Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PDFixers.exe

Overview

General Information

Sample name:PDFixers.exe
Analysis ID:1428804
MD5:b4440eea7367c3fb04a89225df4022a6
SHA1:5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256:a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Infos:

Detection

Score:39
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Multi AV Scanner detection for submitted file
Installs new ROOT certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Creates a window with clipboard capturing capabilities
Detected potential crypto function
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w7x64
  • PDFixers.exe (PID: 2724 cmdline: "C:\Users\user\Desktop\PDFixers.exe" MD5: B4440EEA7367C3FB04A89225DF4022A6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\PDFixers.exe, ProcessId: 2724, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: PDFixers.exeReversingLabs: Detection: 41%
Source: PDFixers.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.22:49165 version: TLS 1.2
Source: PDFixers.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Joe Sandbox ViewIP Address: 172.67.147.142 172.67.147.142
Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: */*Referer: https://pixel.pdfixers.com/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7; AWSALBCORS=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7
Source: C:\Users\user\Desktop\PDFixers.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\48GPUYNX.htmJump to behavior
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: */*Referer: https://pixel.pdfixers.com/Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7; AWSALBCORS=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: unknownDNS traffic detected: queries for: pixel.pdfixers.com
Source: PDFixers.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PDFixers.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PDFixers.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B7B0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B82A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: PDFixers.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: PDFixers.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: PDFixers.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PDFixers.exe, 00000000.00000002.651451585.00000000246A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: PDFixers.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PDFixers.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PDFixers.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: PDFixers.exe, 00000000.00000002.644329990.000000001B82A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: PDFixers.exe, 00000000.00000002.644329990.000000001B7B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: PDFixers.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: PDFixers.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: PDFixers.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: PDFixers.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: PDFixers.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: PDFixers.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: PDFixers.exe, 00000000.00000002.644171064.0000000002811000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PDFixers.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: PDFixers.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: PDFixers.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/G?
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmp, 48GPUYNX.htm.0.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024710000.00000004.00000020.00020000.00000000.sdmp, css2[1].css.0.drString found in binary or memory: https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbM
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/r89
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/y
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.645028878.000000001DE58000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.651451585.0000000024772000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B8AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/
Source: PDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/...
Source: PDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/...p
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/C:
Source: PDFixers.exe, 00000000.00000002.651451585.00000000246A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/Eh
Source: PDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/H
Source: PDFixers.exe, 00000000.00000002.699634936.000000002A2E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/bgwe
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protection
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.645028878.000000001DEA4000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.651451585.000000002462E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js(
Source: PDFixers.exe, 00000000.00000002.651451585.000000002462E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js0E)Z
Source: PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js;
Source: PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsN
Source: PDFixers.exe, 00000000.00000002.651451585.000000002462E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jssb
Source: PDFixers.exe, 00000000.00000002.644329990.000000001B7D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsttC:
Source: PDFixers.exe, 00000000.00000002.699634936.000000002A2E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ema
Source: PDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/p
Source: PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/x#&
Source: PDFixers.exe, 00000000.00000002.651451585.00000000246A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.comuj
Source: PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B7B0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B82A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: PDFixers.exeString found in binary or memory: https://www.globalsign.com/repository/0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
Source: unknownHTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.22:49165 version: TLS 1.2
Source: C:\Users\user\Desktop\PDFixers.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeCode function: 0_2_1D3A70000_2_1D3A7000
Source: C:\Users\user\Desktop\PDFixers.exeCode function: 0_2_1D3A40A50_2_1D3A40A5
Source: C:\Users\user\Desktop\PDFixers.exeCode function: 0_2_1D3A91020_2_1D3A9102
Source: PDFixers.exeStatic PE information: No import functions for PE file found
Source: PDFixers.exe, 00000000.00000002.643914484.000000000053D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PDFixers.exe
Source: C:\Users\user\Desktop\PDFixers.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: sus39.winEXE@1/6@1/1
Source: C:\Users\user\Desktop\PDFixers.exeFile created: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DATJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMutant created: NULL
Source: PDFixers.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: PDFixers.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\PDFixers.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: PDFixers.exeReversingLabs: Detection: 41%
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: bcrypt.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ksuser.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: avrt.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: audioses.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: midimap.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: credssp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: t2embed.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\PDFixers.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: PDFixers.exeStatic PE information: certificate valid
Source: PDFixers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: PDFixers.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: PDFixers.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: PDFixers.exeStatic file information: File size 8507584 > 1048576
Source: PDFixers.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00
Source: PDFixers.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: PDFixers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PDFixers.exeStatic PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]

Persistence and Installation Behavior

barindex
Installs new ROOT certificates
Source: C:\Users\user\Desktop\PDFixers.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 750000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1A810000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1DE50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1C160000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1C380000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1C3A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1C3D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1C910000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1D330000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1D3E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1D800000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1D820000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1D840000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1DF50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1DF70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1DF90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1DFB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1DFD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1DFF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E620000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E640000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E660000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E680000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E6A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E6C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1EB10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1EB30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1EB50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1EB70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1EB90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1EBD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1EBF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1EC10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1EC30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 21350000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 21780000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 21BD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 21BF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 23E10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 23E30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 23E50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 23E70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 23EB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 23ED0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 23EF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 23F10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 23F30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 249F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 24A30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 24A50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 24A70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25090000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 250B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 250F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25110000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25130000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25150000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25170000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25950000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25970000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 259B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 259D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 259F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25A10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25A30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25A70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25A90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25AB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25AD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25F10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25F30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25F50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25F70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25FB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25FD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 25FF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26010000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26030000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26050000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26070000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26090000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 260D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 260F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26110000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26130000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26150000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26170000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26190000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 261B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 261F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26210000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26230000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26250000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26270000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26290000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 262B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 262D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26310000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26330000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26350000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26370000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26390000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 263B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 263D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 263F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26430000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26450000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26470000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26490000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 264B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 264D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 264F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26510000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26550000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26570000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26590000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 265B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 265D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 265F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26610000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26650000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26670000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26690000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 266B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 266D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 266F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26710000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26730000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26770000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26790000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 267B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 267D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 267F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26810000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26830000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26850000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26890000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 268B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 268D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 268F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26910000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26930000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26950000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26970000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 269B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 269D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 269F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26A10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26A30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26A50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26A70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26A90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26AD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26AF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26B10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26B30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26B50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26B70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26B90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26BD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26BF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26C10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26C30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26C50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26C70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26C90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26CB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26CF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26D10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26D30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26D50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26D70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26D90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26DB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26DD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26E10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26E30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26E50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26E70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26E90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26EB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26ED0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26EF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26F30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26F50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26F70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26F90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26FB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26FD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 26FF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27010000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27050000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27070000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27090000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 270B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 270D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 270F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27110000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27130000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27170000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27190000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 271B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 271D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 271F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27210000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27230000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27270000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27290000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 272B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 272D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 272F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27310000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27330000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27350000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27390000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 273B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 273D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 273F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27410000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27430000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27450000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27470000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 274B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 274D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 274F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27510000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27530000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27550000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27570000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27590000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 275D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 275F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27A10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27A30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27A50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27A70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27A90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27AB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27AF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27B10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27B30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27B50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27B70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27B90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27BB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27BD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27C10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27C30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27C50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27C70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27C90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27CB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27CD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27CF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27D30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27D50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27D70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27D90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27DB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27DD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27DF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27E30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27E50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27E70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27E90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27EB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27ED0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27EF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27F10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27F50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 27F70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe TID: 1472Thread sleep time: -480000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		OS Credential Dumping1
Query Registry		Remote Services1
Email Collection		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Modify Registry		LSASS Memory2
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Virtualization/Sandbox Evasion		Security Account Manager1
Remote System Discovery		SMB/Windows Admin Shares1
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Disable or Modify Tools		NTDS12
System Information Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Install Root Certificate		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PDFixers.exe42%ReversingLabsByteCode-MSIL.PUA.Superfluss

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ocsp.entrust.net030%URL Reputationsafe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
http://ocsp.entrust.net0D0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    pixel.pdfixers.com
    		172.67.147.142
    		truefalse
      		unknown
      windowsupdatebg.s.llnwi.net
      		178.79.225.128
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://pixel.pdfixers.com/false
          		unknown
          https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsfalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://pixel.pdfixers.com/EhPDFixers.exe, 00000000.00000002.651451585.00000000246A2000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://crl.entrust.net/server1.crl0PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://pixel.pdfixers.com/bgwePDFixers.exe, 00000000.00000002.699634936.000000002A2E5000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  http://ocsp.entrust.net03PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://pixel.pdfixers.com/x#&PDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://pixel.pdfixers.com/C:PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.diginotar.nl/cps/pkioverheid0PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://pixel.pdfixers.com/https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/emaPDFixers.exe, 00000000.00000002.699634936.000000002A2E5000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown
                        https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsNPDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://pixel.pdfixers.com/HPDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            https://pixel.pdfixers.com/pPDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              http://crl.pkioverheid.nl/DomOvLatestCRL.crl0PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js;PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://pixel.pdfixers.com/cdn-cgi/l/email-protectionPDFixers.exe, 00000000.00000002.651451585.00000000247C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js0E)ZPDFixers.exe, 00000000.00000002.651451585.000000002462E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js(PDFixers.exe, 00000000.00000002.651451585.000000002481F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsttC:PDFixers.exe, 00000000.00000002.644329990.000000001B7D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jssbPDFixers.exe, 00000000.00000002.651451585.000000002462E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://pixel.pdfixers.comujPDFixers.exe, 00000000.00000002.651451585.00000000246A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://ocsp.entrust.net0DPDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://pixel.pdfixers.com/...PDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePDFixers.exe, 00000000.00000002.644171064.0000000002811000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://secure.comodo.com/CPS0PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B7B0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.644329990.000000001B82A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crl.entrust.net/2048ca.crl0PDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://pixel.pdfixers.comPDFixers.exe, 00000000.00000002.651451585.0000000024782000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://pixel.pdfixers.com/...pPDFixers.exe, 00000000.00000002.644171064.00000000028C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        172.67.147.142
                                                        		pixel.pdfixers.comUnited States
                                                        		13335CLOUDFLARENETUSfalse

                                                        General Information

                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                        Analysis ID:1428804
                                                        Start date and time:2024-04-19 16:32:39 +02:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 6m 49s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                        Number of analysed new started processes analysed:6
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Sample name:PDFixers.exe
                                                        Detection:SUS
                                                        Classification:sus39.winEXE@1/6@1/1
                                                        EGA Information:Failed
                                                        HCA Information:
                                                        • Successful, ratio: 100%
                                                        • Number of executed functions: 11
                                                        • Number of non-executed functions: 0
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 142.250.10.95, 142.250.10.94
                                                        • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fonts.gstatic.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net
                                                        • Execution Graph export aborted for target PDFixers.exe, PID 2724 because it is empty
                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                        • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • VT rate limit hit for: PDFixers.exe

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        16:33:42API Interceptor2996x Sleep call for process: PDFixers.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        172.67.147.142PDFixers.zipGet hashmaliciousUnknownBrowse
                                                          http://pixel.pdfixers.comGet hashmaliciousUnknownBrowse
                                                            https://pdfixers.com/downloadFixer.html?campaign_id%5C=21045767915&adgroup_id%5C=158732629346&placement_id%5C=www.espn.com&creative_id%5C=691698233681&gclid%5C=EAIaIQobChMIsdqlwMv-hAMVHKNaBR0-pAc6EAEYASAAEgJE9vD_BwEGet hashmaliciousUnknownBrowse
                                                              https://pdfixers.com/fixerPdf.html?campaign_id=20793026578&adgroup_id=154442634943&placement_id=www.kalenderpedia.de&creative_id=690578524755&gclid=EAIaIQobChMIiPuO6tH9hAMVcwVPCB0kPAl9EAEYASAAEgKpQfD_BwEGet hashmaliciousUnknownBrowse
                                                                https://pdfixers.com/Get hashmaliciousUnknownBrowse
                                                                  https://www.hiclipart.com/free-transparent-background-png-clipart-zjdjz/downloadGet hashmaliciousUnknownBrowse
                                                                    ManyToOneMailMerge Ver 18.8.dotmGet hashmaliciousUnknownBrowse
                                                                      http://pdfixers.comGet hashmaliciousUnknownBrowse
                                                                        http://pdfixers.comGet hashmaliciousUnknownBrowse

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          pixel.pdfixers.comPDFixers.zipGet hashmaliciousUnknownBrowse
                                                                          • 172.67.147.142
                                                                          http://pixel.pdfixers.comGet hashmaliciousUnknownBrowse
                                                                          • 172.67.147.142
                                                                          https://pdfixers.com/downloadFixer.html?campaign_id%5C=21045767915&adgroup_id%5C=158732629346&placement_id%5C=www.espn.com&creative_id%5C=691698233681&gclid%5C=EAIaIQobChMIsdqlwMv-hAMVHKNaBR0-pAc6EAEYASAAEgJE9vD_BwEGet hashmaliciousUnknownBrowse
                                                                          • 172.67.147.142
                                                                          https://pdfixers.com/fixerPdf.html?campaign_id=20793026578&adgroup_id=154442634943&placement_id=www.kalenderpedia.de&creative_id=690578524755&gclid=EAIaIQobChMIiPuO6tH9hAMVcwVPCB0kPAl9EAEYASAAEgKpQfD_BwEGet hashmaliciousUnknownBrowse
                                                                          • 172.67.147.142
                                                                          https://pdfixers.com/Get hashmaliciousUnknownBrowse
                                                                          • 104.21.11.17
                                                                          https://www.hiclipart.com/free-transparent-background-png-clipart-zjdjz/downloadGet hashmaliciousUnknownBrowse
                                                                          • 172.67.147.142
                                                                          ManyToOneMailMerge Ver 18.8.dotmGet hashmaliciousUnknownBrowse
                                                                          • 172.67.147.142
                                                                          http://pdfixers.comGet hashmaliciousUnknownBrowse
                                                                          • 172.67.147.142
                                                                          http://pdfixers.comGet hashmaliciousUnknownBrowse
                                                                          • 104.21.11.17
                                                                          bg.microsoft.map.fastly.netCopy of Poseidon Marine 4th monthly Stores Apr 2024 R3 .xls.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                          • 199.232.210.172
                                                                          https://royaltattoo.in/js/kalexander@yourlawyer.comGet hashmaliciousPhisherBrowse
                                                                          • 199.232.214.172
                                                                          REMITTANCE COPY.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 199.232.214.172
                                                                          purchaseorder4.exeGet hashmaliciousPython StealerBrowse
                                                                          • 199.232.210.172
                                                                          https://cionfacttalleriproj.norwayeast.cloudapp.azure.com/?finanzas.busqueda?q=Secretar%C3%ADa+de+Administraci%C3%B3n+y+Finanzas?30337974_3097_705331937556-157889157889770732479410588494105884Get hashmaliciousHTMLPhisherBrowse
                                                                          • 199.232.210.172
                                                                          https://diversityjobs.com/employer/company/1665/Worthington-Industries-IncGet hashmaliciousUnknownBrowse
                                                                          • 199.232.210.172
                                                                          s.exeGet hashmaliciousUnknownBrowse
                                                                          • 199.232.214.172
                                                                          https://bestprizerhere.life/?u=3w8p605&o=pn1kfzq&t=pshtb_redirectUrl_bodyGet hashmaliciousGRQ ScamBrowse
                                                                          • 199.232.214.172
                                                                          https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                          • 199.232.210.172
                                                                          ServerInfo.exeGet hashmaliciousUnknownBrowse
                                                                          • 199.232.210.172
                                                                          windowsupdatebg.s.llnwi.neteInvoicing_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                          • 69.164.42.0
                                                                          https://www.we-conect.io/Get hashmaliciousUnknownBrowse
                                                                          • 69.164.42.0
                                                                          http://87.120.84.22Get hashmaliciousUnknownBrowse
                                                                          • 69.164.42.0
                                                                          https://scsang.cn/Get hashmaliciousUnknownBrowse
                                                                          • 69.164.42.0
                                                                          https://cvn7.sa.com/invoice.html?app=Get hashmaliciousHTMLPhisherBrowse
                                                                          • 69.164.42.0
                                                                          https://zmmzmnsnnbxbbxvcxv22.z13.web.core.windows.net/Get hashmaliciousUnknownBrowse
                                                                          • 69.164.42.0
                                                                          https://sdcoes.net/LandingPage/Index/122/Get hashmaliciousHTMLPhisherBrowse
                                                                          • 69.164.42.0
                                                                          https://netflixfreeprimeofficle.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                          • 69.164.42.0
                                                                          F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                          • 69.164.42.0
                                                                          Transferencia 4334300002017359pdf.vbeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                          • 69.164.42.0

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          CLOUDFLARENETUSSenPalia.exeGet hashmaliciousUnknownBrowse
                                                                          • 172.64.41.3
                                                                          Copy of Poseidon Marine 4th monthly Stores Apr 2024 R3 .xls.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                          • 172.67.74.152
                                                                          https://royaltattoo.in/js/kalexander@yourlawyer.comGet hashmaliciousPhisherBrowse
                                                                          • 104.17.25.14
                                                                          SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                          • 104.21.7.115
                                                                          ppop_verification_request.zipGet hashmaliciousUnknownBrowse
                                                                          • 162.159.61.3
                                                                          https://www.dropbox.com/l/scl/AADwcgxTbjuvzakz6kszZMzP6RXavhxhixQGet hashmaliciousHTMLPhisherBrowse
                                                                          • 172.64.150.44
                                                                          eOU2MVDmTd.exeGet hashmaliciousCredGrabber, Meduza Stealer, PureLog Stealer, zgRATBrowse
                                                                          • 172.67.74.152
                                                                          https://cosantinexi.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                          • 104.17.2.184
                                                                          https://diversityjobs.com/employer/company/1665/Worthington-Industries-IncGet hashmaliciousUnknownBrowse
                                                                          • 104.16.117.116
                                                                          W4tW72sfAD.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                          • 104.21.57.61

                                                                          JA3 Fingerprints

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          7dcce5b76c8b17472d024758970a406bUGS - CRO REQ - KHIDUBAI (OPL-841724).scrGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                          • 172.67.147.142
                                                                          Invoice No. 03182024.docxGet hashmaliciousRemcosBrowse
                                                                          • 172.67.147.142
                                                                          2020.xlsGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                          • 172.67.147.142
                                                                          CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                          • 172.67.147.142
                                                                          SecuriteInfo.com.Exploit.ShellCode.69.31966.31539.rtfGet hashmaliciousRemcosBrowse
                                                                          • 172.67.147.142
                                                                          TransactionSummary_910020049836765_110424045239.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                          • 172.67.147.142
                                                                          rks18.docGet hashmaliciousAgentTeslaBrowse
                                                                          • 172.67.147.142
                                                                          5FU4LRpQdy.rtfGet hashmaliciousRemcosBrowse
                                                                          • 172.67.147.142
                                                                          NEW ORDER.docGet hashmaliciousHTMLPhisherBrowse
                                                                          • 172.67.147.142
                                                                          yDOZ8nTvm8.rtfGet hashmaliciousAgentTeslaBrowse
                                                                          • 172.67.147.142

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\48GPUYNX.htm

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\PDFixers.exe
                                                                          File Type:HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):33684
                                                                          Entropy (8bit):5.604702787879591
                                                                          Encrypted:false
                                                                          SSDEEP:768:tbRdP1w6Tgt9vJRxcxDc5sWOVD/MSTjnoZ3iIjVhgcEyeoA7JYquMr1:ZRdP1w6TqJJRxcxDc5sWOVD/MSTjntG+
                                                                          MD5:BFC8476A0D5A7DD069DD0CE117411DD8
                                                                          SHA1:66DAA8FE45BE3C0D152B2B7128276B049485DA75
                                                                          SHA-256:0F1EDA51888E4361497B442E36B5E24D571F64738EC461CFD1E7860BE67771DC
                                                                          SHA-512:CF7745258EDD0D383E75638CD87B32A41931C14516068B0D31FC39922418D46ABF996E594EB009A659008EE9D457F833B3C4EE94BBA1A7987228BA83388540AB
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=10" />.. <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet">.... <title>PDFixers Installation</title>.. <style>.. body {.. overflow: hidden; /* Hide scrollbars */.. }.... body {.. font-family: Arial, sans-serif;.. margin: 20px;.. }.... .container {.. width: 632px;.. height: 777px;.. margin: auto;.. padding: 20px;.. border: 1px solid #ddd;.. }.... .eula {.. margin-top: 20px;.. border: 1px solid #ddd;.. padding: 10px;.. height: 300px;.. overflow: auto;.. }.... .button {.. margin-top: 10px;.. padding: 10px 20px;.. background-color: #4CAF50;.. color: white;.. border: none;.. borde

                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\css2[1].css

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\PDFixers.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):306
                                                                          Entropy (8bit):5.565724594514051
                                                                          Encrypted:false
                                                                          SSDEEP:6:0IFFJMg+56ZzSVg5qh7izlpdUDSUPtgZMLQHkI+ro+iFHj0c4vn:jF7pO6ZGmqt6pSXsVHDFHj0v
                                                                          MD5:593563DEFDA42F8FAD22F5EA3F89B775
                                                                          SHA1:A0C3D8D8C19C01BD3D02B90A126C8CA7F27421B3
                                                                          SHA-256:2F02D38536746DAE6535E3354B5B844C48C26589AE1B499BE5CB35EF66EAB511
                                                                          SHA-512:7DB83EF0938D2D732FB3B4F41AAC09B332BFC36FED6E4064DF39968BF3EFC9C2C6135C09E137A024A3B12EFF561344A44F3E67D6C131971919A9889628F61F5C
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:@font-face {. font-family: 'Nunito Sans';. font-style: normal;. font-weight: 300;. font-stretch: normal;. font-display: swap;. src: url(https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp5F5bxqqtQ1yiU4GiClntQ&skey=60bfdc605ddb00b1&v=v15);.}.

                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\email-decode.min[1].js

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\PDFixers.exe
                                                                          File Type:HTML document, ASCII text, with very long lines (1238)
                                                                          Category:dropped
                                                                          Size (bytes):1239
                                                                          Entropy (8bit):5.068464054671174
                                                                          Encrypted:false
                                                                          SSDEEP:24:ch63Cf5W8QPIHRZ3hwVFS39bYGwNef1yTZsNUkQ1sZmSuLqNWRco5Jcn5IKM6cuY:C6SQnw/x+SR8ZZkQbp1RZ5JwiKMm7Zc
                                                                          MD5:9E8F56E8E1806253BA01A95CFC3D392C
                                                                          SHA1:A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
                                                                          SHA-256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
                                                                          SHA-512:63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
                                                                          Malicious:false
                                                                          Reputation:high, very likely benign file
                                                                          Preview:!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href")||""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\font[1].eot

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\PDFixers.exe
                                                                          File Type:Embedded OpenType (EOT), Nunito Sans 12pt Light family
                                                                          Category:dropped
                                                                          Size (bytes):43569
                                                                          Entropy (8bit):7.965514187975993
                                                                          Encrypted:false
                                                                          SSDEEP:768:BAovAk9wwidcUfGrYHv2GEu2v/ycF+0iwdEGnysM82tvUwV9d3Cxa8iPat:BAyAk9wwiHrHdshi4BysMX1d3CxaNi
                                                                          MD5:C6B85601ADBF8C674B4B444DAD696A5D
                                                                          SHA1:9103151C858BD4C99150D6B4386D54E99B1EBF90
                                                                          SHA-256:EC8671B432FF49E1E77F48692397E57ECFA584555AC664C932DCCEA0C9A16044
                                                                          SHA-512:255B28431550FD2BD7C61080E5645CCEA14CCA43F80AFEA2F7A337E70CB67AA38C978D3777B10DB8A3672D909B268F8499692F278AD590C56C9918AB7429C57F
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:1...........................,.....LP....K .P........... .......2..................,.N.u.n.i.t.o. .S.a.n.s. .1.2.p.t. .L.i.g.h.t.....R.e.g.u.l.a.r...:.V.e.r.s.i.o.n. .3...1.0.1.;.g.f.t.o.o.l.s.[.0...9...2.7.]...,.N.u.n.i.t.o. .S.a.n.s. .1.2.p.t. .L.i.g.h.t.....BSGP............................l.............L...h4[... ..c#.....>!.@.y>.x..8v6...&.rl..G2?..S.....^:}i..rp...=..v^:._*.[R..x..$)&.;..Pxk.4.Eh..6. ..4.UC7a..I.!..Ib?.l(.....MEz.*..d.[zu.{.-9..2..O...4.>Y.4l..W.g...a..o......3-..ka?..!..9.;.YN..Z.k....'..`....R.y...=.+......`.O....KS.X...:?}0n.....l....P..k.S..).x#...Q..i.e....0n..a.q...H|.<wZ.2.........a.....C..'<`Wr4^.'{.\.....s.N<{R\.Yyo....*)x....-\P.....N...*$..,.M...v.pB..4'.P.T3F.31.......`..ZF.%..J3.....X.W..Ky..+..=`n..{.`.Q.......ri`..Q.5r.=...V..X..~..C..j:...qZ..yX.c.X>n..v.......v.54..h*X.K....!..:.. .6...J.AL.$M.....:YS1z..Ty....0.....AahG...w......j......zu..yw[D..)&'.^.()aj..'....q .0$.G.<tE..@W....K7....~.}A....6...m>Q...`G.x.Q.8^...Ak

                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\5TLIGXA5.txt

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\PDFixers.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):402
                                                                          Entropy (8bit):5.690699926499785
                                                                          Encrypted:false
                                                                          SSDEEP:12:koh85nAqVBSGZX1eNLoh85nAqVBSGZX1e/:hhmwGd1eNchmwGd1e/
                                                                          MD5:8DF4A664D8DBA9A4E40B536613BAEF86
                                                                          SHA1:1C587C43F0CAE3E17F212C7379A8C750BC84F4E8
                                                                          SHA-256:1FA737DEE48B2FAECB296F089055BAAD5364C7AED8EFBE09D927D2CB3985B887
                                                                          SHA-512:841C19E1643BA6C36063EB796DE274499EA113A61165BDF85A7288525FA6BDE90A2205A77A83F826461CC7F1CE5054994AF63D9C715E4BD293D9B6AD70CE54D9
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:AWSALB.rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7.pixel.pdfixers.com/.1536.3230876800.31102950.3039248518.31101543.*.AWSALBCORS.rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7.pixel.pdfixers.com/.1536.3230876800.31102950.3039248518.31101543.*.

                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\HJME2AG3.txt

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\PDFixers.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):199
                                                                          Entropy (8bit):5.680650750002085
                                                                          Encrypted:false
                                                                          SSDEEP:3:3Ja98gHohC8kdPOc/nSuCBOTDjHaJkyPR1SdOqVBZ+4aJKsLGK3vUQ2Qu4eVXpw/:3UvohCz5nSNADjHKiOgBQ4ahLGZXkMe/
                                                                          MD5:C999550394B432F37F7756E153955A1A
                                                                          SHA1:44AB2445318192DA5766FAABCF1C5601EBE5B1B2
                                                                          SHA-256:1DD5ED4F1E841E0AAB0D5E5ED71B1ACC8F1EC0675860C4310965202ACE4EDA6C
                                                                          SHA-512:47181AD223A77326E21515538A501CBDB9DFD6CB01BE9BD7A71F6C9C82572B4293FE768E171009B72EB01788BE7BD9ACB4EFD78434C3D0586760E7C77EE20B68
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:AWSALB.rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7.pixel.pdfixers.com/.1536.3230876800.31102950.3039248518.31101543.*.

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                          Entropy (8bit):7.9781740953081055
                                                                          TrID:
                                                                          • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                          • Win64 Executable GUI (202006/5) 46.43%
                                                                          • Win64 Executable (generic) (12005/4) 2.76%
                                                                          • Generic Win/DOS Executable (2004/3) 0.46%
                                                                          • DOS Executable Generic (2002/1) 0.46%
                                                                          File name:PDFixers.exe
                                                                          File size:8'507'584 bytes
                                                                          MD5:b4440eea7367c3fb04a89225df4022a6
                                                                          SHA1:5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
                                                                          SHA256:a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
                                                                          SHA512:69c3a0339aa6d060845570527205136d4aa04b2f13b983e1e84a0d2d9a90e99ec827999a20c57e27a4c27d36e633bb264ddd95a43c03e47cfa3d9f6377e57e76
                                                                          SSDEEP:196608:qn1PLvFtljMRfLjjL4/Y8261NG9HTta83vm:qnZFtlIP4/Y7pO8/m
                                                                          TLSH:248633347200718BEA6A7E39CD47FD24467BDE42AB4B8F3714593288B6FA6DE0710857
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....~............"...P.................. .....@..... ....................................`...@......@............... .....

                                                                          File Icon

                                                                          Icon Hash:09354145557f6746

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x140000000
                                                                          Entrypoint Section:
                                                                          Digitally signed:true
                                                                          Imagebase:0x140000000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:

                                                                          Authenticode Signature

                                                                          Signature Valid:true
                                                                          Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                          Signature Validation Error:The operation completed successfully
                                                                          Error Number:0
                                                                          Not Before, Not After
                                                                          • 11/21/2023 6:47:08 AM 11/21/2024 6:47:08 AM
                                                                          Subject Chain
                                                                          • CN=ADSMARKETO LLC, O=ADSMARKETO LLC, STREET="Rybolovetska street, building 49", L=Kyiv, S=Kyiv, C=UA, OID.1.3.6.1.4.1.311.60.2.1.3=UA, SERIALNUMBER=45092259, OID.2.5.4.15=Private Organization
                                                                          Version:3
                                                                          Thumbprint MD5:CE9A9C6EBB57C0A9EEFEAC3B7ECF65DE
                                                                          Thumbprint SHA-1:40C0CB1A69BC8AF1256B2862D729A330937B4CFF
                                                                          Thumbprint SHA-256:22DE62CECEF82EDAEC2B6586D463BCB8FBABE8734C95916A4C51F5CFFBED346F
                                                                          Serial:2AC7FCE6B9C96D57663F6BB4

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          dec ebp
                                                                          pop edx
                                                                          nop
                                                                          add byte ptr [ebx], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax+eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x8020000x1b4bc.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x81a2000x2ec0.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x8008600x1c.text
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x20000x7fe87c0x7fea00829ae0eee9a26946b0cb8f6cae5194d8unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rsrc0x8020000x1b4bc0x1b60088250d9b576ea4b56b614ec4fe007258False0.17515696347031964data3.430310527618212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0x8021a00x282cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9795799299883314
                                                                          RT_ICON0x8049dc0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.06360167987696676
                                                                          RT_ICON0x8152140x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.09996457250826642
                                                                          RT_ICON0x81944c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.13101659751037345
                                                                          RT_ICON0x81ba040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.1801125703564728
                                                                          RT_ICON0x81cabc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.3120567375886525
                                                                          RT_GROUP_ICON0x81cf340x5adata0.7666666666666667
                                                                          RT_VERSION0x81cfa00x31cdata0.4271356783919598
                                                                          RT_MANIFEST0x81d2cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Apr 19, 2024 16:33:48.825150967 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:48.825175047 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:48.825232029 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:48.900398970 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:48.900417089 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.133865118 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.134073019 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.139636993 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.139655113 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.139965057 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.140022993 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.229855061 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.276113033 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416156054 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416224003 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416261911 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416275024 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416292906 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416305065 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416305065 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416333914 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416337967 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416344881 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416373014 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416392088 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416398048 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416440964 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416444063 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416455030 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416492939 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416816950 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416851997 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416857958 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416918039 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.416923046 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.416964054 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.417099953 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.427925110 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.427968979 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.427980900 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.428020000 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.428025961 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.428075075 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.428353071 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.428390980 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.428400040 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.428450108 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.428456068 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.428493977 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.428499937 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.428544044 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.428992033 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429028988 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.429033995 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429074049 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.429079056 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429119110 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.429124117 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429166079 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.429174900 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429212093 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.429814100 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429860115 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.429866076 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429904938 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.429910898 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429949999 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.429955959 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429980040 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.429992914 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.430015087 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.433182001 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.433639050 CEST49165443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.433650017 CEST44349165172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.450740099 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:49.450769901 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:49.450819969 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.042305946 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.042326927 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:50.264837027 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:50.264947891 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.375417948 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.375435114 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:50.383490086 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.383508921 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:50.515181065 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:50.515281916 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.515302896 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:50.515361071 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.515434027 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:50.515496016 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.515505075 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:50.515551090 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.515578985 CEST44349166172.67.147.142192.168.2.22
                                                                          Apr 19, 2024 16:33:50.515640974 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.517770052 CEST49166443192.168.2.22172.67.147.142
                                                                          Apr 19, 2024 16:33:50.517787933 CEST44349166172.67.147.142192.168.2.22

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Apr 19, 2024 16:33:48.693486929 CEST5278153192.168.2.228.8.8.8
                                                                          Apr 19, 2024 16:33:48.805493116 CEST53527818.8.8.8192.168.2.22

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Apr 19, 2024 16:33:48.693486929 CEST192.168.2.228.8.8.80x85f1Standard query (0)pixel.pdfixers.comA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Apr 19, 2024 16:33:48.805493116 CEST8.8.8.8192.168.2.220x85f1No error (0)pixel.pdfixers.com172.67.147.142A (IP address)IN (0x0001)false
                                                                          Apr 19, 2024 16:33:48.805493116 CEST8.8.8.8192.168.2.220x85f1No error (0)pixel.pdfixers.com104.21.11.17A (IP address)IN (0x0001)false
                                                                          Apr 19, 2024 16:33:54.994357109 CEST8.8.8.8192.168.2.220xd78cNo error (0)windowsupdatebg.s.llnwi.net178.79.225.128A (IP address)IN (0x0001)false
                                                                          Apr 19, 2024 16:33:54.994357109 CEST8.8.8.8192.168.2.220xd78cNo error (0)windowsupdatebg.s.llnwi.net178.79.225.0A (IP address)IN (0x0001)false
                                                                          Apr 19, 2024 16:33:55.101233006 CEST8.8.8.8192.168.2.220xdd47No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                          Apr 19, 2024 16:33:55.101233006 CEST8.8.8.8192.168.2.220xdd47No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • pixel.pdfixers.com
                                                                          • https:

                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.2249165172.67.147.1424432724C:\Users\user\Desktop\PDFixers.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 14:33:49 UTC537OUTGET / HTTP/1.1
                                                                          Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
                                                                          Accept-Language: en-US
                                                                          UA-CPU: AMD64
                                                                          Accept-Encoding: gzip, deflate
                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                          Host: pixel.pdfixers.com
                                                                          Connection: Keep-Alive
                                                                          2024-04-19 14:33:49 UTC989INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 14:33:49 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Set-Cookie: AWSALB=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7; Expires=Fri, 26 Apr 2024 14:33:49 GMT; Path=/
                                                                          Set-Cookie: AWSALBCORS=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7; Expires=Fri, 26 Apr 2024 14:33:49 GMT; Path=/; SameSite=None
                                                                          Cache-Control: no-cache
                                                                          CF-Cache-Status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WKQCHTrXOOK0XHLw1AtczIepdY%2BmTQu0XfJLAzSMc6G00eKmmSFjhLANFBxi11BZIbr7whlUDhFIGwYkZNA%2BreI9yRDImFUoxHxidlb7uP404YfesxaCmU6ogMBWIJbuZRpBrbk%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 876d9ca349401386-ATL
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-04-19 14:33:49 UTC380INData Raw: 33 35 62 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 75 6e 69 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 33 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 44 46 69 78 65 72 73 20 49 6e 73 74 61 6c 6c 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20
                                                                          Data Ascii: 35bd<!DOCTYPE html><html><head> <meta http-equiv="X-UA-Compatible" content="IE=10" /> <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet"> <title>PDFixers Installation</title>
                                                                          2024-04-19 14:33:49 UTC1369INData Raw: 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 33 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 37 37 37 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20
                                                                          Data Ascii: amily: Arial, sans-serif; margin: 20px; } .container { width: 632px; height: 777px; margin: auto; padding: 20px; border: 1px solid #ddd; }
                                                                          2024-04-19 14:33:49 UTC1369INData Raw: 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 34 30 70 78 3b 0d 0a 20 20 20
                                                                          Data Ascii: enter; flex-direction: column; align-items: center; } .loader { border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%; width: 40px;
                                                                          2024-04-19 14:33:49 UTC1369INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 74 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 35 70 78 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72
                                                                          Data Ascii: text-align: center; } .button-container span { vertical-align: middle; font-size: 10px; } .btn { width: 100px; padding: 15px 10px; cursor
                                                                          2024-04-19 14:33:49 UTC1369INData Raw: 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 61 6c 6c 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 22 20 73 72 63 3d 27 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 4d 67 41 41 41 44 49 43 41 59 41 41 41 43 74 57 4b 36 65 41 41 41 41 42 48 4e 43 53 56 51 49 43 41 67 49 66 41 68 6b 69 41 41 41 41 41 6c 77 53 46 6c 7a 41 41 41 4c 45
                                                                          Data Ascii: </button> </div> </div> <div id="all"> <div class="close-button"> <img width="10" src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAALE
                                                                          2024-04-19 14:33:49 UTC1369INData Raw: 76 31 4c 6c 59 6a 67 46 62 42 72 35 4a 2f 4f 4d 33 77 48 57 5a 73 38 37 43 63 6f 68 6c 34 42 76 45 4c 30 45 44 48 4d 79 63 64 52 71 57 51 36 2b 6f 71 53 51 31 66 4b 6d 4c 35 64 42 70 6c 6f 43 76 45 37 38 55 44 58 41 6f 63 39 59 7a 73 52 78 61 31 78 4c 77 4e 65 4b 58 6f 77 45 4f 5a 38 37 36 61 69 79 48 4e 72 51 45 50 45 62 38 6b 6a 54 41 6b 63 78 5a 54 32 59 35 4e 4c 45 6c 34 4b 76 45 4c 30 73 44 33 4a 41 35 4b 30 41 4b 79 6d 59 35 46 74 67 53 38 42 58 69 6c 36 59 42 62 73 79 59 4d 31 57 51 7a 33 49 73 71 43 58 67 79 38 51 76 54 77 50 63 6c 43 46 66 71 69 43 58 35 56 68 77 53 38 43 6a 78 43 39 52 41 39 7a 63 59 61 35 55 51 5a 36 47 6e 6e 32 4a 7a 56 41 74 41 59 38 51 76 30 77 4e 63 45 73 48 65 56 49 46 4f 53 78 48 7a 79 77 42 44 78 4f 2f 56 41 33 7a 66 55
                                                                          Data Ascii: v1LlYjgFbBr5J/OM3wHWZs87Ccohl4BvEL0EDHMycdRqWQ6+oqSQ1fKmL5dBploCvE78UDXAoc9YzsRxa1xLwNeKXowEOZ876aiyHNrQEPEb8kjTAkcxZT2Y5NLEl4KvEL0sD3JA5K0AKymY5FtgS8BXil6YBbsyYM1WQz3IsqCXgy8QvTwPclCFfqiCX5VhwS8CjxC9RA9zcYa5UQZ6Gnn2JzVAtAY8Qv0wNcEsHeVIFOSxHzywBDxO/VA3zfU
                                                                          2024-04-19 14:33:49 UTC1369INData Raw: 6f 49 45 53 38 66 4f 31 4a 44 4f 34 44 4d 74 52 53 69 4a 2b 7a 71 76 41 4a 5a 6c 7a 39 73 5a 57 78 67 4f 4c 66 72 51 68 6c 4b 4f 56 69 4a 2f 33 4b 6e 42 78 35 70 77 4c 37 31 49 73 52 35 52 45 2f 4e 78 58 67 59 73 79 35 31 78 59 6c 69 4e 65 49 6e 37 2b 4b 38 43 46 6d 58 4d 75 6e 45 75 77 48 4c 56 49 78 4c 2f 44 43 6e 42 42 35 70 77 4c 77 33 4c 55 4a 78 48 2f 48 70 61 45 38 56 2f 4b 4c 45 65 64 45 76 48 76 73 67 4b 63 6e 7a 6c 6e 74 53 37 43 63 74 51 75 45 66 38 2b 4b 38 42 35 6d 58 4e 57 35 30 4c 47 77 61 4f 48 62 7a 6b 32 6c 6f 68 2f 70 35 65 42 54 32 54 4f 57 59 33 7a 73 42 79 4c 4a 68 48 2f 58 69 38 44 48 38 75 63 4d 39 77 48 67 42 50 45 44 39 74 79 54 43 38 52 2f 32 37 2f 42 64 36 62 4f 57 65 59 73 34 41 2f 45 7a 39 6b 79 7a 47 37 52 50 7a 37 2f 52 46
                                                                          Data Ascii: oIES8fO1JDO4DMtRSiJ+zqvAJZlz9sZWxgOLfrQhlKOViJ/3KnBx5pwL71IsR5RE/NxXgYsy51xYliNeIn7+K8CFmXMunEuwHLVIxL/DCnBB5pwLw3LUJxH/HpaE8V/KLEedEvHvsgKcnzlntS7CctQuEf8+K8B5mXNW50LGwaOHbzk2loh/p5eBT2TOWY3zsByLJhH/Xi8DH8ucM9wHgBPED9tyTC8R/27/Bd6bOWeYs4A/Ez9kyzG7RPz7/RF
                                                                          2024-04-19 14:33:49 UTC1369INData Raw: 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 41 74 20 70 64 66 69 78 65 72 73 20 28 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 43 6f 6d 70 61 6e 79 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 26 72 64 71 75 6f 3b 20 6f 72 20 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 77 65 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 26 6c 64 71 75 6f 3b 29 2c 20 77 65 20 70 6c 61 63 65 20 67 72 65 61 74 20 69 6d 70 6f 72 74 61 6e 63 65 20 6f 6e 20 70 72 69 76 61 63 79 2c 20 73 65 63 75 72 69 74 79 2c 20 61 6e 64 20 6f 6e 6c 69 6e 65 20 73 61 66 65 74 79 2e 20
                                                                          Data Ascii: <p class="c4"><span class="c12">At pdfixers (&ldquo;</span><span class="c1">Company</span><span class="c12">&rdquo; or &ldquo;</span><span class="c1">we</span><span class="c0">&ldquo;), we place great importance on privacy, security, and online safety.
                                                                          2024-04-19 14:33:49 UTC1369INData Raw: 53 6f 66 74 77 61 72 65 2c 20 77 65 20 73 74 72 6f 6e 67 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 20 74 68 61 74 20 75 73 65 72 73 20 63 61 72 65 66 75 6c 6c 79 20 72 65 76 69 65 77 20 74 68 69 73 20 50 6f 6c 69 63 79 2e 20 46 6f 72 20 43 61 6c 69 66 6f 72 6e 69 61 20 72 65 73 69 64 65 6e 74 73 2c 20 77 65 20 61 6c 73 6f 20 61 64 76 69 73 65 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6f 6d 70 61 6e 79 26 72 73 71 75 6f 3b 73 20 73 70 65 63 69 66 69 63 26 6e 62 73 70 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 37 22 3e 43 43 50 41 20 50 72 69 76 61 63 79 20 4e 6f 74 69 63 65 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                          Data Ascii: Software, we strongly recommend that users carefully review this Policy. For California residents, we also advise reviewing the Company&rsquo;s specific&nbsp;</span><span class="c7">CCPA Privacy Notice</span></p> <p class="c4"><span class
                                                                          2024-04-19 14:33:49 UTC1369INData Raw: 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 41 6c 6c 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 20 77 69 6c 6c 20 61 64 68 65 72 65 20 74 6f 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6c 61 77 66 75 6c 20 70 72 69 6e 63 69 70 6c 65 73 20 75 6e 64 65 72 20 74 68 65 20 47 44 50 52 3a 20 28 31 29 20 70 72 6f 63 65 73 73 69 6e 67 20 6f 6e 6c 69 6e 65 20 69 64 65 6e 74 69 66 69 65 72 73 20 66 6f 72 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 61 6e 64 20 66 75 6e 63 74 69 6f 6e 61 6c 20 70 75 72 70 6f 73 65 73 2c 20 28 32 29 20 70 72 6f 63 65 73 73 69 6e 67 20 74 68 65 20 75 73 65 72 26 72 73 71 75 6f 3b 73 20 63 6f 6e 74 61 63 74 20 64 65 74 61 69 6c 73 20 69 66 20 74 68 65 79
                                                                          Data Ascii: p class="c4"><span class="c0">All collection of Personal Data will adhere to the following lawful principles under the GDPR: (1) processing online identifiers for operational and functional purposes, (2) processing the user&rsquo;s contact details if they


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.2249166172.67.147.1424432724C:\Users\user\Desktop\PDFixers.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-04-19 14:33:50 UTC727OUTGET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
                                                                          Accept: */*
                                                                          Referer: https://pixel.pdfixers.com/
                                                                          Accept-Language: en-US
                                                                          UA-CPU: AMD64
                                                                          Accept-Encoding: gzip, deflate
                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                          Host: pixel.pdfixers.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: AWSALB=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7; AWSALBCORS=rkSHK1efYn1bMUM0Tf0KnzRaUbPMOZNfwwmU8qNyk9wiBwKgFAkuWhbzcmjxMKYvdVEAFbdGg96aAZl6xgWM0atXg1P7Q8wXF+0eT1Ho7CNnHKbOKRmErx0ET4k7
                                                                          2024-04-19 14:33:50 UTC762INHTTP/1.1 200 OK
                                                                          Date: Fri, 19 Apr 2024 14:33:50 GMT
                                                                          Content-Type: application/javascript
                                                                          Content-Length: 1239
                                                                          Connection: close
                                                                          Last-Modified: Tue, 16 Apr 2024 15:45:04 GMT
                                                                          ETag: "661e9d00-4d7"
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zTCMBwxeAwPt2PdWOnDtBZJDRT8MDMq6oRgXWUfDgGb8autta%2FWlvWMEJwmUFUubdi3%2FoPXhFClTVOHqfpwjT5kdEkLICfEEX7U5%2F%2FC0EuzUDEWb9Hzp0%2BAQNn%2FhF0QFH%2FN6bAs%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 876d9caa6ba2addb-ATL
                                                                          X-Frame-Options: DENY
                                                                          X-Content-Type-Options: nosniff
                                                                          Expires: Sun, 21 Apr 2024 14:33:50 GMT
                                                                          Cache-Control: max-age=172800
                                                                          Cache-Control: public
                                                                          Accept-Ranges: bytes
                                                                          2024-04-19 14:33:50 UTC607INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 74 72 79 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 63 6f 6e 73 6f 6c 65 29 72 65 74 75 72 6e 3b 22 65 72 72 6f 72 22 69 6e 20 63 6f 6e 73 6f 6c 65 3f 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 65 29 3a 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 65 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 61 20 68 72 65 66 3d 22 27 2b 65 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2b 27 22 3e 3c 2f 61 3e 27 2c 64 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 68 72 65 66
                                                                          Data Ascii: !function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href
                                                                          2024-04-19 14:33:50 UTC632INData Raw: 3a 22 2b 6e 28 6f 2e 68 72 65 66 2c 61 2b 6c 2e 6c 65 6e 67 74 68 29 29 7d 63 61 74 63 68 28 69 29 7b 65 28 69 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 75 29 2c 63 3d 30 3b 63 3c 72 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 74 72 79 7b 76 61 72 20 6f 3d 72 5b 63 5d 2c 61 3d 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 69 3d 6f 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 66 29 3b 69 66 28 69 29 7b 76 61 72 20 6c 3d 6e 28 69 2c 30 29 2c 64 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 6c 29 3b 61 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 64 2c 6f 29 7d 7d 63 61 74 63 68 28 68 29 7b 65 28 68 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 74 29 7b 66 6f
                                                                          Data Ascii: :"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){fo


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:16:33:42
                                                                          Start date:19/04/2024
                                                                          Path:C:\Users\user\Desktop\PDFixers.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Users\user\Desktop\PDFixers.exe"
                                                                          Imagebase:0x13fca0000
                                                                          File size:8'507'584 bytes
                                                                          MD5 hash:B4440EEA7367C3FB04A89225DF4022A6
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          Disassembly

                                                                          Reset < >

                                                                            Executed Functions

                                                                            Function 1D3A7000 Relevance: 17.9, Strings: 13, Instructions: 1614COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644868320.000000001D3A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D3A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d3a0000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :L($ :L($ =L($ =L($0K($@:L($@:L($@n.*$`<L($9L($9L($<L($<L(
                                                                            • API String ID: 0-3805796869
                                                                            • Opcode ID: 481ca32a5c64bc0d7bf473f591bddd8aa856ee709fe437ed131ff85a09aa57a0
                                                                            • Instruction ID: efef0738211625b6ad129e4c42c28f5552a00f1a37f13f79201d533658249e9e
                                                                            • Opcode Fuzzy Hash: 481ca32a5c64bc0d7bf473f591bddd8aa856ee709fe437ed131ff85a09aa57a0
                                                                            • Instruction Fuzzy Hash: 4CA2157071CE884FDB4ADB2C9494A357BD2FB8A384B24459FE44FC7296D924CC92C396
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D3A40A5 Relevance: 13.8, Strings: 10, Instructions: 1318COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644868320.000000001D3A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D3A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d3a0000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 9L($ 9L($@ib&$`9L($`9L($p1L($p1L($8L($8L($y
                                                                            • API String ID: 0-3615688111
                                                                            • Opcode ID: efa9efff67c8d38c05a1ebf68089109512d8b9ee07ec27ded8042b3e28cf4ae7
                                                                            • Instruction ID: 34376053a306c2ae65850d0250e789e2e041d649045bad1483d06d8486a13a58
                                                                            • Opcode Fuzzy Hash: efa9efff67c8d38c05a1ebf68089109512d8b9ee07ec27ded8042b3e28cf4ae7
                                                                            • Instruction Fuzzy Hash: C6821330B2CF8D4FDB49D76C98596387BD2FB99744F5401AAE84ECB292D924CC91C392
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D3A9102 Relevance: 2.2, Instructions: 2171COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644868320.000000001D3A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D3A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d3a0000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 185eb39e630d1921a1a3c38e6445607c0c98b3c46034ded08519f300c23b9503
                                                                            • Instruction ID: 561d68054b5c0a80af972fce6a699a1b55533ec3b6699673f6228c4cf413d65f
                                                                            • Opcode Fuzzy Hash: 185eb39e630d1921a1a3c38e6445607c0c98b3c46034ded08519f300c23b9503
                                                                            • Instruction Fuzzy Hash: D5D23530B2CF8D4FDB49D76CA898A2877E2EB99740B54419BF40DCB3A6D920DC91C791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D3A27F8 Relevance: .3, Instructions: 276COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644868320.000000001D3A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D3A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d3a0000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3aee85401c01e98620714dacc06ee023b9b7977617ef813810c00a7e42ddae05
                                                                            • Instruction ID: 9cc31d6379e324f73637800853302a80a51316ef966a5ef3c179986698ac16f6
                                                                            • Opcode Fuzzy Hash: 3aee85401c01e98620714dacc06ee023b9b7977617ef813810c00a7e42ddae05
                                                                            • Instruction Fuzzy Hash: BF71F33062CF8C4FD789DB6CA8996247BE1FB5D344B1441AFE84DC72A2DA24DC91C792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D3A482A Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644868320.000000001D3A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D3A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d3a0000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b6a8bc76fc50b5c2478f7f1bf8cb870af71298faced8c9cb222d02a6653bcb1
                                                                            • Instruction ID: 561da56b55e10fc8db6abed7f765266d1aa82f698467d47ce24d71190a900728
                                                                            • Opcode Fuzzy Hash: 1b6a8bc76fc50b5c2478f7f1bf8cb870af71298faced8c9cb222d02a6653bcb1
                                                                            • Instruction Fuzzy Hash: 8AE0C23252CE4D0EB215A2EDB8024A833C0D9412B03104BCBC83CC55E7F50708A282C7
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D370F21 Relevance: .0, Instructions: 5COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644851431.000000001D370000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D370000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d370000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction ID: 4f0585458d064b9a4d3f4f2b05e8143d33c13b9a554a630fe8e393e6dd338ef7
                                                                            • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D370F49 Relevance: .0, Instructions: 5COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644851431.000000001D370000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D370000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d370000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction ID: 4f0585458d064b9a4d3f4f2b05e8143d33c13b9a554a630fe8e393e6dd338ef7
                                                                            • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D370F89 Relevance: .0, Instructions: 5COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644851431.000000001D370000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D370000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d370000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction ID: 4f0585458d064b9a4d3f4f2b05e8143d33c13b9a554a630fe8e393e6dd338ef7
                                                                            • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D370E59 Relevance: .0, Instructions: 5COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644851431.000000001D370000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D370000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d370000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction ID: 4f0585458d064b9a4d3f4f2b05e8143d33c13b9a554a630fe8e393e6dd338ef7
                                                                            • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D370EA9 Relevance: .0, Instructions: 5COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644851431.000000001D370000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D370000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d370000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction ID: 4f0585458d064b9a4d3f4f2b05e8143d33c13b9a554a630fe8e393e6dd338ef7
                                                                            • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D370EF9 Relevance: .0, Instructions: 5COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.644851431.000000001D370000.00000010.00000800.00020000.00000000.sdmp, Offset: 1D370000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1d370000_PDFixers.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction ID: 4f0585458d064b9a4d3f4f2b05e8143d33c13b9a554a630fe8e393e6dd338ef7
                                                                            • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%