Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PDFixers.exe

Overview

General Information

Sample name:PDFixers.exe
Analysis ID:1428848
MD5:b4440eea7367c3fb04a89225df4022a6
SHA1:5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256:a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:60%

Compliance

Score:63
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Searches for user specific document files

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • PDFixers.exe (PID: 7020 cmdline: "C:\Users\user\Desktop\PDFixers.exe" MD5: B4440EEA7367C3FB04A89225DF4022A6)
    • SumatraPDF-3.5.2-64.exe (PID: 3600 cmdline: "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe" MD5: C02DC2CA96FE9841963883C0FE177399)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: PDFixers.exeReversingLabs: Detection: 41%

Compliance

barindex
Creates a software uninstall entry
Source: C:\Users\user\Desktop\PDFixers.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall
PE / OLE file has a valid certificate
Source: PDFixers.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 104.21.11.17:443 -> 192.168.2.16:49698 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: PDFixers.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: pixel.pdfixers.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownHTTPS traffic detected: 104.21.11.17:443 -> 192.168.2.16:49698 version: TLS 1.2
Source: PDFixers.exeStatic PE information: No import functions for PE file found
Source: C:\Users\user\Desktop\PDFixers.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: classification engineClassification label: sus24.winEXE@3/8@1/22
Source: C:\Users\user\Desktop\PDFixers.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\VZF1B155.htm
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeMutant created: NULL
Source: PDFixers.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: PDFixers.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\PDFixers.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Desktop\PDFixers.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: PDFixers.exeReversingLabs: Detection: 41%
Source: unknownProcess created: C:\Users\user\Desktop\PDFixers.exe "C:\Users\user\Desktop\PDFixers.exe"
Source: C:\Users\user\Desktop\PDFixers.exeProcess created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\Desktop\PDFixers.exeProcess created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mscoree.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ieframe.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wkscli.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sxs.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dwrite.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dataexchange.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d3d11.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dcomp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dxgi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msiso.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: urlmon.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mshtml.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: powrprof.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: umpdc.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: srpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msimtf.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msls31.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d2d1.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dxcore.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: secur32.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mlang.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: jscript9.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: schannel.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: t2embed.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: uianimation.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mpr.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: scrrun.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: linkinfo.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ntshrui.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cscapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: edputil.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: appresolver.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: slc.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sppc.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dui70.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: duser.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: explorerframe.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: thumbcache.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: msftedit.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: globinputhost.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: assignedaccessruntime.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: xmllite.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: structuredquery.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: atlthunk.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.storage.search.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: twinapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: actxprxy.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: networkexplorer.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: ehstorshell.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: cscui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: mrmcorer.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wkscli.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: provsvc.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: policymanager.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: photometadatahandler.dll
Source: C:\Users\user\Desktop\PDFixers.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeWindow found: window name: SysTabControl32
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeFile opened: C:\Windows\SYSTEM32\MsftEdit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeWindow detected: Number of UI elements: 13
Source: C:\Users\user\Desktop\PDFixers.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\PDFixers.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall
Source: PDFixers.exeStatic PE information: certificate valid
Source: PDFixers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: PDFixers.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: PDFixers.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: PDFixers.exeStatic file information: File size 8507584 > 1048576
Source: PDFixers.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00
Source: PDFixers.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: PDFixers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PDFixers.exeStatic PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]
Source: C:\Users\user\Desktop\PDFixers.exeFile created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeJump to dropped file
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1FE73AD0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1FE75720000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1FE77B50000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BA60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BAA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BAC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BAF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BB90000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BBD0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BC10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BC50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BC90000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BCB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BCF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BD10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BD30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BD50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BD70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BD90000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BDB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BDD0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BDF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BE30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BE50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067BE70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C090000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C0B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C0D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C110000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C130000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C150000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C170000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C190000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C1D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C1F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C9C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067C9E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CA00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CA20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CA40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CA80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CAA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CAC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CAE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CB00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CB40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CB60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CB80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CBA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CBC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CBE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CC20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CC40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CC60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CC80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CCA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CCC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CD00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CD20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CD40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CD60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CD80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CDA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CDE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CE00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CE20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CE40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CE60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CE80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CEC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CEE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CF00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CF20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CF60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CF80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CFA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067CFC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D000000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D020000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D040000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D060000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D080000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D0A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D0C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D100000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D120000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D140000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D160000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D180000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D1A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D1C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D1E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D220000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D240000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D260000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D280000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D2A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D2C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D2E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D300000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D340000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D360000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D380000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D3A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D3C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D3E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D400000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D420000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D460000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D480000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D4A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D4C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D4E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D500000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D520000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D540000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D580000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D5A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D5C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D5E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D600000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D620000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D640000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D680000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D6A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D6C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D6E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D700000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D720000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D740000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D760000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D7A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D7C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D7E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D800000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D820000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D840000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D860000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D880000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D8C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D8E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D900000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D920000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D940000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D980000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D9A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067D9E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DA00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DA20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DA40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DA60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DA80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DAA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DAC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DB00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DB20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DB40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DB60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DB80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DBA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DBC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DBE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DC20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DC40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DC60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DC80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DCA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DCC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DCE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DD00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DD40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DD60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DD80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DDA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DDC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DDE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DE00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DE20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DE60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DE80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DEA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DEC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DEE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DF00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DF20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DF60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DF80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DFA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DFC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067DFE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E000000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E020000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E040000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E080000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E0A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E0C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E0E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E100000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E120000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E140000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E160000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E1A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E1C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E1E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E200000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E220000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E240000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E260000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E280000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E2C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E2E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E300000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E320000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E340000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E360000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E380000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E3A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E3E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E400000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E420000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E440000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E460000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E480000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E4A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E4E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E500000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E520000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E540000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E560000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E580000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E5A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E5C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E600000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067E620000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EA40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EA60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EA80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EAA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EAC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EAE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EB20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EB40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EB60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EB80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EBA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EBC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2067EBE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\Desktop\PDFixers.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\PDFixers.exe TID: 7044Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\PDFixers.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: page read and write | page guard
Source: C:\Users\user\Desktop\PDFixers.exeProcess created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeDirectory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeDirectory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeDirectory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Windows Service		1
Windows Service		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote Services1
Email Collection		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		11
Process Injection		1
Disable or Modify Tools		LSASS Memory41
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		41
Virtualization/Sandbox Evasion		Security Account Manager11
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS22
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PDFixers.exe42%ReversingLabsByteCode-MSIL.PUA.Superfluss

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pixel.pdfixers.com
104.21.11.17
truefalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    104.21.11.17
    		pixel.pdfixers.comUnited States
    		13335CLOUDFLARENETUSfalse
    64.233.185.94
    		unknownUnited States
    		15169GOOGLEUSfalse
    172.217.215.95
    		unknownUnited States
    		15169GOOGLEUSfalse

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1428848
    Start date and time:2024-04-19 17:52:32 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:17
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:PDFixers.exe
    Detection:SUS
    Classification:sus24.winEXE@3/8@1/22
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 172.217.215.95, 64.233.185.94
    • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
    • Report size getting too big, too many NtEnumerateKey calls found.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • VT rate limit hit for: PDFixers.exe

    Created / dropped Files

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\email-decode.min[1].js

    Download File
    Process:C:\Users\user\Desktop\PDFixers.exe
    File Type:HTML document, ASCII text, with very long lines (1238)
    Category:dropped
    Size (bytes):1239
    Entropy (8bit):5.068464054671174
    Encrypted:false
    SSDEEP:
    MD5:9E8F56E8E1806253BA01A95CFC3D392C
    SHA1:A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
    SHA-256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
    SHA-512:63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
    Malicious:false
    Reputation:unknown
    Preview:!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href")||""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\css2[1].css

    Download File
    Process:C:\Users\user\Desktop\PDFixers.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):306
    Entropy (8bit):5.565724594514051
    Encrypted:false
    SSDEEP:
    MD5:593563DEFDA42F8FAD22F5EA3F89B775
    SHA1:A0C3D8D8C19C01BD3D02B90A126C8CA7F27421B3
    SHA-256:2F02D38536746DAE6535E3354B5B844C48C26589AE1B499BE5CB35EF66EAB511
    SHA-512:7DB83EF0938D2D732FB3B4F41AAC09B332BFC36FED6E4064DF39968BF3EFC9C2C6135C09E137A024A3B12EFF561344A44F3E67D6C131971919A9889628F61F5C
    Malicious:false
    Reputation:unknown
    Preview:@font-face {. font-family: 'Nunito Sans';. font-style: normal;. font-weight: 300;. font-stretch: normal;. font-display: swap;. src: url(https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp5F5bxqqtQ1yiU4GiClntQ&skey=60bfdc605ddb00b1&v=v15);.}.

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\VZF1B155.htm

    Download File
    Process:C:\Users\user\Desktop\PDFixers.exe
    File Type:HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
    Category:dropped
    Size (bytes):33684
    Entropy (8bit):5.605054113368966
    Encrypted:false
    SSDEEP:
    MD5:041538B02D88B07052010A77EE4D588E
    SHA1:752247C5A15B4EFA90F20E2A3C828F2C4438D321
    SHA-256:6940AB10407D1D01B2CB9D53EF9ED3F96F416DA23E016514AA0FCAB217B3135F
    SHA-512:F4A524FE74C465D398B85F4218DD6E58ABAB5F410D733CE4543327C681D1FA87B17D6716C155A3D4C030461443A6FC5418F014E1CB657C329980E334AB366B16
    Malicious:false
    Reputation:unknown
    Preview:<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=10" />.. <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet">.... <title>PDFixers Installation</title>.. <style>.. body {.. overflow: hidden; /* Hide scrollbars */.. }.... body {.. font-family: Arial, sans-serif;.. margin: 20px;.. }.... .container {.. width: 632px;.. height: 777px;.. margin: auto;.. padding: 20px;.. border: 1px solid #ddd;.. }.... .eula {.. margin-top: 20px;.. border: 1px solid #ddd;.. padding: 10px;.. height: 300px;.. overflow: auto;.. }.... .button {.. margin-top: 10px;.. padding: 10px 20px;.. background-color: #4CAF50;.. color: white;.. border: none;.. borde

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\C7S8M5VS\font[1].eot

    Download File
    Process:C:\Users\user\Desktop\PDFixers.exe
    File Type:Embedded OpenType (EOT), Nunito Sans 12pt Light family
    Category:dropped
    Size (bytes):43569
    Entropy (8bit):7.965514187975993
    Encrypted:false
    SSDEEP:
    MD5:C6B85601ADBF8C674B4B444DAD696A5D
    SHA1:9103151C858BD4C99150D6B4386D54E99B1EBF90
    SHA-256:EC8671B432FF49E1E77F48692397E57ECFA584555AC664C932DCCEA0C9A16044
    SHA-512:255B28431550FD2BD7C61080E5645CCEA14CCA43F80AFEA2F7A337E70CB67AA38C978D3777B10DB8A3672D909B268F8499692F278AD590C56C9918AB7429C57F
    Malicious:false
    Reputation:unknown
    Preview:1...........................,.....LP....K .P........... .......2..................,.N.u.n.i.t.o. .S.a.n.s. .1.2.p.t. .L.i.g.h.t.....R.e.g.u.l.a.r...:.V.e.r.s.i.o.n. .3...1.0.1.;.g.f.t.o.o.l.s.[.0...9...2.7.]...,.N.u.n.i.t.o. .S.a.n.s. .1.2.p.t. .L.i.g.h.t.....BSGP............................l.............L...h4[... ..c#.....>!.@.y>.x..8v6...&.rl..G2?..S.....^:}i..rp...=..v^:._*.[R..x..$)&.;..Pxk.4.Eh..6. ..4.UC7a..I.!..Ib?.l(.....MEz.*..d.[zu.{.-9..2..O...4.>Y.4l..W.g...a..o......3-..ka?..!..9.;.YN..Z.k....'..`....R.y...=.+......`.O....KS.X...:?}0n.....l....P..k.S..).x#...Q..i.e....0n..a.q...H|.<wZ.2.........a.....C..'<`Wr4^.'{.\.....s.N<{R\.Yyo....*)x....-\P.....N...*$..,.M...v.pB..4'.P.T3F.31.......`..ZF.%..J3.....X.W..Ky..+..=`n..{.`.Q.......ri`..Q.5r.=...V..X..~..C..j:...qZ..yX.c.X>n..v.......v.54..h*X.K....!..:.. .6...J.AL.$M.....:YS1z..Ty....0.....AahG...w......j......zu..yw[D..)&'.^.()aj..'....q .0$.G.<tE..@W....K7....~.}A....6...m>Q...`G.x.Q.8^...Ak

    C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

    Download File
    Process:C:\Users\user\Desktop\PDFixers.exe
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):16065496
    Entropy (8bit):7.0278259579196165
    Encrypted:false
    SSDEEP:
    MD5:C02DC2CA96FE9841963883C0FE177399
    SHA1:7E42E66E9198C258DA48A6194577E3DBD424463A
    SHA-256:290E4AA7ED64C728138711C011E89AAB7AA48DBC1AE430371DC2BE4100B92BF0
    SHA-512:D7ACF551D0764FCFB9A895701679981F76B2FF73F99BCE5DA2C6C3F2F0556EE33F45D0D98848FEE96A6CCFA24E09C26303705C5F094E945E647F53F7E4716FAF
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    Reputation:unknown
    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........................................................................V...............................e............S.b....S.......S......Rich............................PE..d.....8e.........."....%..Y..........HU........@..........................................`..................................................*....... ..X.......|........K...0..p...`...p.................... ..(...`.Z.@.............Y.(...|........................text....Y.......Y................. ..`.rdata....'...Y...'...Y.............@..@.data...xri..p....b..J..............@....pdata..|........ ... ..............@..@_RDATA..\............@..............@..@.rsrc...X.... .......B..............@..@.reloc..p....0.......F..............@..B................................................................................................................................................................

    C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt

    Download File
    Process:C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
    Category:dropped
    Size (bytes):1900
    Entropy (8bit):5.182086908460794
    Encrypted:false
    SSDEEP:
    MD5:2DF0B3C8EBDE31C8D8D40E2D6BBA821A
    SHA1:705F164E039689BCB83C64981102B9D9AAE29970
    SHA-256:13BFD7B09F3B7C283AE08EBFCE84ED5C99131111FBC0DF534907133BE53B4A44
    SHA-512:272702F7473A4EB25EB7E1D41542C5086908BBD0278F3696FA96109D3509D493ECFB79D38F812B683A6A05813899014BF538BA561B6941277764EC09EABE60CD
    Malicious:false
    Reputation:unknown
    Preview:.# For documentation, see https://www.sumatrapdfreader.org/settings/settings3-5-1.html..Theme = Light..FixedPageUI [...TextColor = #000000...BackgroundColor = #ffffff...SelectionColor = #f5fc0c...WindowMargin = 2 4 2 4...PageSpacing = 4 4...InvertColors = false...HideScrollbars = false..]..ComicBookUI [...WindowMargin = 0 0 0 0...PageSpacing = 4 4...CbxMangaMode = false..]..ChmUI [...UseFixedPageUI = false..]....SelectionHandlers [..]..ExternalViewers [..]....ZoomLevels = 8.33 12.5 18 25 33.33 50 66.67 75 100 125 150 200 300 400 600 800 1000 1200 1600 2000 2400 3200 4800 6400..ZoomIncrement = 0....PrinterDefaults [...PrintScale = shrink..]..ForwardSearch [...HighlightOffset = 0...HighlightWidth = 15...HighlightColor = #6581ff...HighlightPermanent = false..]..Annotations [...HighlightColor = #ffff00...UnderlineColor = #00ff00...SquigglyColor = #ff00ff...StrikeOutColor = #ff0000...FreeTextColor = ...FreeTextSize = 12...FreeTextBorderWidth = 1...TextIconColor = ...TextIconType = ...Defa

    C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip

    Download File
    Process:C:\Users\user\Desktop\PDFixers.exe
    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
    Category:dropped
    Size (bytes):8243933
    Entropy (8bit):7.998709533933773
    Encrypted:true
    SSDEEP:
    MD5:21B26AF0D4CE33D609915549F01A7705
    SHA1:5B2D4B056812AF71E159426324CDAA788D1CB5D7
    SHA-256:66CCB395C9184DCE6822DFBB9970C877383B3EAD6D9417B5106A844AAC512989
    SHA-512:DC8FD647D1C01E783EAD3D870232DA3F6B27949EF8325BF3C88DC481D1C62DF1C89806049D5B691BD7860E003B7D62A0D18C9B1C262EBBA8A0149236704CB015
    Malicious:false
    Reputation:unknown
    Preview:PK........;BYW................SumatraPDF-3.5.2-64.exeUT...2.8e.}.XT...d..\....B3..b+....T.1E.I0....w..A.........rm....6.y.er.wmg`.....| .S..."....[{...4.c.......>..}.^..^k.}.,J...0...c..c.3..e..g.06..Nb.._}......_..14;..pNZV...M...Cs..f.....}.Y..V...2!L.......<..w...3...x...i.}_...*.K.....(R.3.E.zf.H="...\.t....E..gW.[..<..}=...t..E.)..7c.........C..c...]....&.L.go....,..$.t.4V.G<.`l.|...K..._.g.,.1.C.....S..-...x....&1.s.m.1..#...2....2...B....Z....._.HB._...n`l..X....5w..\.X.[F"...8..P.Ro.y(-7..m..,.d.....a..2.{+..6.d0...cu......,.f...=g...`,....V.;?..8.a.t...,........1.]h'c.....J..^gZ../.......#....-}.>..l.b.SJ..G.Sf7*..a.R...!#..P.T..<7(.....QJ.....*..[j.<VYeUJ6.B...^..K.b.WJ.oQ....NbL).'..Y...0...E.X...(...)s..bv.4.Q.l...\...0.T):....*...j...DU..4.J.......b.z...FV4...Y."[...X.b.[h..a....k...<.%A.....7'....,.|..Vad.rs%.=.w....../.q......0WV.~.....j..U....h>...G..l.<.....G......YC.......[."....+..P[.....|...5.5X.....4I.GoL...8

    C:\Users\user\Desktop\SumatraPDF.lnk

    Download File
    Process:C:\Users\user\Desktop\PDFixers.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Apr 19 14:53:08 2024, mtime=Fri Apr 19 14:53:08 2024, atime=Wed Oct 25 05:17:54 2023, length=16065496, window=hide
    Category:dropped
    Size (bytes):960
    Entropy (8bit):5.022193932090157
    Encrypted:false
    SSDEEP:
    MD5:A6CA770AE671ACDB691D9E73E9064002
    SHA1:76DD8A4F0243545CF71442BB4D8F76FE347893C9
    SHA-256:3C627649EEFC3EBD81ABFC29F6761896620FAB14DF54BA3A18810E3531028F06
    SHA-512:0950FB6EBAD3493F0875F8A96EF51B8C7424C228C4063AC83BC0A171532830DC7DF9326874B162B15DE8DD666B218FC56C5FBF5443D5FB88AD8237128D34E718
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... ....g}.q....]..q.....4......#........................:..DG..Yr?.D..U..k0.&...&.........{4....0$.q....6.q.......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H.X.~..............................A.p.p.D.a.t.a...B.V.1......X.~..Roaming.@......FW.H.X.~..........................j...R.o.a.m.i.n.g.....^.1......X.~..SUMATR~1..F......X.~.X.~..........................3&!.S.u.m.a.t.r.a.P.D.F.....|.2..#..YW;2 .SUMATR~1.EXE..`......X.~.X.~..............................S.u.m.a.t.r.a.P.D.F.-.3...5...2.-.6.4...e.x.e.......o...............-.......n...........)..3.....C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe..5.....\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.S.u.m.a.t.r.a.P.D.F.\.S.u.m.a.t.r.a.P.D.F.-.3...5...2.-.6.4...e.x.e.`.......X.......528110...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

    Static File Info

    General

    File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
    Entropy (8bit):7.9781740953081055
    TrID:
    • Win64 Executable GUI Net Framework (217006/5) 49.88%
    • Win64 Executable GUI (202006/5) 46.43%
    • Win64 Executable (generic) (12005/4) 2.76%
    • Generic Win/DOS Executable (2004/3) 0.46%
    • DOS Executable Generic (2002/1) 0.46%
    File name:PDFixers.exe
    File size:8'507'584 bytes
    MD5:b4440eea7367c3fb04a89225df4022a6
    SHA1:5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
    SHA256:a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
    SHA512:69c3a0339aa6d060845570527205136d4aa04b2f13b983e1e84a0d2d9a90e99ec827999a20c57e27a4c27d36e633bb264ddd95a43c03e47cfa3d9f6377e57e76
    SSDEEP:196608:qn1PLvFtljMRfLjjL4/Y8261NG9HTta83vm:qnZFtlIP4/Y7pO8/m
    TLSH:248633347200718BEA6A7E39CD47FD24467BDE42AB4B8F3714593288B6FA6DE0710857
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....~............"...P.................. .....@..... ....................................`...@......@............... .....

    File Icon

    Icon Hash:09354145557f6746

    Static PE Info

    General

    Entrypoint:0x140000000
    Entrypoint Section:
    Digitally signed:true
    Imagebase:0x140000000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Time Stamp:0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:4
    OS Version Minor:0
    File Version Major:4
    File Version Minor:0
    Subsystem Version Major:4
    Subsystem Version Minor:0
    Import Hash:

    Authenticode Signature

    Signature Valid:true
    Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
    Signature Validation Error:The operation completed successfully
    Error Number:0
    Not Before, Not After
    • 21/11/2023 06:47:08 21/11/2024 06:47:08
    Subject Chain
    • CN=ADSMARKETO LLC, O=ADSMARKETO LLC, STREET="Rybolovetska street, building 49", L=Kyiv, S=Kyiv, C=UA, OID.1.3.6.1.4.1.311.60.2.1.3=UA, SERIALNUMBER=45092259, OID.2.5.4.15=Private Organization
    Version:3
    Thumbprint MD5:CE9A9C6EBB57C0A9EEFEAC3B7ECF65DE
    Thumbprint SHA-1:40C0CB1A69BC8AF1256B2862D729A330937B4CFF
    Thumbprint SHA-256:22DE62CECEF82EDAEC2B6586D463BCB8FBABE8734C95916A4C51F5CFFBED346F
    Serial:2AC7FCE6B9C96D57663F6BB4

    Entrypoint Preview

    Instruction
    dec ebp
    pop edx
    nop
    add byte ptr [ebx], al
    add byte ptr [eax], al
    add byte ptr [eax+eax], al
    add byte ptr [eax], al

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x8020000x1b4bc.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x81a2000x2ec0.rsrc
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
    IMAGE_DIRECTORY_ENTRY_DEBUG0x8008600x1c.text
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x20000x7fe87c0x7fea00829ae0eee9a26946b0cb8f6cae5194d8unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rsrc0x8020000x1b4bc0x1b60088250d9b576ea4b56b614ec4fe007258False0.17515696347031964data3.430310527618212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_ICON0x8021a00x282cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9795799299883314
    RT_ICON0x8049dc0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.06360167987696676
    RT_ICON0x8152140x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.09996457250826642
    RT_ICON0x81944c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.13101659751037345
    RT_ICON0x81ba040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.1801125703564728
    RT_ICON0x81cabc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.3120567375886525
    RT_GROUP_ICON0x81cf340x5adata0.7666666666666667
    RT_VERSION0x81cfa00x31cdata0.4271356783919598
    RT_MANIFEST0x81d2cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347