Windows Analysis Report
PDFixers.exe

Overview

General Information

Sample name:	PDFixers.exe
Analysis ID:	1428848
MD5:	b4440eea7367c3fb04a89225df4022a6
SHA1:	5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256:	a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Compliance

Score:	63
Range:	0 - 100

Signatures

Multi AV Scanner detection for submitted file

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains capabilities to detect virtual machines

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Drops PE files

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Searches for the Microsoft Outlook file path

Searches for user specific document files

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: PDFixers.exe

ReversingLabs: Detection: 41%

Compliance

Source: C:\Users\user\Desktop\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Source: PDFixers.exe

Static PE information: certificate valid

Source: unknown

HTTPS traffic detected: 104.21.11.17:443 -> 192.168.2.16:49698 version: TLS 1.2

Source: PDFixers.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: pixel.pdfixers.com

Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698

Source: unknown

HTTPS traffic detected: 104.21.11.17:443 -> 192.168.2.16:49698 version: TLS 1.2

System Summary

PE file does not import any functions

Source: PDFixers.exe

Static PE information: No import functions for PE file found

Searches for the Microsoft Outlook file path

Source: C:\Users\user\Desktop\PDFixers.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: classification engine

Classification label: sus24.winEXE@3/8@1/22

Source: C:\Users\user\Desktop\PDFixers.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\VZF1B155.htm

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Mutant created: NULL

Source: PDFixers.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PDFixers.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\PDFixers.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\PDFixers.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: PDFixers.exe

ReversingLabs: Detection: 41%

Source: unknown	Process created: C:\Users\user\Desktop\PDFixers.exe "C:\Users\user\Desktop\PDFixers.exe"
Source: C:\Users\user\Desktop\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\Desktop\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"

Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ieframe.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sxs.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d11.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dcomp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxgi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msiso.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mshtml.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msimtf.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d2d1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mlang.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: jscript9.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: t2embed.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uianimation.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: scrrun.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: edputil.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: slc.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sppc.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: thumbcache.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: assignedaccessruntime.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: structuredquery.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.search.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: networkexplorer.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ehstorshell.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmcorer.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: provsvc.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: photometadatahandler.dll

Source: C:\Users\user\Desktop\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window found: window name: SysTabControl32

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

File opened: C:\Windows\SYSTEM32\MsftEdit.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window detected: Number of UI elements: 13

Source: C:\Users\user\Desktop\PDFixers.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Source: PDFixers.exe

Static PE information: certificate valid

Source: PDFixers.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PDFixers.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: PDFixers.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: PDFixers.exe

Static file information: File size 8507584 > 1048576

Source: PDFixers.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00

Source: PDFixers.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: PDFixers.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

Binary contains a suspicious time stamp

Source: PDFixers.exe

Static PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\PDFixers.exe

File created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1FE73AD0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1FE75720000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1FE77B50000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BA60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BAA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BAF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BB90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BBD0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BC10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BC50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BC90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BCB0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BCF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD70000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BDB0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BDD0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BDF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BE30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BE50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BE70000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C090000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C0B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C0D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C110000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C130000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C150000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C170000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C190000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C1D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C1F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C9C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C9E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CA00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CA20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CA40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CA80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CAA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CAE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CB00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CB40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CB60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CB80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CBA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CBC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CBE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CC20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CC40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CC60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CC80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CCA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CCC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CDA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CDE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CEC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CEE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CF00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CF20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CF60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CF80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CFA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CFC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D020000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D060000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D080000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D0A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D0C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D100000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D140000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D180000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D1A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D1C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D1E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D240000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D2A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D2C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D2E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D3A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D3C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D3E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D4A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D4C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D4E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D5A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D5C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D5E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D680000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D6A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D6C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D6E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D720000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D7A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D7C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D7E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D840000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D8C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D8E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D9A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D9E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DAA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DBA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DBC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DBE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DC20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DC40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DC60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DC80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DCA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DCC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DCE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DD00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DD40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DD60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DD80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DDA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DDC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DDE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DE00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DE20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DE60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DE80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DEA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DEC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DEE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DF00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DF20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DF60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DF80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DFA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DFC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DFE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E020000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E080000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E0A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E0C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E0E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E100000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E140000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E1A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E1C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E1E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E200000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E240000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E2C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E2E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E320000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E3A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E3E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E4A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E4E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E560000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E5A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E5C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EA40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EA60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EA80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EAA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EAE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EB20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EB40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EB60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EB80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EBA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EBC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EBE0000 memory commit \| memory reserve \| memory write watch

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\PDFixers.exe

Thread delayed: delay time: 922337203685477

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\PDFixers.exe TID: 7044

Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\PDFixers.exe

Thread delayed: delay time: 922337203685477

Anti Debugging

Source: C:\Users\user\Desktop\PDFixers.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\PDFixers.exe

Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"

Language, Device and Operating System Detection

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Searches for user specific document files

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.11.17	pixel.pdfixers.com	United States	13335	CLOUDFLARENETUS	false
64.233.185.94	unknown	United States	15169	GOOGLEUS	false
172.217.215.95	unknown	United States	15169	GOOGLEUS	false

Contacted Domains

Name	IP	Active
pixel.pdfixers.com	104.21.11.17	true

AV Detection

Multi AV Scanner detection for submitted file

Source: PDFixers.exe

ReversingLabs: Detection: 41%

Compliance

Source: C:\Users\user\Desktop\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Source: PDFixers.exe

Static PE information: certificate valid

Source: unknown

HTTPS traffic detected: 104.21.11.17:443 -> 192.168.2.16:49698 version: TLS 1.2

Source: PDFixers.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: pixel.pdfixers.com

Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698

Source: unknown

HTTPS traffic detected: 104.21.11.17:443 -> 192.168.2.16:49698 version: TLS 1.2

System Summary

PE file does not import any functions

Source: PDFixers.exe

Static PE information: No import functions for PE file found

Searches for the Microsoft Outlook file path

Source: C:\Users\user\Desktop\PDFixers.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: classification engine

Classification label: sus24.winEXE@3/8@1/22

Source: C:\Users\user\Desktop\PDFixers.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\VZF1B155.htm

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Mutant created: NULL

Source: PDFixers.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PDFixers.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\PDFixers.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\PDFixers.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: PDFixers.exe

ReversingLabs: Detection: 41%

Source: unknown	Process created: C:\Users\user\Desktop\PDFixers.exe "C:\Users\user\Desktop\PDFixers.exe"
Source: C:\Users\user\Desktop\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\Desktop\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"

Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ieframe.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sxs.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d11.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dcomp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxgi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msiso.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mshtml.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msimtf.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d2d1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mlang.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: jscript9.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: t2embed.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uianimation.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: scrrun.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: edputil.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: slc.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sppc.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: thumbcache.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: assignedaccessruntime.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: structuredquery.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.search.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: networkexplorer.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ehstorshell.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmcorer.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: provsvc.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: photometadatahandler.dll

Source: C:\Users\user\Desktop\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window found: window name: SysTabControl32

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

File opened: C:\Windows\SYSTEM32\MsftEdit.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window detected: Number of UI elements: 13

Source: C:\Users\user\Desktop\PDFixers.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Source: PDFixers.exe

Static PE information: certificate valid

Source: PDFixers.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PDFixers.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: PDFixers.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: PDFixers.exe

Static file information: File size 8507584 > 1048576

Source: PDFixers.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00

Source: PDFixers.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: PDFixers.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

Binary contains a suspicious time stamp

Source: PDFixers.exe

Static PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\PDFixers.exe

File created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1FE73AD0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1FE75720000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1FE77B50000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BA60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BAA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BAF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BB90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BBD0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BC10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BC50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BC90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BCB0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BCF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD70000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BD90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BDB0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BDD0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BDF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BE30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BE50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067BE70000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C090000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C0B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C0D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C110000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C130000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C150000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C170000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C190000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C1D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C1F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C9C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067C9E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CA00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CA20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CA40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CA80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CAA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CAE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CB00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CB40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CB60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CB80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CBA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CBC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CBE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CC20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CC40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CC60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CC80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CCA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CCC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CD80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CDA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CDE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CE80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CEC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CEE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CF00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CF20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CF60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CF80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CFA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067CFC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D020000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D060000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D080000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D0A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D0C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D100000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D140000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D180000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D1A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D1C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D1E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D240000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D2A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D2C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D2E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D3A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D3C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D3E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D4A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D4C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D4E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D5A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D5C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D5E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D680000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D6A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D6C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D6E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D720000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D7A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D7C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D7E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D840000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D8C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D8E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D9A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067D9E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DA80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DAA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DB80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DBA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DBC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DBE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DC20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DC40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DC60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DC80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DCA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DCC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DCE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DD00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DD40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DD60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DD80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DDA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DDC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DDE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DE00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DE20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DE60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DE80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DEA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DEC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DEE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DF00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DF20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DF60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DF80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DFA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DFC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067DFE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E020000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E080000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E0A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E0C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E0E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E100000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E140000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E1A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E1C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E1E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E200000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E240000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E2C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E2E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E320000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E3A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E3E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E4A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E4E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E560000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E5A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E5C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067E620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EA40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EA60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EA80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EAA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EAC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EAE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EB20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EB40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EB60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EB80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EBA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EBC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2067EBE0000 memory commit \| memory reserve \| memory write watch

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\PDFixers.exe

Thread delayed: delay time: 922337203685477

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\PDFixers.exe TID: 7044

Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\PDFixers.exe

Thread delayed: delay time: 922337203685477

Anti Debugging

Source: C:\Users\user\Desktop\PDFixers.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\PDFixers.exe

Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"

Language, Device and Operating System Detection

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Searches for user specific document files

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA

ID:	1428848
Product:	CloudBasic
Start time:	17:52:32
Start date:	19.04.2024
Sample:	PDFixers.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b4440eea7367c3fb04a89225df4022a6
SHA1:	5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256:	a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Filetype:	Win64 Executable GUI Net Framework (217006/5) 49.88%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\email-decode.min[1].js	HTML document, ASCII text, with very long lines (1238)	9E8F56E8E1806253BA01A95CFC3D392C	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\css2[1].css	ASCII text	593563DEFDA42F8FAD22F5EA3F89B775	A0C3D8D8C19C01BD3D02B90A126C8CA7F27421B3	2F02D38536746DAE6535E3354B5B844C48C26589AE1B499BE5CB35EF66EAB511
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\VZF1B155.htm	HTML document, ASCII text, with very long lines (10298), with CRLF line terminators	041538B02D88B07052010A77EE4D588E	752247C5A15B4EFA90F20E2A3C828F2C4438D321	6940AB10407D1D01B2CB9D53EF9ED3F96F416DA23E016514AA0FCAB217B3135F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\C7S8M5VS\font[1].eot	Embedded OpenType (EOT), Nunito Sans 12pt Light family	C6B85601ADBF8C674B4B444DAD696A5D	9103151C858BD4C99150D6B4386D54E99B1EBF90	EC8671B432FF49E1E77F48692397E57ECFA584555AC664C932DCCEA0C9A16044
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	PE32+ executable (GUI) x86-64, for MS Windows	C02DC2CA96FE9841963883C0FE177399	7E42E66E9198C258DA48A6194577E3DBD424463A	290E4AA7ED64C728138711C011E89AAB7AA48DBC1AE430371DC2BE4100B92BF0
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	2DF0B3C8EBDE31C8D8D40E2D6BBA821A	705F164E039689BCB83C64981102B9D9AAE29970	13BFD7B09F3B7C283AE08EBFCE84ED5C99131111FBC0DF534907133BE53B4A44
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	21B26AF0D4CE33D609915549F01A7705	5B2D4B056812AF71E159426324CDAA788D1CB5D7	66CCB395C9184DCE6822DFBB9970C877383B3EAD6D9417B5106A844AAC512989
C:\Users\user\Desktop\SumatraPDF.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Apr 19 14:53:08 2024, mtime=Fri Apr 19 14:53:08 2024, atime=Wed Oct 25 05:17:54 2023, length=16065496, window=hide	A6CA770AE671ACDB691D9E73E9064002	76DD8A4F0243545CF71442BB4D8F76FE347893C9	3C627649EEFC3EBD81ABFC29F6761896620FAB14DF54BA3A18810E3531028F06

Windows Analysis Report PDFixers.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
PDFixers.exe