Windows Analysis Report
PDFixers.exe

Overview

General Information

Sample name: PDFixers.exe
Analysis ID: 1428804
MD5: b4440eea7367c3fb04a89225df4022a6
SHA1: 5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256: a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Infos:

Detection

Score: 39
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Multi AV Scanner detection for submitted file
Installs new ROOT certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Creates a window with clipboard capturing capabilities
Detected potential crypto function
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: PDFixers.exe ReversingLabs: Detection: 41%
Source: PDFixers.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.22:49165 version: TLS 1.2
Source: PDFixers.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 172.67.147.142 172.67.147.142
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: */*Referer: https://pixel.pdfixers.com/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7; AWSALBCORS=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7
Source: C:\Users\user\Desktop\PDFixers.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\48GPUYNX.htm Jump to behavior
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: */*Referer: https://pixel.pdfixers.com/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7; AWSALBCORS=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: unknown DNS traffic detected: queries for: pixel.pdfixers.com
Source: PDFixers.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PDFixers.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PDFixers.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B7B0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B82A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: PDFixers.exe String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: PDFixers.exe String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: PDFixers.exe String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PDFixers.exe, 00000000.00000002.651451585.00000000246A2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: PDFixers.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PDFixers.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PDFixers.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com0
Source: PDFixers.exe, 00000000.00000002.644329990.000000001B82A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com0%
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com0-
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com0/
Source: PDFixers.exe, 00000000.00000002.644329990.000000001B7B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com05
Source: PDFixers.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: PDFixers.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: PDFixers.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.entrust.net03
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.entrust.net0D
Source: PDFixers.exe String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: PDFixers.exe String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: PDFixers.exe String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: PDFixers.exe, 00000000.00000002.644171064.0000000002811000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PDFixers.exe String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: PDFixers.exe String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: PDFixers.exe String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/G?
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmp, 48GPUYNX.htm.0.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.gstatic.com/
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024710000.00000004.00000020.00020000.00000000.sdmp, css2[1].css.0.dr String found in binary or memory: https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbM
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.gstatic.com/r89
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.gstatic.com/y
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.645028878.000000001DE58000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.651451585.0000000024772000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B8AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/
Source: PDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/...
Source: PDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/...p
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/C:
Source: PDFixers.exe, 00000000.00000002.651451585.00000000246A2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/Eh
Source: PDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/H
Source: PDFixers.exe, 00000000.00000002.699634936.000000002A2E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/bgwe
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protection
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.645028878.000000001DEA4000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.651451585.000000002462E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js(
Source: PDFixers.exe, 00000000.00000002.651451585.000000002462E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js0E)Z
Source: PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js;
Source: PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsN
Source: PDFixers.exe, 00000000.00000002.651451585.000000002462E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jssb
Source: PDFixers.exe, 00000000.00000002.644329990.000000001B7D3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsttC:
Source: PDFixers.exe, 00000000.00000002.699634936.000000002A2E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ema
Source: PDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/p
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/x#&
Source: PDFixers.exe, 00000000.00000002.651451585.00000000246A2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.comuj
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B7B0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B82A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.comodo.com/CPS0
Source: PDFixers.exe String found in binary or memory: https://www.globalsign.com/repository/0
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.22:49165 version: TLS 1.2
Creates a window with clipboard capturing capabilities
Source: C:\Users\user\Desktop\PDFixers.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_1D3A7000 0_2_1D3A7000
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_1D3A40A5 0_2_1D3A40A5
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_1D3A9102 0_2_1D3A9102
PE file does not import any functions
Source: PDFixers.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: PDFixers.exe, 00000000.00000002.643914484.000000000053D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs PDFixers.exe
Searches for the Microsoft Outlook file path
Source: C:\Users\user\Desktop\PDFixers.exe Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE Jump to behavior
Source: classification engine Classification label: sus39.winEXE@1/6@1/1
Source: C:\Users\user\Desktop\PDFixers.exe File created: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Mutant created: NULL
Source: PDFixers.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: PDFixers.exe Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\PDFixers.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: PDFixers.exe ReversingLabs: Detection: 41%
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: bcrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: rpcrtremote.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ksuser.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: avrt.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: midimap.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: credssp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: t2embed.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\PDFixers.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: PDFixers.exe Static PE information: certificate valid
Source: PDFixers.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: PDFixers.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: PDFixers.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: PDFixers.exe Static file information: File size 8507584 > 1048576
Source: PDFixers.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00
Source: PDFixers.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: PDFixers.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Binary contains a suspicious time stamp
Source: PDFixers.exe Static PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]

Persistence and Installation Behavior
barindex
Installs new ROOT certificates
Source: C:\Users\user\Desktop\PDFixers.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\PDFixers.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT Jump to behavior
Stores large binary data to the registry
Source: C:\Users\user\Desktop\PDFixers.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 750000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1A810000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1DE50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1C160000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1C380000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1C3A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1C3D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1C910000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1D330000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1D3E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1D800000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1D820000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1D840000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1DF50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1DF70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1DF90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1DFB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1DFD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1DFF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1E1A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1E1C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1E1E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1E620000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1E640000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1E660000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1E680000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1E6A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1E6C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1EB10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1EB30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1EB50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1EB70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1EB90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1EBD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1EBF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1EC10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 1EC30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 21350000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 21780000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 21BD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 21BF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 23E10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 23E30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 23E50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 23E70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 23EB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 23ED0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 23EF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 23F10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 23F30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 249F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 24A30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 24A50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 24A70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25090000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 250B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 250F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25110000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25130000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25150000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25170000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25950000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25970000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 259B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 259D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 259F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25A10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25A30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25A70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25A90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25AB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25AD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25F10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25F30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25F50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25F70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25FB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25FD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 25FF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26010000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26030000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26050000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26070000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26090000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 260D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 260F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26110000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26130000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26150000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26170000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26190000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 261B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 261F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26210000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26230000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26250000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26270000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26290000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 262B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 262D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26310000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26330000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26350000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26370000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26390000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 263B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 263D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 263F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26430000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26450000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26470000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26490000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 264B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 264D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 264F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26510000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26550000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26570000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26590000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 265B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 265D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 265F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26610000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26650000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26670000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26690000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 266B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 266D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 266F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26710000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26730000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26770000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26790000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 267B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 267D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 267F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26810000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26830000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26850000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26890000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 268B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 268D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 268F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26910000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26930000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26950000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26970000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 269B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 269D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 269F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26A10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26A30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26A50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26A70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26A90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26AD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26AF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26B10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26B30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26B50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26B70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26B90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26BD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26BF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26C10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26C30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26C50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26C70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26C90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26CB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26CF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26D10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26D30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26D50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26D70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26D90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26DB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26DD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26E10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26E30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26E50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26E70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26E90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26EB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26ED0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26EF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26F30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26F50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26F70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26F90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26FB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26FD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 26FF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27010000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27050000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27070000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27090000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 270B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 270D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 270F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27110000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27130000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27170000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27190000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 271B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 271D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 271F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27210000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27230000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27270000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27290000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 272B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 272D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 272F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27310000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27330000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27350000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27390000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 273B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 273D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 273F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27410000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27430000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27450000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27470000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 274B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 274D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 274F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27510000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27530000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27550000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27570000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27590000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 275D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 275F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27A10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27A30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27A50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27A70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27A90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27AB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27AF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27B10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27B30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27B50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27B70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27B90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27BB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27BD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27C10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27C30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27C50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27C70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27C90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27CB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27CD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27CF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27D30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27D50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27D70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27D90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27DB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27DD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27DF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27E30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27E50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27E70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27E90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27EB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27ED0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27EF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27F10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27F50000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 27F70000 memory commit | memory reserve | memory write watch Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\PDFixers.exe TID: 1472 Thread sleep time: -480000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428804 Sample: PDFixers.exe Startdate: 19/04/2024 Architecture: WINDOWS Score: 39 11 Multi AV Scanner detection for submitted file 2->11 5 PDFixers.exe 1 22 2->5         started        process3 dnsIp4 9 pixel.pdfixers.com 172.67.147.142, 443, 49165, 49166 CLOUDFLARENETUS United States 5->9 13 Installs new ROOT certificates 5->13 signatures5
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.67.147.142
 pixel.pdfixers.com United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
bg.microsoft.map.fastly.net 199.232.210.172 true
pixel.pdfixers.com 172.67.147.142 true
windowsupdatebg.s.llnwi.net 178.79.225.128 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://pixel.pdfixers.com/ false
    		unknown
    https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js false
      		unknown