-width-1mbh
Source: chromecache_88.18.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/scrollbar-gutter
Source: chromecache_90.18.dr	String found in binary or memory: https://files2.sumatrapdfreader.org/software/sumatrapdf/sumatralatest.js
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CAA000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/y
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/7
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/;
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbM
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/w
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2383063489.000002B0F7E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)
Source: PDFixers.exe, 00000002.00000002.2386042025.000002B0FA34E000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2385273170.000002B0FA130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-000019dc-Id-00000000:SubsetRegularVersion
Source: PDFixers.exe, 00000002.00000002.2383063489.000002B0F7E38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)nu
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS6
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS9
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORSf
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, chromecache_90.18.dr, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF
Source: chromecache_88.18.dr	String found in binary or memory: https://kingsora.github.io/OverlayScrollbars/
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=23468998
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=3327197
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=37988872
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=5214372
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=5595328
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=576145
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=6465643
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=9527367
Source: chromecache_90.18.dr	String found in binary or memory: https://news.ycombinator.com/item?id=9690604
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1B76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/
Source: PDFixers.exe, 00000002.00000002.2344540190.000002B0EE658000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/-
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/...
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/...p
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/2
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/7
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1C6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/9
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/;
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/?
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1C6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/C:
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/G
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protection
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2345177289.000002B0EE6B8000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2346702608.000002B0F1B76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%
Source: PDFixers.exe, 00000002.00000002.2350974720.000002B0F1D9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsd
Source: PDFixers.exe, 00000002.00000002.2367431693.000002B0F3B90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/ger
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/h
Source: PDFixers.exe, 00000002.00000002.2367431693.000002B0F3B90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ema
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/ll7
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/p
Source: PDFixers.exe, 00000002.00000002.2332215074.000002A8ED6D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFL
Source: PDFixers.exe, 00000002.00000002.2386042025.000002B0FA34E000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2385273170.000002B0FA130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLNunito
Source: PDFixers.exe, 00000002.00000002.2330213186.000002A8EC517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLV
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: chromecache_88.18.dr	String found in binary or memory: https://stackoverflow.com/a/64554893
Source: chromecache_88.18.dr	String found in binary or memory: https://stackoverflow.com/questions/13054797/how-to-prevent-a-webkit-scrollbar-from-pushing-over-the
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/CRTejaswi/status/1515454405600247809
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/EnercoConseils/status/1306843886451666944
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/Merjia_/status/1310790865539883008
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/kjk
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/r0x12ul/status/1444901425234911234
Source: chromecache_90.18.dr	String found in binary or memory: https://twitter.com/ronaldnzimora/status/1259107209172131843
Source: chromecache_90.18.dr	String found in binary or memory: https://unavatar.io/twitter/
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.deepl.com/translator#-/$
Source: PDFixers.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.google.com/search?q=$
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/Piracy/comments/u1m23x/good_windows_cbz_reader_other_than_cdisplayex/i
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/ProgrammerHumor/comments/rgz0nk/i_dont_think_that_goes_in_the_console/
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/assholedesign/comments/im0rbv/installing_the_last_windows_update_reset
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/assholedesign/comments/io05m4/adobe_survey_wont_let_you_use_acrobat_un
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/pcmasterrace/comments/tjdpbq/thats_it/i1mcy7o/?depth=1&showmore=fa
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/software/comments/j215uw/i_just_realized_that_windows_doesnt_have_a/g7
Source: chromecache_90.18.dr	String found in binary or memory: https://www.redditmedia.com/r/sysadmin/comments/u35hon/user_ticket_i_need_acrobat_pro_because_i_cant
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D90AE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D961B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D956A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF5E0000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D765A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233283123.000001A1D7621000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D962F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/0l74
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D961B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D962F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/2
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233283123.000001A1D7621000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/W
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D9675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/e.lllo
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D961B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D962F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/manual
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D961B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D962F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/manual1
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/manualArialwebsiteArial
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress
Source: PDFixers.exe, 00000002.00000002.2304790004.000002A8D3AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org0
Source: chromecache_90.18.dr	String found in binary or memory: https://www.tweetic.io/create

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.35:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49724 version: TLS 1.2

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Code function: 2_2_000002B0F2073097	2_2_000002B0F2073097
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Code function: 2_2_000002B0F2079CF1	2_2_000002B0F2079CF1
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Code function: 2_2_00007FF9CC45A501	2_2_00007FF9CC45A501

Searches for the Microsoft Outlook file path

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Source: classification engine

Classification label: mal56.winZIP@18/59@13/8

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\SQ5EF6KQ.htm

Jump to behavior

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Mutant created: NULL

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: PDFixers.zip

Virustotal: Detection: 9%

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe "C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sumatrapdfreader.org/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1940,i,11865487458500093638,9147501348541840663,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sumatrapdfreader.org/	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1940,i,11865487458500093638,9147501348541840663,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: t2embed.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: uianimation.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.fileexplorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: assignedaccessruntime.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.search.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ehstorshell.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmdeploy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: provsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Jump to behavior

Source: SumatraPDF.lnk.2.dr	LNK file: ..\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
Source: Google Drive.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Window detected: Number of UI elements: 13
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Window detected: Number of UI elements: 13

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Jump to behavior

Source: PDFixers.zip

Static file information: File size 8281125 > 1048576

Source:	Binary string: All supported documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files. source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231678285.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471631202.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1468163792.000001A1D8FFE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1429387682.000001A1D8FFF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D965E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb;.prcl source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1466632808.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475633483.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471018670.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D9073000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D904A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbcts source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7640000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbzF source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1469024058.000001A1D9487000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2303045907.000001A1D9480000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrQ` source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: ps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcr source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdb.zip source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1470404711.000001A1D75E7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D75F8000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1469024058.000001A1D9487000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233837984.000001A1D75F8000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1465934467.000001A1D75DF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2303045907.000001A1D9480000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475430204.000001A1D75EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1468163792.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1429387682.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471631202.000001A1D8FF7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D8FF6000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2234690596.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdbY source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D9585000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbolder!`)4a source: SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1470404711.000001A1D75E7000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1465934467.000001A1D75DF000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475430204.000001A1D75EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbL source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF64F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr
Source:	Binary string: .pdb;.prc source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1466632808.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1475633483.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1471018670.000001A1D9080000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2233228683.000001A1DF60E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2313952931.000001A1DF5E0000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2231185265.000001A1D9073000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2298038945.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.2234690596.000001A1D903E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000D.00000003.1426713980.000001A1D904A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb3 source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2292203121.000001A1D7593000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbG source: SumatraPDF-3.5.2-64.exe, 0000000D.00000002.2304234152.000001A1D9585000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr

PE file contains sections with non-standard names

Source: SumatraPDF-3.5.2-64.exe.2.dr

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Code function: 2_2_00007FF9CC45063D push ebx; iretd

2_2_00007FF9CC45066A

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

File created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2A8D3790000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2A8EB9F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE580000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE5C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE5E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0EE600000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F1F90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F1FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2010000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2070000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2090000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F20B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F20F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2130000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2150000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2170000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2190000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F21B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F21D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F21F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2230000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2250000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2270000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2290000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F22B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F22D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2310000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2330000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2550000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2570000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2590000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F25D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F25F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2610000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2630000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2650000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2670000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2690000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2E90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2EB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2ED0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2EF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2F10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2F50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2F70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2F90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2FB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F2FF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3030000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3050000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3070000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3090000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F30B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F30D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3130000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3150000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3170000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3190000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F31B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F31F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3210000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3230000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3250000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3270000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3290000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F32D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F32F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3310000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3330000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3350000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3390000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F33B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F33D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3410000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3430000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3450000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3470000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3490000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F34B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F34D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3510000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3530000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3550000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3570000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3590000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F35B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F35D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F35F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3630000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3650000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3670000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3690000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F36B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F36D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F36F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3710000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3750000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3770000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3790000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F37B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F37D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F37F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3810000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3830000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3870000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3890000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F38B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F38D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F38F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3910000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3930000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3950000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3990000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F39B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F39D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F39F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3A10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3A30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3A50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3A90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3AB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3AD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3AF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3B10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3B30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3B50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3B70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3BB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3BD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3BF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3C90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3CD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3CF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3D90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3DB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3DF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3E90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3EB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3ED0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3F90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3FB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F3FF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4030000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4050000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4070000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4090000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F40B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F40D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F40F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4150000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4170000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4190000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F41B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F41D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F41F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4210000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4230000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4270000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4290000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F42B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F42D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F42F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4310000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4330000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4370000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4390000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F43B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F43D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F43F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4410000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4430000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4450000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4490000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F44B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F44D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F44F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4510000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4530000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4550000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4570000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F45B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F45D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F45F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4610000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4630000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4650000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4670000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4690000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F46D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F46F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4710000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4730000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4750000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4770000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4790000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F47B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F47F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4810000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4830000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4850000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4870000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4890000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F48B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F48F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4910000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4930000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4950000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4970000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4990000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F49B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F49D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4A90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4AB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4AD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4AF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4B30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4B50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4B70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4B90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4BB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F4FF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5010000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5050000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5070000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5090000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F50B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F50D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F50F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5130000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5170000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F5190000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F51B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Memory allocated: 2B0F51D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc

Jump to behavior

Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1C4A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: PDFixers.exe, 00000002.00000002.2346702608.000002B0F1CAA000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000002.00000002.2327700273.000002A8EC32F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sumatrapdfreader.org/			Jump to behavior

Source: SumatraPDF-3.5.2-64.exe, 0000000D.00000000.1308773872.00007FF77417E000.00000002.00000001.01000000.00000011.sdmp, SumatraPDF-3.5.2-64.exe.2.dr

Binary or memory string: Shell_TrayWndKillProcessesUsingInstallation()

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Temp1_PDFixers.zip\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Searches for user specific document files

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents	Jump to behavior

ID:	1426772
Product:	CloudBasic
Start time:	15:46:39
Start date:	16.04.2024
Sample:	PDFixers.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5396742442ffdedba5c6aebb1769a289
SHA1:	e77ac4619cc0df6e6b9a2db47f7b6ff3d2308e6b
SHA256:	0708077484d29f5107ded46cbf35e9f7391efb9331279a25a7218c2bd7375d1e
Filetype:	ZIP compressed archive (8000/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\css2[1].css	ASCII text	593563DEFDA42F8FAD22F5EA3F89B775	A0C3D8D8C19C01BD3D02B90A126C8CA7F27421B3	2F02D38536746DAE6535E3354B5B844C48C26589AE1B499BE5CB35EF66EAB511
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\email-decode.min[1].js	HTML document, ASCII text, with very long lines (1238)	9E8F56E8E1806253BA01A95CFC3D392C	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\SQ5EF6KQ.htm	HTML document, ASCII text, with very long lines (10298), with CRLF line terminators	F06DFD0675AEDE0FFBCA1DDE703F4503	131C38812305350C40973AFFCFD775DBD049231C	07454A735C43D6CAC5A5AFB8A1DB648EE4CF9285429D633B602EFA77ED095E97
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\font[1].eot	Embedded OpenType (EOT), Nunito Sans 12pt Light family	C6B85601ADBF8C674B4B444DAD696A5D	9103151C858BD4C99150D6B4386D54E99B1EBF90	EC8671B432FF49E1E77F48692397E57ECFA584555AC664C932DCCEA0C9A16044
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:48:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	1727FD834302FD0A324C304D7FFB175F	4E0207F341B43FD5913DAAB38585FE35F9F36163	9A9B45F3AAF9A771FE3DC2B9A08FD6230C485EA489BBC1CE03DF5F686E818DB8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:48:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	301249E77FA18B98CBF7D85FA8F9472A	EEA4FE955577118485158AE45E12C2FDFBA0AF22	A1B6CB66D765D215D41D8FCD2CDE9BB0EEF1FC5E6F2FC713C7B5756EA2535ABA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	49F2FDC5BD457A981758F207845F30E2	0179EBE4CF60C045847CAD1A4579E8C38352DC63	AD230EBDF148C45D201AE9BD9632CE81B3765B7B278CED044C0007A6ED603A5E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:48:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	8FAF1F148D8B3EE260D1933FE56F1D0B	561C14D40349928BCA555E5BCF9066EE0F79FB63	74A9DF49554126197531DBCD5E88697184E3AC0590D26C605B6AE21F11FC29B7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:48:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	13AF62B267321D21C55081F3B885EB2E	2EF6881FB7298D6A7049984B89CAD9D3BBD685D9	87BB69795893467656D9020E2E62E3D5F79DD8B1FB0D6E6C11A754B480447090
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:48:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	8D64853D371ADE9A0E9583E57A0466D7	7694073A249913A726AE24B8803B2EB3077E58ED	DBCFF9CEFCD328DC5433BC3F000A6825AC22EA710A4F207E47324F59825BD7A8
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	PE32+ executable (GUI) x86-64, for MS Windows	C02DC2CA96FE9841963883C0FE177399	7E42E66E9198C258DA48A6194577E3DBD424463A	290E4AA7ED64C728138711C011E89AAB7AA48DBC1AE430371DC2BE4100B92BF0
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	5CACD5840DDF04BBCCE81403DB441A16	87B396BD2DD5EBDCC532BF17F0A3C58FEAD9C135	8404A18972CF0FB0375607D05BCE32B9D6DB1D548B60CD6DCE88342C5B15E0B7
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	21B26AF0D4CE33D609915549F01A7705	5B2D4B056812AF71E159426324CDAA788D1CB5D7	66CCB395C9184DCE6822DFBB9970C877383B3EAD6D9417B5106A844AAC512989
C:\Users\user\Desktop\SumatraPDF.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Apr 16 12:47:34 2024, mtime=Tue Apr 16 12:47:34 2024, atime=Wed Oct 25 05:17:54 2023, length=16065496, window=hide	D5142881B7F40FE0440431BB6767DF4A	5FF33B4AACBB7C9B0A68AC04BD5436CB2A7C0735	DE7E6565B8964F11C9F46ABC2972F43BEC3F8DFED4EF7D93AF72FB0B4C8A7D1C
Chrome Cache Entry: 100	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	CD3E92CD0FBAD406D1B4BA5A026241E7	7FC78BAF69DC55D7811B61C1B6EC5EE325DC8EDB	7980B84F26D6AE6653D5F3C7404A194DD3CCADAE0489438C12237036C472228B
Chrome Cache Entry: 101	PNG image data, 1040 x 1037, 8-bit/color RGB, non-interlaced	1A7307AAA8C576C3E0252BF130DE87BA	C314F4815E1AC86C3602E0393016C5E1A5036210	A637F74AD2C497121670AF63E51580C9E0F3B93F8375250BFA32365B2B8DD11D
Chrome Cache Entry: 102	PNG image data, 1040 x 1037, 8-bit/color RGB, non-interlaced	1A7307AAA8C576C3E0252BF130DE87BA	C314F4815E1AC86C3602E0393016C5E1A5036210	A637F74AD2C497121670AF63E51580C9E0F3B93F8375250BFA32365B2B8DD11D
Chrome Cache Entry: 103	ASCII text, with very long lines (1361), with no line terminators	1ABC8F4EB5E11C9D3FA522B8C05601AE	F54A1EAEAE017EC89B0AB0AFB5838698C6ECB042	746C3F9CF2B6EEA53528F25187947F74101B6C894D050C0D87C10D1AE92B22D9
Chrome Cache Entry: 75	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	20014F53031BDC801AFE34FEB404BD48	8872870FD934E42E83F7FA455415B1092BB76458	E22EBF7A9376214F1D76DB8D08ED56E4682D9D242D23B9FF29A649FE3F5C8C91
Chrome Cache Entry: 76	JPEG image data, progressive, precision 8, 400x400, components 3	C508DFF077F8673B79711350AF3AC8BC	85D04FD5D007C0240A7703EDFBB62C75B203BEF9	C343D8CBF76A60EF95CA9D3340E7962383755778BBD61EB2E314D9B96D1C6EB1
Chrome Cache Entry: 77	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	54374AABAF6455BEB87E21C8FB9EB82E	781C2F562E0D8A3E2389E3578B17AA1FB15804E8	4F75602766DAC5CC85B5465813FF87654FB29994D2ABD82BA32D37C134423E08
Chrome Cache Entry: 78	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	A9559E9D040B1159821283B07ED550DC	FD56AF10278479EE710AD0BCDAE3669304D2ADFB	EF122615F032D431FC19001C33B5BA14F23B7124BFE02A22C20C6AAB23EE14FD
Chrome Cache Entry: 79	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	3BC0211E51EC3C143216CC98AD54C97D	5AC3413E85F69B2DE9C8CA25B440E89546558629	4910410972A7D550F6E483DE99A53EDE10FDBFA5435122AF36736368D5ABB04A
Chrome Cache Entry: 80	JPEG image data, progressive, precision 8, 400x400, components 3	4EBF2B4B29E4A09780F3244B5D5DF51B	1C2073AE7948D69C90A733FF5B423354AA27E8A8	8A39FA851416F14116662E37B93AB9D1692116752EFC5C3DA60A463409BEB54F
Chrome Cache Entry: 81	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	A9559E9D040B1159821283B07ED550DC	FD56AF10278479EE710AD0BCDAE3669304D2ADFB	EF122615F032D431FC19001C33B5BA14F23B7124BFE02A22C20C6AAB23EE14FD
Chrome Cache Entry: 82	PNG image data, 400 x 400, 8-bit/color RGBA, interlaced	EED355372D1D0E794736C91C243CD2AF	0032F0405E8ABD549A7CB3E03F3683CA19457FAC	3D9A9259C231E999017AB0CD767BA3649E09758A5AEBB0FD42F205B2B7BD06DA
Chrome Cache Entry: 83	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	3BC0211E51EC3C143216CC98AD54C97D	5AC3413E85F69B2DE9C8CA25B440E89546558629	4910410972A7D550F6E483DE99A53EDE10FDBFA5435122AF36736368D5ABB04A
Chrome Cache Entry: 84	JPEG image data, progressive, precision 8, 400x400, components 3	1CD3F947118E7602AB5E91A8C421279F	4205998EE5177EA1F2725F263025A733C006364B	C3B9261AA7274DBB6BF6BF0F29564456B6D8FA65BF23F2B2BC16CE3167771328
Chrome Cache Entry: 85	PNG image data, 400 x 400, 8-bit colormap, non-interlaced	3DB1AE56A24DC2D45A165E19489A9CAF	3390979AA3F28A749E27D2ECB615CF71A2221810	58811475B773C00B8D8C45940CA841BE8AE32C51F5994F43F086EA269FD667C8
Chrome Cache Entry: 86	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	D498585F29260E722DE912E5C3C2EE4C	11D82953C15F3AC4476BDABD617761638B7606D6	EB54A67965DCC29186D072D4E88AD17CB0B7BCC8C376D73C917B34D2D4563E16
Chrome Cache Entry: 87	JPEG image data, progressive, precision 8, 400x400, components 3	4EBF2B4B29E4A09780F3244B5D5DF51B	1C2073AE7948D69C90A733FF5B423354AA27E8A8	8A39FA851416F14116662E37B93AB9D1692116752EFC5C3DA60A463409BEB54F
Chrome Cache Entry: 88	ASCII text, with CRLF line terminators	F021E421E099D67B87067379F8C04D73	5503C22A2DB4C01CC9D79E8CF2ACF20F4AEB6816	64A10C2DA81BDBA261095A7B404DE80858FE6AB1DF634EC627EC620D7695B97C
Chrome Cache Entry: 89	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	CD3E92CD0FBAD406D1B4BA5A026241E7	7FC78BAF69DC55D7811B61C1B6EC5EE325DC8EDB	7980B84F26D6AE6653D5F3C7404A194DD3CCADAE0489438C12237036C472228B
Chrome Cache Entry: 90	HTML document, Unicode text, UTF-8 text, with very long lines (506), with CRLF line terminators	1DF71A68C347010E1A7EBF628D19891B	CA1DD0CE0A9A2A06FBE91A9B934C1BC8D21569A5	514A0CDE4AA60B816D3A60E4B4BFC9A6E69C041DD88A1B00B84097EA6DA4819E
Chrome Cache Entry: 91	PNG image data, 53 x 80, 8-bit/color RGB, non-interlaced	7231ABCE7F0568A889A28EC9D3291370	5816109F6CE79A0A8E6B232B98C6CE16F24F036E	D7AE886A9C6EA6253AFA8F54702457AE0C74C152DC5F2B924EB7CDC66A27918C
Chrome Cache Entry: 92	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	D498585F29260E722DE912E5C3C2EE4C	11D82953C15F3AC4476BDABD617761638B7606D6	EB54A67965DCC29186D072D4E88AD17CB0B7BCC8C376D73C917B34D2D4563E16
Chrome Cache Entry: 93	JPEG image data, progressive, precision 8, 400x400, components 3	C508DFF077F8673B79711350AF3AC8BC	85D04FD5D007C0240A7703EDFBB62C75B203BEF9	C343D8CBF76A60EF95CA9D3340E7962383755778BBD61EB2E314D9B96D1C6EB1
Chrome Cache Entry: 94	PNG image data, 400 x 400, 8-bit/color RGBA, interlaced	EED355372D1D0E794736C91C243CD2AF	0032F0405E8ABD549A7CB3E03F3683CA19457FAC	3D9A9259C231E999017AB0CD767BA3649E09758A5AEBB0FD42F205B2B7BD06DA
Chrome Cache Entry: 95	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	20014F53031BDC801AFE34FEB404BD48	8872870FD934E42E83F7FA455415B1092BB76458	E22EBF7A9376214F1D76DB8D08ED56E4682D9D242D23B9FF29A649FE3F5C8C91
Chrome Cache Entry: 96	PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced	54374AABAF6455BEB87E21C8FB9EB82E	781C2F562E0D8A3E2389E3578B17AA1FB15804E8	4F75602766DAC5CC85B5465813FF87654FB29994D2ABD82BA32D37C134423E08
Chrome Cache Entry: 97	PNG image data, 400 x 400, 8-bit colormap, non-interlaced	3DB1AE56A24DC2D45A165E19489A9CAF	3390979AA3F28A749E27D2ECB615CF71A2221810	58811475B773C00B8D8C45940CA841BE8AE32C51F5994F43F086EA269FD667C8
Chrome Cache Entry: 98	JPEG image data, progressive, precision 8, 400x400, components 3	1CD3F947118E7602AB5E91A8C421279F	4205998EE5177EA1F2725F263025A733C006364B	C3B9261AA7274DBB6BF6BF0F29564456B6D8FA65BF23F2B2BC16CE3167771328
Chrome Cache Entry: 99	PNG image data, 53 x 80, 8-bit/color RGB, non-interlaced	7231ABCE7F0568A889A28EC9D3291370	5816109F6CE79A0A8E6B232B98C6CE16F24F036E	D7AE886A9C6EA6253AFA8F54702457AE0C74C152DC5F2B924EB7CDC66A27918C

Windows Analysis Report
PDFixers.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report PDFixers.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
PDFixers.zip