Edit tour

Windows Analysis Report
sample.zip

Overview

General Information

Sample name:	sample.zip
Analysis ID:	1428290
MD5:	4005a02a0c6cb5c3788e2db26c550e42
SHA1:	ec3b62c152af665afeb22a7723a1e0ab4edf8605
SHA256:	a8169538a9e5a7d6fd996e04f3688a992590f84421c0d4a1e56cfdba413eb7c7
Infos:

Detection

Score:	5
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)

Contains capabilities to detect virtual machines

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Drops PE files

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Searches for the Microsoft Outlook file path

Searches for user specific document files

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

System is w10x64_ra

rundll32.exe (PID: 3960 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

PDFixers.exe (PID: 4124 cmdline: "C:\Users\user\Desktop\sampleC:\Users\aiciaboyd\Downloads\PDFixers.exe" MD5: B4440EEA7367C3FB04A89225DF4022A6)

SumatraPDF-3.5.2-64.exe (PID: 1836 cmdline: "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe" MD5: C02DC2CA96FE9841963883C0FE177399)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Source: unknown

HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.18:49704 version: TLS 1.2

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: pixel.pdfixers.com

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.18:49704 version: TLS 1.2

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window created: window name: CLIPBRDWNDCLASS

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: classification engine

Classification label: clean5.winZIP@4/8@1/13

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HAYXG4SY\LMPPM1MU.htm

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe "C:\Users\user\Desktop\sampleC:\Users\aiciaboyd\Downloads\PDFixers.exe"
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: ieframe.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: sxs.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: d3d11.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: dcomp.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: dxgi.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: msiso.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: mshtml.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: srpapi.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: msimtf.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: d2d1.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: dxcore.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: mlang.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: jscript9.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: t2embed.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: uianimation.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: scrrun.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: edputil.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: slc.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: sppc.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: thumbcache.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.fileexplorer.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: assignedaccessruntime.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: structuredquery.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.search.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: networkexplorer.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ehstorshell.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmcorer.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: provsvc.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: photometadatahandler.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Source: sample.zip

Static file information: File size 8281127 > 1048576

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

File created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Jump to dropped file

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 203AD480000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 203C6E20000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 203C93A0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD390000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD430000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD470000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD4B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD4F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD530000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD570000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD590000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD5B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD5D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD5F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD610000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD630000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD650000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD670000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD690000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD6D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD6F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD710000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD730000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD750000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD770000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD7B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD7D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCD9F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCDA10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCDA30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCDA70000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE240000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE2A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE2C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE320000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE3A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE3E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE4C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE4E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE560000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE5A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE5C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE5E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE680000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE6A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE6C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE6E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE720000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE780000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE7A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE7C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE840000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE8A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE8C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE8E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE9A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE9C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCE9E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEA00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEA20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEA40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEA60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEA80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEAE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEB00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEB20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEB40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEB60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEB80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEBA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEBE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEC00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEC20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEC40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEC60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEC80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCECA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCECC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCED00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCED20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCED40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCED60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCED80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEDA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEDC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEDE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEE20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEE40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEE60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEE80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEEA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEEC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEEE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEF20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEF40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEF60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEF80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEFA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEFC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCEFE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF060000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF080000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF0A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF0C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF0E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF100000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF180000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF1A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF1C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF1E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF200000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF240000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF2A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF2C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF2E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF320000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF3A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF3C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF3E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF4C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF4E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF560000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF5A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF5E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF660000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF680000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF6A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF6E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF720000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF780000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF7A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF7C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF840000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF8A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF8C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF8E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF9A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF9C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCF9E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFA00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFA40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFA60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFA80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFAA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFAE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFB00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFB20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFB60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFB80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFBA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFBC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFBE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFC00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFC20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFC40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFC80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFCA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFCC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFCE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFD00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFD20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFD40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFD80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFDA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFDC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFDE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFE00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFE20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFE40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFE60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFEA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFEC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFEE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFF00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFF20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFF40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFF60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFF80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFFC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BCFFE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0020000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0060000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0080000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD04A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD04E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0560000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD05A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD05C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0660000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0680000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD06A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD06C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0720000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0780000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD07A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD07C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD07E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0840000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD08A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD08C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD08E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD09A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD09C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD09E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0A00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0A20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0A60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0A80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0AA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0AC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0AE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0B00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0B20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0B40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0B80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0BA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0BC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0BE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0C00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0C20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0C40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0C60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0CA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0CC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0CE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0D00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0D20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0D40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0D60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0D80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0DC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0DE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0E00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0E20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0E40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0E60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0E80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0EC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0EE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0F00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0F20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0F40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0F60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0F80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0FA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD0FE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1020000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1060000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1080000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD10A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD10C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1100000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1140000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1180000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD11A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD11C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD11E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1240000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD12A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD12C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD12E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD13A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD13C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD13E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD14A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD14C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD14E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1560000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD15A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD15C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD15E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1680000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD16A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD16C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD16E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1720000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Memory allocated: 20BD1760000 memory commit \| memory reserve \| memory write watch

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

Memory allocated: page read and write | page guard

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Windows Service	1 Windows Service	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	1 Email Collection	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	11 Process Injection	2 Virtualization/Sandbox Evasion	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	1 Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	2 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Clipboard Data	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	11 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Rundll32	LSA Secrets	22 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	0%	ReversingLabs

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pixel.pdfixers.com	172.67.147.142	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.105.94	unknown	United States	15169	GOOGLEUS	false
172.67.147.142	pixel.pdfixers.com	United States	13335	CLOUDFLARENETUS	false
172.253.124.95	unknown	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428290
Start date and time:	2024-04-18 19:14:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	sample.zip
Detection:	CLEAN
Classification:	clean5.winZIP@4/8@1/13
Cookbook Comments:	Found application associated with file extension: .zip

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 23.33.136.127
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: sample.zip

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HAYXG4SY\LMPPM1MU.htm

Download File

Process:	C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe
File Type:	HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
Category:	dropped
Size (bytes):	33684
Entropy (8bit):	5.603743586082438
Encrypted:	false
SSDEEP:
MD5:	76C798B160B57E0DBDC584F313C27093
SHA1:	25258D80826411799FAB5B5D92B480FD1A4AA3A0
SHA-256:	74DE408D1C269EFB824BBB523D8736B1A838EDE29325C52AB6A797EEFAEC66C6
SHA-512:	06E636694C28D09991100B5CAA84A24BE6CD57095C91B72475AFED001D5746EAF2B060718B8FD74C6CD38E0BDC65C6250148A0AE474B186E0BF6806E333F2D2F
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=10" />.. <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet">.... <title>PDFixers Installation</title>.. <style>.. body {.. overflow: hidden; /* Hide scrollbars */.. }.... body {.. font-family: Arial, sans-serif;.. margin: 20px;.. }.... .container {.. width: 632px;.. height: 777px;.. margin: auto;.. padding: 20px;.. border: 1px solid #ddd;.. }.... .eula {.. margin-top: 20px;.. border: 1px solid #ddd;.. padding: 10px;.. height: 300px;.. overflow: auto;.. }.... .button {.. margin-top: 10px;.. padding: 10px 20px;.. background-color: #4CAF50;.. color: white;.. border: none;.. borde

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LBJSHBRP\css2[1].css

Download File

Process:	C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	306
Entropy (8bit):	5.565724594514051
Encrypted:	false
SSDEEP:
MD5:	593563DEFDA42F8FAD22F5EA3F89B775
SHA1:	A0C3D8D8C19C01BD3D02B90A126C8CA7F27421B3
SHA-256:	2F02D38536746DAE6535E3354B5B844C48C26589AE1B499BE5CB35EF66EAB511
SHA-512:	7DB83EF0938D2D732FB3B4F41AAC09B332BFC36FED6E4064DF39968BF3EFC9C2C6135C09E137A024A3B12EFF561344A44F3E67D6C131971919A9889628F61F5C
Malicious:	false
Reputation:	unknown
Preview:	@font-face {. font-family: 'Nunito Sans';. font-style: normal;. font-weight: 300;. font-stretch: normal;. font-display: swap;. src: url(https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp5F5bxqqtQ1yiU4GiClntQ&skey=60bfdc605ddb00b1&v=v15);.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LBJSHBRP\email-decode.min[1].js

Download File

Process:	C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe
File Type:	HTML document, ASCII text, with very long lines (1238)
Category:	dropped
Size (bytes):	1239
Entropy (8bit):	5.068464054671174
Encrypted:	false
SSDEEP:
MD5:	9E8F56E8E1806253BA01A95CFC3D392C
SHA1:	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
SHA-256:	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
SHA-512:	63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
Malicious:	false
Reputation:	unknown
Preview:	!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href")\|\|""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MX73DBBW\font[1].eot

Download File

Process:	C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe
File Type:	Embedded OpenType (EOT), Nunito Sans 12pt Light family
Category:	dropped
Size (bytes):	43569
Entropy (8bit):	7.965514187975993
Encrypted:	false
SSDEEP:
MD5:	C6B85601ADBF8C674B4B444DAD696A5D
SHA1:	9103151C858BD4C99150D6B4386D54E99B1EBF90
SHA-256:	EC8671B432FF49E1E77F48692397E57ECFA584555AC664C932DCCEA0C9A16044
SHA-512:	255B28431550FD2BD7C61080E5645CCEA14CCA43F80AFEA2F7A337E70CB67AA38C978D3777B10DB8A3672D909B268F8499692F278AD590C56C9918AB7429C57F
Malicious:	false
Reputation:	unknown
Preview:	1...........................,.....LP....K .P........... .......2..................,.N.u.n.i.t.o. .S.a.n.s. .1.2.p.t. .L.i.g.h.t.....R.e.g.u.l.a.r...:.V.e.r.s.i.o.n. .3...1.0.1.;.g.f.t.o.o.l.s.[.0...9...2.7.]...,.N.u.n.i.t.o. .S.a.n.s. .1.2.p.t. .L.i.g.h.t.....BSGP............................l.............L...h4[... ..c#.....>!.@.y>.x..8v6...&.rl..G2?..S.....^:}i..rp...=..v^:._.[R..x..$)&.;..Pxk.4.Eh..6. ..4.UC7a..I.!..Ib?.l(.....MEz...d.[zu.{.-9..2..O...4.>Y.4l..W.g...a..o......3-..ka?..!..9.;.YN..Z.k....'..`....R.y...=.+......`.O....KS.X...:?}0n.....l....P..k.S..).x#...Q..i.e....0n..a.q...H\|.<wZ.2.........a.....C..'<`Wr4^.'{.\.....s.N<{R\.Yyo....)x....-\P.....N...$..,.M...v.pB..4'.P.T3F.31.......`..ZF.%..J3.....X.W..Ky..+..=`n..{.`.Q.......ri`..Q.5r.=...V..X..~..C..j:...qZ..yX.c.X>n..v.......v.54..h*X.K....!..:.. .6...J.AL.$M.....:YS1z..Ty....0.....AahG...w......j......zu..yw[D..)&'.^.()aj..'....q .0$.G.<tE..@W....K7....~.}A....6...m>Q...`G.x.Q.8^...Ak

C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Download File

Process:	C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	16065496
Entropy (8bit):	7.0278259579196165
Encrypted:	false
SSDEEP:
MD5:	C02DC2CA96FE9841963883C0FE177399
SHA1:	7E42E66E9198C258DA48A6194577E3DBD424463A
SHA-256:	290E4AA7ED64C728138711C011E89AAB7AA48DBC1AE430371DC2BE4100B92BF0
SHA-512:	D7ACF551D0764FCFB9A895701679981F76B2FF73F99BCE5DA2C6C3F2F0556EE33F45D0D98848FEE96A6CCFA24E09C26303705C5F094E945E647F53F7E4716FAF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........................................................................V...............................e............S.b....S.......S......Rich............................PE..d.....8e.........."....%..Y..........HU........@..........................................`..................................................*....... ..X.......\|........K...0..p...`...p.................... ..(...`.Z.@.............Y.(...\|........................text....Y.......Y................. ..`.rdata....'...Y...'...Y.............@..@.data...xri..p....b..J..............@....pdata..\|........ ... ..............@..@_RDATA..\............@..............@..@.rsrc...X.... .......B..............@..@.reloc..p....0.......F..............@..B................................................................................................................................................................

C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt

Download File

Process:	C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1900
Entropy (8bit):	5.182086908460794
Encrypted:	false
SSDEEP:
MD5:	5CACD5840DDF04BBCCE81403DB441A16
SHA1:	87B396BD2DD5EBDCC532BF17F0A3C58FEAD9C135
SHA-256:	8404A18972CF0FB0375607D05BCE32B9D6DB1D548B60CD6DCE88342C5B15E0B7
SHA-512:	3102CC4B3BDAA2E4526F385C2BDCC62E28B7BCC4ED30E9E3E54D9DCCCA6173C91A791C826FAF2B63765A5EA6A31AC5452EBBEDAAFC379793F2F6A7E9D4AA48B3
Malicious:	false
Reputation:	unknown
Preview:	.# For documentation, see https://www.sumatrapdfreader.org/settings/settings3-5-1.html..Theme = Light..FixedPageUI [...TextColor = #000000...BackgroundColor = #ffffff...SelectionColor = #f5fc0c...WindowMargin = 2 4 2 4...PageSpacing = 4 4...InvertColors = false...HideScrollbars = false..]..ComicBookUI [...WindowMargin = 0 0 0 0...PageSpacing = 4 4...CbxMangaMode = false..]..ChmUI [...UseFixedPageUI = false..]....SelectionHandlers [..]..ExternalViewers [..]....ZoomLevels = 8.33 12.5 18 25 33.33 50 66.67 75 100 125 150 200 300 400 600 800 1000 1200 1600 2000 2400 3200 4800 6400..ZoomIncrement = 0....PrinterDefaults [...PrintScale = shrink..]..ForwardSearch [...HighlightOffset = 0...HighlightWidth = 15...HighlightColor = #6581ff...HighlightPermanent = false..]..Annotations [...HighlightColor = #ffff00...UnderlineColor = #00ff00...SquigglyColor = #ff00ff...StrikeOutColor = #ff0000...FreeTextColor = ...FreeTextSize = 12...FreeTextBorderWidth = 1...TextIconColor = ...TextIconType = ...Defa

C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip

Download File

Process:	C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	8243933
Entropy (8bit):	7.998709533933773
Encrypted:	true
SSDEEP:
MD5:	21B26AF0D4CE33D609915549F01A7705
SHA1:	5B2D4B056812AF71E159426324CDAA788D1CB5D7
SHA-256:	66CCB395C9184DCE6822DFBB9970C877383B3EAD6D9417B5106A844AAC512989
SHA-512:	DC8FD647D1C01E783EAD3D870232DA3F6B27949EF8325BF3C88DC481D1C62DF1C89806049D5B691BD7860E003B7D62A0D18C9B1C262EBBA8A0149236704CB015
Malicious:	false
Reputation:	unknown
Preview:	PK........;BYW................SumatraPDF-3.5.2-64.exeUT...2.8e.}.XT...d..\....B3..b+....T.1E.I0....w..A.........rm....6.y.er.wmg`.....\| .S..."....[{...4.c.......>..}.^..^k.}.,J...0...c..c.3..e..g.06..Nb.._}......_..14;..pNZV...M...Cs..f.....}.Y..V...2!L.......<..w...3...x...i.}_....K.....(R.3.E.zf.H="...\.t....E..gW.[..<..}=...t..E.)..7c.........C..c...]....&.L.go....,..$.t.4V.G<.`l.\|...K..._.g.,.1.C.....S..-...x....&1.s.m.1..#...2....2...B....Z....._.HB._...n`l..X....5w..\.X.[F"...8..P.Ro.y(-7..m..,.d.....a..2.{+..6.d0...cu......,.f...=g...`,....V.;?..8.a.t...,........1.]h'c.....J..^gZ../.......#....-}.>..l.b.SJ..G.Sf7..a.R...!#..P.T..<7(.....QJ.......[j.<VYeUJ6.B...^..K.b.WJ.oQ....NbL).'..Y...0...E.X...(...)s..bv.4.Q.l...\...0.T):.......j...DU..4.J.......b.z...FV4...Y."[...X.b.[h..a....k...<.%A.....7'....,.\|..Vad.rs%.=.w....../.q......0WV.~.....j..U....h>...G..l.<.....G......YC.......[."....+..P[.....\|...5.5X.....4I.GoL...8

C:\Users\user\Desktop\SumatraPDF.lnk

Download File

Process:	C:\Users\user\Desktop\sample\Device\HarddiskVolume3\Users\aiciaboyd\Downloads\PDFixers.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Apr 18 16:16:38 2024, mtime=Thu Apr 18 16:16:38 2024, atime=Wed Oct 25 05:17:54 2023, length=16065496, window=hide
Category:	dropped
Size (bytes):	961
Entropy (8bit):	5.031363836483372
Encrypted:	false
SSDEEP:
MD5:	977EA767E1127C29628C27FBF1C54CA8
SHA1:	797E4907276B672D29449487EC41276D826CD219
SHA-256:	72DC9C4CA557A639CCFFE564F9E228E2DBDBEFCDFF3354C514F132F979395792
SHA-512:	62B1959D570C387C27CAD6D5E0886396863BFB4D20788ACAE87747748AFA53D7FAB0D8B7985155254C5E518947BC9DB71D0356DC60F10ECB0C44E4CC3A2E71CB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.... .....`,.......,......4......#........................:..DG..Yr?.D..U..k0.&...&......7..=...qE.........,........t...CFSF..1.....FW.Q..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.Q.X......]......................0..A.p.p.D.a.t.a...B.V.1......X...Roaming.@......FW.Q.X.....^.....................;...R.o.a.m.i.n.g.....^.1......X....SUMATR~1..F......X...X.......`........................S.u.m.a.t.r.a.P.D.F.....\|.2..#..YW;2 .SUMATR~1.EXE..`......X...X.......`........................S.u.m.a.t.r.a.P.D.F.-.3...5...2.-.6.4...e.x.e.......p...............-.......o....................C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe..5.....\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.S.u.m.a.t.r.a.P.D.F.\.S.u.m.a.t.r.a.P.D.F.-.3...5...2.-.6.4...e.x.e.`.......X.......061544...........hT..CrF.f4... ........./....%..hT..CrF.f4... ........./....%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

Static File Info

General

File type:	Zip archive data, at least v4.5 to extract, compression method=deflate
Entropy (8bit):	7.999977856535126
TrID:	ZIP compressed archive (8000/1) 100.00%
File name:	sample.zip
File size:	8'281'127 bytes
MD5:	4005a02a0c6cb5c3788e2db26c550e42
SHA1:	ec3b62c152af665afeb22a7723a1e0ab4edf8605
SHA256:	a8169538a9e5a7d6fd996e04f3688a992590f84421c0d4a1e56cfdba413eb7c7
SHA512:	2d911a6867c1ac6a0c82c8768dd7fdc64638de7478a83986a7df53ae58e712349de40f86b404da0c7b774d1582d72694db0e733fb08d70dd6f28ac8bf12c084a
SSDEEP:	196608:mriwijy95p6tF6waHa1RJiUfoGvShq4+INpMi2ijDU3yEt66dy:m2wRbIEkf16Lpz0izZ
TLSH:	238633A931DF23D5CD53B772169C2E940204877B382F34D122DEDD25AC59A35A32E3AE
File Content Preview:	PK..-.........6.i?.Y~.....=...Device/HarddiskVolume3/Users/aiciaboyd/Downloads/PDFixers.exe......................5u.!N..By........z....x...n$)....aw...\|.m..(.f.x...a.A6.. ..y.,4.F....$[.<MI.<.r....Z....*.A.U..p.3PuT....1Oti...g9.....a.....=8GL}zm...a..B..

File Icon


Icon Hash:	1c1c1e4e4ececedc

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report sample.zip

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HAYXG4SY\LMPPM1MU.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LBJSHBRP\css2[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LBJSHBRP\email-decode.min[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MX73DBBW\font[1].eot

C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt

C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip

C:\Users\user\Desktop\SumatraPDF.lnk

Static File Info

General

File Icon

Windows Analysis Report
sample.zip