Windows Analysis Report
PDFixers.exe

Overview

General Information

Sample name:	PDFixers.exe
Analysis ID:	1431800
MD5:	b4440eea7367c3fb04a89225df4022a6
SHA1:	5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256:	a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Infos:

Detection

Score:	32
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Compliance

Score:	64
Range:	0 - 100

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains capabilities to detect virtual machines

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

PE file does not import any functions

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for the Microsoft Outlook file path

Searches for user specific document files

Stores files to the Windows start menu directory

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.	Avira URL Cloud: Label: malware
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjs	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: https://pixel.pdfixers.com/-	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsQ	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjs	Virustotal: Detection: 5%	Perma Link

Multi AV Scanner detection for submitted file

Source: PDFixers.exe	ReversingLabs: Detection: 54%
Source: PDFixers.exe	Virustotal: Detection: 46%			Perma Link

Compliance

Source: C:\Users\user\Desktop\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Jump to behavior

Source: PDFixers.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49735 version: TLS 1.2

Source: PDFixers.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: .pdb? source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1243347809.00000261DF66F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb$.=<+ source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb' source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1340051082.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394782452.00000261DF589000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdbc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF575000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$<& source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1334005641.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdf.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbT source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394956228.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1341134365.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb.zip% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdbndows`o source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbnV source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: All supported documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files.a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_] source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1337735761.00000261DF450000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb;.prc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1329242351.00000261DF49D000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1393525598.00000261DF4CD000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234976868.00000261DF4B8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orted documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files.a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbsLo source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrk source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf.xps.oxps.djvu.cbz.cbr.cb7.cbt.chm.svg.epub.mobi.fb2.fb2z.zfb2.fb2.zip.pdb.prc.bmp.dib.gif.jpg.jpeg.jxr.png.tga.tif.tiff.webp.heic.avif.txt.log.nfofile_id.dizread.me*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb/. source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp

Networking

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 172.67.147.142 172.67.147.142

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: /Referer: https://pixel.pdfixers.com/Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; AWSALBCORS=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kYBufEXeanGUrwf&MD=g2hAdKhR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAcygOmPQa%2B4%2Bv9iVC1zhhy2y%2BYByynO6SUvsEboHWZRwn9VRCL5EY4dy11ACqC7T0a6htVFufdTOQlusIJYM09IRjq/5KQ4WAgfAyOsGZee57ZAzmGeMgmO9rcFQhm%2BIl0ubXW7oYef9B9SVFzMdtJoIhsTcUUcBTw0AwIMdlzVqj34OdcHINOdoORkq7n4La3Xk1KQ/EDXde/DP%2BvadpPNN19u/u4blyNLp9zaFsMkEr0eZNPb9B0tf2Zn8vgrg6L/lNVxTJfHztFSGBr3k8eYityUpss3C5NQMtCI9kNkqLHRMLG4C4KxW6rA3aeg0TmEj/xZIgYlfXjvJd0DaQqkDZgAACIXF%2BSyMF59HqAFVK5pbhTaMU/BQUJy%2BZeOTpCxwX82QpiBkPX2nAa6whnCNE/75/VaxygMsS0eWehH9CAeZ1n2hB2TXDwqMrJUk5IC/zgC34WeIsz7SsKZDE7LktP1Mg9M4Zt6uBi%2BuuP1w7QA/Mjt8uK1QoAvJUYuptJIoT311%2Bfe3O5aSwSf%2Bg8wphBcGuDep78qASrdsvDhJjgaBr7aK/aIUeuJutWEaj%2B1HxtjE2wPbmefyXXz6dwSir4pK4glm7zKceuoW78AZRyX8Q8HTxRZoARt8YWD/jSXRr2I6%2BsPlGUHpHDVjswgIuiLyyqhmyiNj0OtP/Zvwzlvu6Og28E0OI/hFIaq4wJUDzIEQnwdRF%2BY5zjqb6zbNXQJ7IgPCAa9bdt2MGfEys8wdhptK4u4mgYpMdm7DXzjTlMVMXc7YqO5eRIg4/tApSvflTD4uO6b7/%2BwcwZ3Q7XMMj6fjSW2Pneht4T%2Bm61D7XVS%2BzE9E56sbHdEQ1vX/Ib9Rgma9xieZ88avnwSXsKbvoPaQ9xPIoj5tmbiPnqIqXi4CTsjwww6IAd9sDnYaU28HlxeP2gE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1714066820User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: D89B6D88BE0B4D08ADFDA735253C5F4BX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kYBufEXeanGUrwf&MD=g2hAdKhR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; AWSALBCORS=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy

Source: global traffic	DNS traffic detected: DNS query: pixel.pdfixers.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/documentstructure
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/fixedrepresentation
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB631000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A3291D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_117.22.dr	String found in binary or memory: http://www.broofa.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.idpf.org/2007/opf
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.idpf.org/2007/opfapplication/xhtml
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://://https://translate.google.com/?op=translate&sl=auto&tl=$
Source: chromecache_123.22.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_123.22.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_123.22.dr, chromecache_117.22.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_123.22.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_123.22.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_123.22.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_123.22.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/(N
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/;N4
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/D
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmp, Q33AJR2N.htm.25.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/s
Source: PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/t
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com//B
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/4
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/L
Source: PDFixers.exe, 00000019.00000002.2120392086.000002AB472A1000.00000004.00000020.00020000.00000000.sdmp, css2[1].css.0.dr	String found in binary or memory: https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbM
Source: chromecache_117.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_117.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_117.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_117.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: PDFixers.exe, 00000019.00000002.2120144392.000002AB4726C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.c
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.1490022827.000001E1E04B4000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2137861206.000002AB4DCD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)
Source: PDFixers.exe, 00000000.00000002.1490022827.000001E1E04B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans))
Source: PDFixers.exe, 00000000.00000002.1491689599.000001E1E21AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-00001260-Id-00000000:SubsetRegularVersion
Source: PDFixers.exe, 00000019.00000002.2119424389.000002AB47226000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-0000162c-Id-00000000:SubsetRegularVersion
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF
Source: PDFixers.exe, 00000000.00000002.1470247465.000001E1D98C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: PDFixers.exe, 00000000.00000002.1468427550.000001E1D97D9000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116276718.000002AB47056000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com
Source: PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/#
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D9885000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/#q_
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/&T
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/(
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/-
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/...
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/...p
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/5
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/6R
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/BRN
Source: PDFixers.exe, 00000000.00000002.1470417873.000001E1D9929000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/C:
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/a
Source: PDFixers.exe, 00000000.00000002.1472195416.000001E1D99FE000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protection
Source: PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protectionO~
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-s
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-sail-decode.min.jsnC:
Source: PDFixers.exe, 00000000.00000002.1469114547.000001E1D9851000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.1468071088.000001E1D979B000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2118113549.000002AB4714B000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%
Source: PDFixers.exe, 00000000.00000002.1469114547.000001E1D9851000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.
Source: PDFixers.exe, 00000000.00000002.1471993274.000001E1D99E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.J
Source: PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsG
Source: PDFixers.exe, 00000000.00000002.1468071088.000001E1D979B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsJj
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsQ
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsa
Source: PDFixers.exe, 00000000.00000002.1471993274.000001E1D99E1000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjs
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsoO%
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jssO)
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsy
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/fR
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/h
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/m
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/p
Source: PDFixers.exe, 00000000.00000002.1492227048.000001E1E21E0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2118967762.000002AB4719C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/t
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/vRZ
Source: PDFixers.exe, 00000019.00000002.2116276718.000002AB47056000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com2
Source: chromecache_117.22.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_123.22.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_123.22.dr	String found in binary or memory: https://plus.googleapis.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2137861206.000002AB4DCD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFL
Source: PDFixers.exe, 00000000.00000002.1491689599.000001E1E21AB000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119424389.000002AB47226000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLNunito
Source: PDFixers.exe, 00000019.00000002.2120144392.000002AB4726C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLNunitoSans12pt-LightVersion
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P
Source: chromecache_123.22.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.deepl.com/translator#-/$
Source: PDFixers.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.google.com/search?q=$
Source: chromecache_123.22.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_123.22.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_117.22.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_117.22.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_117.22.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa%
Source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/manual
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/manualArialwebsiteArial
Source: SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1855046778.000001E5349DB000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853765058.000001E532E53000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 0000000F.00000003.1666812017.0000022F32EDE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-settings.txt.2.dr, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1398824894.00000261E4E12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.htmlH
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49735 version: TLS 1.2

System Summary

Detected potential crypto function

Source: C:\Users\user\Desktop\PDFixers.exe

Code function: 0_2_00007FF9CD28A501

0_2_00007FF9CD28A501

PE file does not import any functions

Source: PDFixers.exe

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: PDFixers.exe, 00000000.00000002.1490698840.000001E1E052E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamejscript9.dll.muiD vs PDFixers.exe

Searches for the Microsoft Outlook file path

Source: C:\Users\user\Desktop\PDFixers.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE			Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: classification engine

Classification label: sus32.winEXE@23/29@5/5

Source: C:\Users\user\Desktop\PDFixers.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\LZ9DK265.htm

Jump to behavior

Source: C:\Users\user\Desktop\PDFixers.exe

Mutant created: NULL

Source: PDFixers.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PDFixers.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\PDFixers.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PDFixers.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: PDFixers.exe	ReversingLabs: Detection: 54%
Source: PDFixers.exe	Virustotal: Detection: 46%

Source: unknown	Process created: C:\Users\user\Desktop\PDFixers.exe "C:\Users\user\Desktop\PDFixers.exe"
Source: C:\Users\user\Desktop\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Windows\System32\notepad.exe notepad.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1992,i,2968757234271921919,11434174678257635975,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\Desktop\PDFixers.exe "C:\Users\user\Desktop\PDFixers.exe"
Source: C:\Users\user\Desktop\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Windows\System32\notepad.exe notepad.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1992,i,2968757234271921919,11434174678257635975,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: t2embed.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uianimation.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: assignedaccessruntime.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.search.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ehstorshell.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmdeploy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: provsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cldapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: fltlib.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ieframe.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sxs.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d11.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dcomp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxgi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msiso.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mshtml.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msimtf.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d2d1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mlang.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: jscript9.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: t2embed.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windowscodecs.dll

Source: C:\Users\user\Desktop\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Jump to behavior

Source: SumatraPDF.lnk.0.dr	LNK file: ..\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
Source: Google Drive.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

File opened: C:\Windows\SYSTEM32\MsftEdit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Window detected: Number of UI elements: 13
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Window detected: Number of UI elements: 15

Source: C:\Users\user\Desktop\PDFixers.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Jump to behavior

Source: PDFixers.exe

Static PE information: certificate valid

Source: PDFixers.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PDFixers.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: PDFixers.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: PDFixers.exe

Static file information: File size 8507584 > 1048576

Source: PDFixers.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00

Source: PDFixers.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: PDFixers.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: .pdb? source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1243347809.00000261DF66F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb$.=<+ source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb' source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1340051082.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394782452.00000261DF589000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdbc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF575000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$<& source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1334005641.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdf.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbT source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394956228.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1341134365.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb.zip% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdbndows`o source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbnV source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: All supported documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files.a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_] source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1337735761.00000261DF450000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb;.prc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1329242351.00000261DF49D000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1393525598.00000261DF4CD000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234976868.00000261DF4B8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orted documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files.a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbsLo source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrk source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf.xps.oxps.djvu.cbz.cbr.cb7.cbt.chm.svg.epub.mobi.fb2.fb2z.zfb2.fb2.zip.pdb.prc.bmp.dib.gif.jpg.jpeg.jxr.png.tga.tif.tiff.webp.heic.avif.txt.log.nfofile_id.dizread.me*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb/. source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: PDFixers.exe

Static PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]

PE file contains sections with non-standard names

Source: SumatraPDF-3.5.2-64.exe.0.dr

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\PDFixers.exe	Code function: 0_2_00007FF9CD28063D push ebx; iretd	0_2_00007FF9CD28066A
Source: C:\Users\user\Desktop\PDFixers.exe	Code function: 0_2_00007FF9CD287CD5 push eax; retf	0_2_00007FF9CD287CED
Source: C:\Users\user\Desktop\PDFixers.exe	Code function: 25_2_00007FF9CB3F063D push ebx; iretd	25_2_00007FF9CB3F066A

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\PDFixers.exe

File created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Jump to dropped file

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\PDFixers.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1D9BB4E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1D9D3630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1D9D5BB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9BB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9BF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9C10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9C40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9CE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9D40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9D60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9DC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9DE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9E20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9E40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9E60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9E80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9EA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9EC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9EE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9F00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9F20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9F40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9F80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9FA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9FC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9FE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA000000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA020000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA060000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA080000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA2A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA2C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAAA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAAE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DABA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DABE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAC00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAC20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAC40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAC60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DACA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DACC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DACE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAD00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAD20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAD40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAD80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DADA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DADC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DADE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAE00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAE20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAE60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAE80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAEA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAEC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAEE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAF00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAF40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAF60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAF80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAFA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAFC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAFE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB020000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB040000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB060000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB080000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB0A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB0E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB100000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB120000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB160000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB180000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB1A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB1C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB1E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB200000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB220000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB260000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB280000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB2A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB2C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB2E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB300000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB320000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB340000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB380000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB3A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB3C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB3E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB400000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB420000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB440000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB460000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB4A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB4C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB4E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB500000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB520000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB540000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB560000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB580000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB5C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB5E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB600000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB620000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB640000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB660000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB680000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB6A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB6E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB700000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB720000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB740000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB760000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB780000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB7A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB7C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB800000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB820000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB840000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB860000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB880000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB8A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB8C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB900000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB920000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB940000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB960000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB980000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB9A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB9C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB9E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBA20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBA40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBA60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBA80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBAA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBAC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBAE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBB00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBB40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBB60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBB80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBBA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBBC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBBE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBC00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBC20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBC60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBC80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBCA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBCC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBCE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBD00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBD20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBD40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBD80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBDA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBDC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBDE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBE00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBE20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBE40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBE60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBEA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBEC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBEE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBFC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBFE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC000000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC020000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC040000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC060000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC080000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC0C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC0E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC100000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC120000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC140000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC160000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC180000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC1A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC1E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC200000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC220000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC240000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC260000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC280000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC2A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC2C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC300000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC320000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC340000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC360000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC380000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC3A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC3C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC3E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC420000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC440000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC460000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC480000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC4A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC4C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC4E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC500000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC540000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC560000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC580000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC5A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC5C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC5E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC600000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC640000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC660000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC680000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC6A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC6C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC6E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC700000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC720000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC760000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC780000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC7A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC7C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC7E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC800000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC820000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC840000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC880000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC8A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC8C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC8E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC900000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC920000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC940000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC960000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC9A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC9C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC9E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCA00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCA20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCA40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCA60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCE80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3277C0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3411D0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB43830000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342E90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342ED0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342EF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342F20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342FC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343080000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3430C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3430E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343140000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343180000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3431A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3431C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3431E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343200000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3432A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3432C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3432E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB437F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB473C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB473E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB474A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB474C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB474E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47780000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB477A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB477C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47840000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB478A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB478E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB479C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB479E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47A00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47A20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47A40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47A60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47AA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47AC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47AE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47B00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47B20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47B40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB483A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB483E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB484A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB484C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB484E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB485A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB485C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB485E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48660000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB486A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB486C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB486E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48720000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48780000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB487C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB487E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48840000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB488A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB488E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB489A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB489C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48AA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48AC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48BA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48BC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48BE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48C20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48C40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48C60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48C80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48CA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48CC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48CE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48D00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48D40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48D60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48D80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48DA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48DC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48DE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48E00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48E20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48E60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48E80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48EA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48EC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48EE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48F00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48F20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48F40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48F80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48FA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48FC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48FE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49020000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49060000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB490A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB490C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB490E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49100000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49140000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49180000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB491C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB491E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49200000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49240000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB492C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB492E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49320000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB493A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB493E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB494A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB494C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49560000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB495A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB495C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB495E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49660000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49680000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB496A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB496C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB496E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49780000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB497A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB497C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB497E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB498A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB498C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB498E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB499A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB499C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB499E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49A00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49E20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49E40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49E80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49EA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49EC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49EE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49F00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49F20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49F40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49F60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49FA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49FC0000 memory commit \| memory reserve \| memory write watch

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc

Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\PDFixers.exe

Thread delayed: delay time: 922337203685477

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\PDFixers.exe TID: 2396

Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\PDFixers.exe

Thread delayed: delay time: 922337203685477

Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D9885000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: PDFixers.exe, 00000000.00000002.1458137442.000001D9D4064000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: PDFixers.exe, 00000019.00000002.2116423682.000002AB470A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWF
Source: PDFixers.exe, 00000000.00000002.1470417873.000001E1D9929000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB470F6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Anti Debugging

Source: C:\Users\user\Desktop\PDFixers.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\PDFixers.exe

Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"

Jump to behavior

Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr

Binary or memory string: Shell_TrayWndKillProcessesUsingInstallation()

Language, Device and Operating System Detection

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation

Source: C:\Users\user\Desktop\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Searches for user specific document files

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Directory queried: C:\Users\user\Documents

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.105.113	plus.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.147.142	pixel.pdfixers.com	United States	13335	CLOUDFLARENETUS	false
142.251.15.104	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17

Contacted Domains

Name	IP	Active
pixel.pdfixers.com	172.67.147.142	true
plus.l.google.com	142.250.105.113	true
www.google.com	142.251.15.104	true
apis.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0	false		high

AV Detection

Antivirus detection for URL or domain

Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.	Avira URL Cloud: Label: malware
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjs	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: https://pixel.pdfixers.com/-	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsQ	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%	Virustotal: Detection: 5%	Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjs	Virustotal: Detection: 5%	Perma Link

Multi AV Scanner detection for submitted file

Source: PDFixers.exe	ReversingLabs: Detection: 54%
Source: PDFixers.exe	Virustotal: Detection: 46%			Perma Link

Compliance

Source: C:\Users\user\Desktop\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Jump to behavior

Source: PDFixers.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49735 version: TLS 1.2

Source: PDFixers.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: .pdb? source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1243347809.00000261DF66F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb$.=<+ source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb' source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1340051082.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394782452.00000261DF589000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdbc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF575000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$<& source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1334005641.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdf.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbT source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394956228.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1341134365.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb.zip% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdbndows`o source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbnV source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: All supported documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files.a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_] source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1337735761.00000261DF450000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb;.prc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1329242351.00000261DF49D000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1393525598.00000261DF4CD000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234976868.00000261DF4B8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orted documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files.a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbsLo source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrk source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf.xps.oxps.djvu.cbz.cbr.cb7.cbt.chm.svg.epub.mobi.fb2.fb2z.zfb2.fb2.zip.pdb.prc.bmp.dib.gif.jpg.jpeg.jxr.png.tga.tif.tiff.webp.heic.avif.txt.log.nfofile_id.dizread.me*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb/. source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp

Networking

HTTP GET or POST without a user agent

Source: global traffic

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 172.67.147.142 172.67.147.142

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: /Referer: https://pixel.pdfixers.com/Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; AWSALBCORS=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kYBufEXeanGUrwf&MD=g2hAdKhR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAcygOmPQa%2B4%2Bv9iVC1zhhy2y%2BYByynO6SUvsEboHWZRwn9VRCL5EY4dy11ACqC7T0a6htVFufdTOQlusIJYM09IRjq/5KQ4WAgfAyOsGZee57ZAzmGeMgmO9rcFQhm%2BIl0ubXW7oYef9B9SVFzMdtJoIhsTcUUcBTw0AwIMdlzVqj34OdcHINOdoORkq7n4La3Xk1KQ/EDXde/DP%2BvadpPNN19u/u4blyNLp9zaFsMkEr0eZNPb9B0tf2Zn8vgrg6L/lNVxTJfHztFSGBr3k8eYityUpss3C5NQMtCI9kNkqLHRMLG4C4KxW6rA3aeg0TmEj/xZIgYlfXjvJd0DaQqkDZgAACIXF%2BSyMF59HqAFVK5pbhTaMU/BQUJy%2BZeOTpCxwX82QpiBkPX2nAa6whnCNE/75/VaxygMsS0eWehH9CAeZ1n2hB2TXDwqMrJUk5IC/zgC34WeIsz7SsKZDE7LktP1Mg9M4Zt6uBi%2BuuP1w7QA/Mjt8uK1QoAvJUYuptJIoT311%2Bfe3O5aSwSf%2Bg8wphBcGuDep78qASrdsvDhJjgaBr7aK/aIUeuJutWEaj%2B1HxtjE2wPbmefyXXz6dwSir4pK4glm7zKceuoW78AZRyX8Q8HTxRZoARt8YWD/jSXRr2I6%2BsPlGUHpHDVjswgIuiLyyqhmyiNj0OtP/Zvwzlvu6Og28E0OI/hFIaq4wJUDzIEQnwdRF%2BY5zjqb6zbNXQJ7IgPCAa9bdt2MGfEys8wdhptK4u4mgYpMdm7DXzjTlMVMXc7YqO5eRIg4/tApSvflTD4uO6b7/%2BwcwZ3Q7XMMj6fjSW2Pneht4T%2Bm61D7XVS%2BzE9E56sbHdEQ1vX/Ib9Rgma9xieZ88avnwSXsKbvoPaQ9xPIoj5tmbiPnqIqXi4CTsjwww6IAd9sDnYaU28HlxeP2gE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1714066820User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: D89B6D88BE0B4D08ADFDA735253C5F4BX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kYBufEXeanGUrwf&MD=g2hAdKhR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; AWSALBCORS=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy

Source: global traffic	DNS traffic detected: DNS query: pixel.pdfixers.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Source: unknown

Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PDFixers.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PDFixers.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: PDFixers.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: PDFixers.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/documentstructure
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/fixedrepresentation
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB631000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A3291D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: PDFixers.exe	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_117.22.dr	String found in binary or memory: http://www.broofa.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.idpf.org/2007/opf
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: http://www.idpf.org/2007/opfapplication/xhtml
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://://https://translate.google.com/?op=translate&sl=auto&tl=$
Source: chromecache_123.22.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_123.22.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_123.22.dr, chromecache_117.22.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_123.22.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_123.22.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_123.22.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_123.22.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/(N
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/;N4
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/D
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmp, Q33AJR2N.htm.25.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/s
Source: PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/t
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com//B
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/4
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/L
Source: PDFixers.exe, 00000019.00000002.2120392086.000002AB472A1000.00000004.00000020.00020000.00000000.sdmp, css2[1].css.0.dr	String found in binary or memory: https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbM
Source: chromecache_117.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_117.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_117.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_117.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: PDFixers.exe, 00000019.00000002.2120144392.000002AB4726C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.c
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.1490022827.000001E1E04B4000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2137861206.000002AB4DCD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)
Source: PDFixers.exe, 00000000.00000002.1490022827.000001E1E04B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans))
Source: PDFixers.exe, 00000000.00000002.1491689599.000001E1E21AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-00001260-Id-00000000:SubsetRegularVersion
Source: PDFixers.exe, 00000019.00000002.2119424389.000002AB47226000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-0000162c-Id-00000000:SubsetRegularVersion
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF
Source: PDFixers.exe, 00000000.00000002.1470247465.000001E1D98C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: PDFixers.exe, 00000000.00000002.1468427550.000001E1D97D9000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116276718.000002AB47056000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com
Source: PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/#
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D9885000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/#q_
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/&T
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/(
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/-
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/...
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/...p
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/5
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/6R
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/BRN
Source: PDFixers.exe, 00000000.00000002.1470417873.000001E1D9929000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/C:
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/a
Source: PDFixers.exe, 00000000.00000002.1472195416.000001E1D99FE000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protection
Source: PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protectionO~
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-s
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-sail-decode.min.jsnC:
Source: PDFixers.exe, 00000000.00000002.1469114547.000001E1D9851000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.1468071088.000001E1D979B000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2118113549.000002AB4714B000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%
Source: PDFixers.exe, 00000000.00000002.1469114547.000001E1D9851000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.
Source: PDFixers.exe, 00000000.00000002.1471993274.000001E1D99E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.J
Source: PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsG
Source: PDFixers.exe, 00000000.00000002.1468071088.000001E1D979B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsJj
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsQ
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsa
Source: PDFixers.exe, 00000000.00000002.1471993274.000001E1D99E1000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjs
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsoO%
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jssO)
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsy
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/fR
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/h
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/m
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/p
Source: PDFixers.exe, 00000000.00000002.1492227048.000001E1E21E0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2118967762.000002AB4719C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/t
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com/vRZ
Source: PDFixers.exe, 00000019.00000002.2116276718.000002AB47056000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pixel.pdfixers.com2
Source: chromecache_117.22.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_123.22.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_123.22.dr	String found in binary or memory: https://plus.googleapis.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2137861206.000002AB4DCD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFL
Source: PDFixers.exe, 00000000.00000002.1491689599.000001E1E21AB000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119424389.000002AB47226000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLNunito
Source: PDFixers.exe, 00000019.00000002.2120144392.000002AB4726C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLNunitoSans12pt-LightVersion
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P
Source: chromecache_123.22.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.deepl.com/translator#-/$
Source: PDFixers.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.google.com/search?q=$
Source: chromecache_123.22.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_123.22.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_117.22.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_117.22.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_117.22.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa%
Source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/manual
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/manualArialwebsiteArial
Source: SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1855046778.000001E5349DB000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853765058.000001E532E53000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 0000000F.00000003.1666812017.0000022F32EDE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-settings.txt.2.dr, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1398824894.00000261E4E12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.htmlH
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49735 version: TLS 1.2

System Summary

Detected potential crypto function

Source: C:\Users\user\Desktop\PDFixers.exe

Code function: 0_2_00007FF9CD28A501

0_2_00007FF9CD28A501

PE file does not import any functions

Source: PDFixers.exe

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: PDFixers.exe, 00000000.00000002.1490698840.000001E1E052E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamejscript9.dll.muiD vs PDFixers.exe

Searches for the Microsoft Outlook file path

Source: C:\Users\user\Desktop\PDFixers.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE			Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: classification engine

Classification label: sus32.winEXE@23/29@5/5

Source: C:\Users\user\Desktop\PDFixers.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\LZ9DK265.htm

Jump to behavior

Source: C:\Users\user\Desktop\PDFixers.exe

Mutant created: NULL

Source: PDFixers.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PDFixers.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\PDFixers.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PDFixers.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: PDFixers.exe	ReversingLabs: Detection: 54%
Source: PDFixers.exe	Virustotal: Detection: 46%

Source: unknown	Process created: C:\Users\user\Desktop\PDFixers.exe "C:\Users\user\Desktop\PDFixers.exe"
Source: C:\Users\user\Desktop\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Windows\System32\notepad.exe notepad.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1992,i,2968757234271921919,11434174678257635975,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\Desktop\PDFixers.exe "C:\Users\user\Desktop\PDFixers.exe"
Source: C:\Users\user\Desktop\PDFixers.exe	Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process created: C:\Windows\System32\notepad.exe notepad.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1992,i,2968757234271921919,11434174678257635975,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: t2embed.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uianimation.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: assignedaccessruntime.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.search.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: networkexplorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ehstorshell.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: mrmdeploy.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: provsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: cldapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: fltlib.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ieframe.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sxs.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d11.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dcomp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxgi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msiso.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mshtml.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: srpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msimtf.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d2d1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dxcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mlang.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: jscript9.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: t2embed.dll
Source: C:\Users\user\Desktop\PDFixers.exe	Section loaded: windowscodecs.dll

Source: C:\Users\user\Desktop\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Jump to behavior

Source: SumatraPDF.lnk.0.dr	LNK file: ..\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
Source: Google Drive.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.21.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

File opened: C:\Windows\SYSTEM32\MsftEdit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Window detected: Number of UI elements: 13
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Window detected: Number of UI elements: 15

Source: C:\Users\user\Desktop\PDFixers.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\PDFixers.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstall

Jump to behavior

Source: PDFixers.exe

Static PE information: certificate valid

Source: PDFixers.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PDFixers.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: PDFixers.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: PDFixers.exe

Static file information: File size 8507584 > 1048576

Source: PDFixers.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00

Source: PDFixers.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: PDFixers.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: .pdb? source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1243347809.00000261DF66F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb$.=<+ source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb' source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1340051082.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394782452.00000261DF589000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdbc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF575000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$<& source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1334005641.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdf.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbT source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394956228.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1341134365.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb.zip% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: .pdbndows`o source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbnV source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: All supported documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files.a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_] source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1337735761.00000261DF450000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb;.prc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1329242351.00000261DF49D000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1393525598.00000261DF4CD000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234976868.00000261DF4B8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orted documents.pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;.tcrPDF documents.pdfXPS documents.xps;.oxpsDjVu documents.djvuComic books.cbz;.cbr;.cb7;.cbtCHM documents.chmSVG documents.svgEPUB ebooks.epubMobi documents.mobiFictionBook documents.fb2;.fb2z;.zfb2;.fb2.zipPalmDoc documents.pdb;.prcImages.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifText documents.txt;.log;.nfo;file_id.diz;read.me;.tcrAll files.a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbsLo source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf;.xps;.oxps;.djvu;.cbz;.cbr;.cb7;.cbt;.chm;.svg;.epub;.mobi;.fb2;.fb2z;.zfb2;.fb2.zip;.pdb;.prc;.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avif;.txt;.log;.nfo;file_id.diz;read.me;*.tcrk source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdf.xps.oxps.djvu.cbz.cbr.cb7.cbt.chm.svg.epub.mobi.fb2.fb2z.zfb2.fb2.zip.pdb.prc.bmp.dib.gif.jpg.jpeg.jxr.png.tga.tif.tiff.webp.heic.avif.txt.log.nfofile_id.dizread.me*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source:	Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb/. source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: PDFixers.exe

Static PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]

PE file contains sections with non-standard names

Source: SumatraPDF-3.5.2-64.exe.0.dr

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\PDFixers.exe	Code function: 0_2_00007FF9CD28063D push ebx; iretd	0_2_00007FF9CD28066A
Source: C:\Users\user\Desktop\PDFixers.exe	Code function: 0_2_00007FF9CD287CD5 push eax; retf	0_2_00007FF9CD287CED
Source: C:\Users\user\Desktop\PDFixers.exe	Code function: 25_2_00007FF9CB3F063D push ebx; iretd	25_2_00007FF9CB3F066A

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\PDFixers.exe

File created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Jump to dropped file

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\PDFixers.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1D9BB4E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1D9D3630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1D9D5BB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9BB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9BF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9C10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9C40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9CE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9D40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9D60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9DC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9DE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9E20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9E40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9E60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9E80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9EA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9EC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9EE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9F00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9F20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9F40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9F80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9FA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9FC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1D9FE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA000000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA020000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA060000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA080000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA2A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DA2C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAAA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAAE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAB80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DABA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DABE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAC00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAC20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAC40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAC60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DACA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DACC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DACE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAD00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAD20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAD40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAD80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DADA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DADC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DADE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAE00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAE20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAE60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAE80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAEA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAEC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAEE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAF00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAF40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAF60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAF80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAFA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAFC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DAFE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB020000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB040000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB060000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB080000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB0A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB0E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB100000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB120000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB160000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB180000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB1A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB1C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB1E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB200000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB220000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB260000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB280000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB2A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB2C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB2E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB300000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB320000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB340000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB380000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB3A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB3C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB3E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB400000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB420000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB440000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB460000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB4A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB4C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB4E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB500000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB520000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB540000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB560000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB580000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB5C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB5E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB600000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB620000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB640000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB660000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB680000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB6A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB6E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB700000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB720000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB740000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB760000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB780000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB7A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB7C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB800000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB820000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB840000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB860000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB880000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB8A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB8C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB900000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB920000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB940000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB960000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB980000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB9A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB9C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DB9E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBA20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBA40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBA60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBA80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBAA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBAC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBAE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBB00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBB40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBB60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBB80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBBA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBBC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBBE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBC00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBC20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBC60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBC80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBCA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBCC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBCE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBD00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBD20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBD40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBD80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBDA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBDC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBDE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBE00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBE20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBE40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBE60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBEA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBEC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBEE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBF80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBFC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DBFE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC000000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC020000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC040000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC060000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC080000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC0C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC0E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC100000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC120000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC140000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC160000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC180000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC1A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC1E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC200000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC220000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC240000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC260000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC280000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC2A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC2C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC300000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC320000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC340000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC360000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC380000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC3A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC3C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC3E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC420000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC440000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC460000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC480000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC4A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC4C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC4E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC500000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC540000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC560000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC580000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC5A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC5C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC5E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC600000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC640000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC660000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC680000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC6A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC6C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC6E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC700000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC720000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC760000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC780000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC7A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC7C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC7E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC800000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC820000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC840000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC880000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC8A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC8C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC8E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC900000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC920000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC940000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC960000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC9A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC9C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DC9E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCA00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCA20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCA40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCA60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 1E1DCE80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3277C0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3411D0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB43830000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342E90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342ED0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342EF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342F20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A342FC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343080000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3430C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3430E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343140000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343180000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3431A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3431C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3431E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343200000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3432A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3432C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A3432E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2A343340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB437F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB473C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB473E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB474A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB474C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB474E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47780000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB477A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB477C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47840000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB478A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB478E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB479C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB479E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47A00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47A20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47A40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47A60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47AA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47AC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47AE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47B00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47B20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB47B40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB483A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB483E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB484A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB484C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB484E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB485A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB485C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB485E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48660000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB486A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB486C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB486E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48720000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48780000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB487C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB487E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48840000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB488A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB488E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB489A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB489C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48A80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48AA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48AC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48B80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48BA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48BC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48BE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48C20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48C40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48C60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48C80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48CA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48CC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48CE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48D00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48D40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48D60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48D80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48DA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48DC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48DE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48E00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48E20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48E60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48E80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48EA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48EC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48EE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48F00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48F20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48F40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48F80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48FA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48FC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB48FE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49020000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49060000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB490A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB490C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB490E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49100000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49120000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49140000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49160000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49180000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB491C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB491E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49200000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49220000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49240000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49260000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49280000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB492C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB492E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49300000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49320000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49360000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49380000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB493A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB493E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49400000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49420000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49440000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49460000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49480000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB494A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB494C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49500000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49520000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49560000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49580000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB495A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB495C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB495E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49620000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49640000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49660000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49680000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB496A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB496C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB496E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49760000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49780000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB497A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB497C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB497E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49800000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49820000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49860000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49880000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB498A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB498C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB498E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49900000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB499A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB499C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB499E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49A00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49E20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49E40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49E80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49EA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49EC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49EE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49F00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49F20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49F40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49F60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49FA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFixers.exe	Memory allocated: 2AB49FC0000 memory commit \| memory reserve \| memory write watch

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc

Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\PDFixers.exe

Thread delayed: delay time: 922337203685477

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\PDFixers.exe TID: 2396

Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\PDFixers.exe

Thread delayed: delay time: 922337203685477

Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D9885000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: PDFixers.exe, 00000000.00000002.1458137442.000001D9D4064000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: PDFixers.exe, 00000019.00000002.2116423682.000002AB470A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWF
Source: PDFixers.exe, 00000000.00000002.1470417873.000001E1D9929000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB470F6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Anti Debugging

Source: C:\Users\user\Desktop\PDFixers.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\PDFixers.exe

Process created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"

Jump to behavior

Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr

Binary or memory string: Shell_TrayWndKillProcessesUsingInstallation()

Language, Device and Operating System Detection

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation

Source: C:\Users\user\Desktop\PDFixers.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Searches for user specific document files

Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

Directory queried: C:\Users\user\Documents

Jump to behavior

ID:	1431800
Product:	CloudBasic
Start time:	19:38:57
Start date:	25.04.2024
Sample:	PDFixers.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b4440eea7367c3fb04a89225df4022a6
SHA1:	5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256:	a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Filetype:	Win64 Executable GUI Net Framework (217006/5) 49.88%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\css2[1].css	ASCII text	593563DEFDA42F8FAD22F5EA3F89B775	A0C3D8D8C19C01BD3D02B90A126C8CA7F27421B3	2F02D38536746DAE6535E3354B5B844C48C26589AE1B499BE5CB35EF66EAB511
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\email-decode.min[1].js	HTML document, ASCII text, with very long lines (1238)	9E8F56E8E1806253BA01A95CFC3D392C	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\LZ9DK265.htm	HTML document, ASCII text, with very long lines (10298), with CRLF line terminators	CE1F0BE11F66283228FA6D263DA0BD86	A88A392AC86B82E23C78F58D16EDA0ED2D7469F9	CFB1DA67174AE42E667431C6B3796831A1DD0D81D25BC516403E903E342031AE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Q33AJR2N.htm	HTML document, ASCII text, with very long lines (10298), with CRLF line terminators	589DD71FB7836EBE5B74C53F4BEAF0C0	8CE8D8638A916985614FC1A6700C4929D4CDDE2A	4A29E364E2E57284FEC7A9165FA41745033E6FF9AD505B3A04C282581D9C4405
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\font[1].eot	Embedded OpenType (EOT), Nunito Sans 12pt Light family	C6B85601ADBF8C674B4B444DAD696A5D	9103151C858BD4C99150D6B4386D54E99B1EBF90	EC8671B432FF49E1E77F48692397E57ECFA584555AC664C932DCCEA0C9A16044
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	0360E4A91EF7B283DA55492836914478	687985696F7A9E85DA3019789593E61E90D95515	FEA7BFB3CAD5A3243BF6322009567D51EA5826F88783353F59FA8E9A0B306600
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	54696687B7B653B085797719FA400032	A00D842C5A0714CF2D6BA6BA219F7026793BE9FA	2E79AE693F538C96CC5E4843FF0CB94F27C53057C6A9C6EDCD3536199FD0BFF7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	D7AF2E657D29E9C0A4F9838CD6A1270C	8591BEBFD791EB4AD7BA7545F71FC18731E0DC95	CA4FD28DE3410ABDDA0642A43BE72E228167B7D5A08C287E544ED76C4A25883D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	1B1CD7FC0ED127B1E9C7B4A905E21541	A679755DAA8717BC469B88AB94AD259EDA302043	5A0010E5D024C6A984154A4EB355483445CFA0D2823E2EB9DB4AC889FC95AF55
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	092B47DFCEA7D393EBE2F64072374D58	220FB0466363BD01542C239724F0E4F47B6E84DD	089FCCE5A58DAA9607F505275C762AD181F3EB6A9480199F40497A99A02FB450
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	CAEF93097FDEF91796A5E0FD1F3F766F	C76B550D87D7E442B65FB45FE106D6A96D3ACC45	35E787033D4B82B06A90189F92339A2D769780B82BD73558EE8891A4879B3122
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe	PE32+ executable (GUI) x86-64, for MS Windows	C02DC2CA96FE9841963883C0FE177399	7E42E66E9198C258DA48A6194577E3DBD424463A	290E4AA7ED64C728138711C011E89AAB7AA48DBC1AE430371DC2BE4100B92BF0
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	6A39E767AB5F760104D783CCF94E3EB9	70BA8815BD0CD341666D8EE9431C5629793064FE	B578E8258D18C9C21D653C3C130A28E6CCAB53E39164B68DF51F542BD4B2DACF
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	21B26AF0D4CE33D609915549F01A7705	5B2D4B056812AF71E159426324CDAA788D1CB5D7	66CCB395C9184DCE6822DFBB9970C877383B3EAD6D9417B5106A844AAC512989
C:\Users\user\Desktop\SumatraPDF.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Apr 25 16:39:42 2024, mtime=Thu Apr 25 16:39:42 2024, atime=Wed Oct 25 05:17:54 2023, length=16065496, window=hide	2F3FF7562E887388B8871109D50E3288	7DB0D582497164A509E95619239030356D655D1F	52D8AC922F571B3665BAE3FB6651578CAB5C6EA998C96943C6FF2E9C65C9B0CB
Chrome Cache Entry: 117	ASCII text, with very long lines (1746)	0282D5C4C6038FCEB2FF8607EDAC81A4	62EBF05C33F8A3115C208BB4D5CE9B38F6D06447	AAAF17E8ED9C8DD5D1B69C8BBB617600A768256654C076F760E09C6047973371
Chrome Cache Entry: 118	ASCII text, with very long lines (772)	5076DCD39EE919CB5A1923F99B835957	22602ECEFAAC45709125E2A8CAC9DC48DA8D37D1	7F49A6ADAA50A72F8B8D58459A47A5C4FF14DCA95E6A60DF43F4C3802060EECD
Chrome Cache Entry: 119	ASCII text	6FED308183D5DFC421602548615204AF	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
Chrome Cache Entry: 120	ASCII text, with very long lines (65531)	69BB1DEEEB581AA4DC7532891C0BFC04	48700BDFDFDF31E03A111137525959DC54B96F38	8CA615F394D93828EAA16F9C2F691C85D3DF9DEC881DB103CC9131D1781E1321
Chrome Cache Entry: 121	ASCII text, with very long lines (3572), with no line terminators	88BC8C86A83B9BD8EDA6FDF225CDC8DD	473D84930F027A365278C15282725A69721F4B18	47D960E93D9E7AB4C760A09DA0AA5E6549A8355AD5C0BA8476D4269F4FBDB354
Chrome Cache Entry: 122	SVG Scalable Vector Graphics image	554640F465EB3ED903B543DAE0A1BCAC	E0E6E2C8939008217EB76A3B3282CA75F3DC401A	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
Chrome Cache Entry: 123	ASCII text, with very long lines (2124)	F46ACD807A10216E6EEE8EA51E0F14D6	4702F47070F7046689432DCF605F11364BC0FBED	D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086

Windows Analysis Report PDFixers.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
PDFixers.exe