Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PDFixers.exe

Overview

General Information

Sample name:PDFixers.exe
Analysis ID:1431800
MD5:b4440eea7367c3fb04a89225df4022a6
SHA1:5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256:a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Infos:

Detection

Score:32
Range:0 - 100
Whitelisted:false
Confidence:60%

Compliance

Score:64
Range:0 - 100

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Searches for user specific document files
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64_ra
  • PDFixers.exe (PID: 5652 cmdline: "C:\Users\user\Desktop\PDFixers.exe" MD5: B4440EEA7367C3FB04A89225DF4022A6)
    • SumatraPDF-3.5.2-64.exe (PID: 3660 cmdline: "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe" MD5: C02DC2CA96FE9841963883C0FE177399)
  • SumatraPDF-3.5.2-64.exe (PID: 6968 cmdline: "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe" MD5: C02DC2CA96FE9841963883C0FE177399)
    • notepad.exe (PID: 7028 cmdline: notepad.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt" MD5: 27F71B12CB585541885A31BE22F61C83)
  • chrome.exe (PID: 3840 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 2376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1992,i,2968757234271921919,11434174678257635975,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • PDFixers.exe (PID: 3724 cmdline: "C:\Users\user\Desktop\PDFixers.exe" MD5: B4440EEA7367C3FB04A89225DF4022A6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.Avira URL Cloud: Label: malware
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjsAvira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: https://pixel.pdfixers.com/-Virustotal: Detection: 5%Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsQVirustotal: Detection: 5%Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%Virustotal: Detection: 5%Perma Link
Source: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjsVirustotal: Detection: 5%Perma Link
Multi AV Scanner detection for submitted file
Source: PDFixers.exeReversingLabs: Detection: 54%
Source: PDFixers.exeVirustotal: Detection: 46%Perma Link

Compliance

barindex
Creates a software uninstall entry
Source: C:\Users\user\Desktop\PDFixers.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstallJump to behavior
PE / OLE file has a valid certificate
Source: PDFixers.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49735 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: PDFixers.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: .pdb? source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1243347809.00000261DF66F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb$.=<+ source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdb' source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1340051082.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394782452.00000261DF589000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: .pdbc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF575000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s*.xps;*.oxps*.pdf*.ps;*.eps*.djvu*.chm*.cbz;*.cbr;*.cb7;*.cbt*.svgSVG documents*.mobi*.epub*.pdb;*.prc*.fb2;*.fb2z;*.zfb2;*.fb2.zip*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifImagesAll supported documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$<& source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: *.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1334005641.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: *.pdf*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbT source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394956228.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1341134365.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdb.zip% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: .pdbndows`o source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbnV source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: All supported documents*.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrPDF documents*.pdfXPS documents*.xps;*.oxpsDjVu documents*.djvuComic books*.cbz;*.cbr;*.cb7;*.cbtCHM documents*.chmSVG documents*.svgEPUB ebooks*.epubMobi documents*.mobiFictionBook documents*.fb2;*.fb2z;*.zfb2;*.fb2.zipPalmDoc documents*.pdb;*.prcImages*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifText documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrAll files*.*a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_] source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1337735761.00000261DF450000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.pdb;*.prc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1329242351.00000261DF49D000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1393525598.00000261DF4CD000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234976868.00000261DF4B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: orted documents*.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrPDF documents*.pdfXPS documents*.xps;*.oxpsDjVu documents*.djvuComic books*.cbz;*.cbr;*.cb7;*.cbtCHM documents*.chmSVG documents*.svgEPUB ebooks*.epubMobi documents*.mobiFictionBook documents*.fb2;*.fb2z;*.zfb2;*.fb2.zipPalmDoc documents*.pdb;*.prcImages*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifText documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrAll files*.*a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbsLo source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrk source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.pdf*.xps*.oxps*.djvu*.cbz*.cbr*.cb7*.cbt*.chm*.svg*.epub*.mobi*.fb2*.fb2z*.zfb2*.fb2.zip*.pdb*.prc*.bmp*.dib*.gif*.jpg*.jpeg*.jxr*.png*.tga*.tif*.tiff*.webp*.heic*.avif*.txt*.log*.nfofile_id.dizread.me*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb/. source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 172.67.147.142 172.67.147.142
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.63.206.91
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: */*Referer: https://pixel.pdfixers.com/Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; AWSALBCORS=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kYBufEXeanGUrwf&MD=g2hAdKhR HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAcygOmPQa%2B4%2Bv9iVC1zhhy2y%2BYByynO6SUvsEboHWZRwn9VRCL5EY4dy11ACqC7T0a6htVFufdTOQlusIJYM09IRjq/5KQ4WAgfAyOsGZee57ZAzmGeMgmO9rcFQhm%2BIl0ubXW7oYef9B9SVFzMdtJoIhsTcUUcBTw0AwIMdlzVqj34OdcHINOdoORkq7n4La3Xk1KQ/EDXde/DP%2BvadpPNN19u/u4blyNLp9zaFsMkEr0eZNPb9B0tf2Zn8vgrg6L/lNVxTJfHztFSGBr3k8eYityUpss3C5NQMtCI9kNkqLHRMLG4C4KxW6rA3aeg0TmEj/xZIgYlfXjvJd0DaQqkDZgAACIXF%2BSyMF59HqAFVK5pbhTaMU/BQUJy%2BZeOTpCxwX82QpiBkPX2nAa6whnCNE/75/VaxygMsS0eWehH9CAeZ1n2hB2TXDwqMrJUk5IC/zgC34WeIsz7SsKZDE7LktP1Mg9M4Zt6uBi%2BuuP1w7QA/Mjt8uK1QoAvJUYuptJIoT311%2Bfe3O5aSwSf%2Bg8wphBcGuDep78qASrdsvDhJjgaBr7aK/aIUeuJutWEaj%2B1HxtjE2wPbmefyXXz6dwSir4pK4glm7zKceuoW78AZRyX8Q8HTxRZoARt8YWD/jSXRr2I6%2BsPlGUHpHDVjswgIuiLyyqhmyiNj0OtP/Zvwzlvu6Og28E0OI/hFIaq4wJUDzIEQnwdRF%2BY5zjqb6zbNXQJ7IgPCAa9bdt2MGfEys8wdhptK4u4mgYpMdm7DXzjTlMVMXc7YqO5eRIg4/tApSvflTD4uO6b7/%2BwcwZ3Q7XMMj6fjSW2Pneht4T%2Bm61D7XVS%2BzE9E56sbHdEQ1vX/Ib9Rgma9xieZ88avnwSXsKbvoPaQ9xPIoj5tmbiPnqIqXi4CTsjwww6IAd9sDnYaU28HlxeP2gE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1714066820User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: D89B6D88BE0B4D08ADFDA735253C5F4BX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kYBufEXeanGUrwf&MD=g2hAdKhR HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; AWSALBCORS=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy
Source: global trafficDNS traffic detected: DNS query: pixel.pdfixers.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: PDFixers.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PDFixers.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PDFixers.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: PDFixers.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: PDFixers.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: PDFixers.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: PDFixers.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PDFixers.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PDFixers.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
Source: SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
Source: PDFixers.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: PDFixers.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: PDFixers.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: PDFixers.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: PDFixers.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: PDFixers.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://ocsp.sectigo.com0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://schemas.openxps.org/oxps/v1.0/documentstructure
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://schemas.openxps.org/oxps/v1.0/fixedrepresentation
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB631000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A3291D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PDFixers.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: PDFixers.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: PDFixers.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_117.22.drString found in binary or memory: http://www.broofa.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://www.idpf.org/2007/opf
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: http://www.idpf.org/2007/opfapplication/xhtml
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://://https://translate.google.com/?op=translate&sl=auto&tl=$
Source: chromecache_123.22.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_123.22.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_123.22.dr, chromecache_117.22.drString found in binary or memory: https://apis.google.com
Source: chromecache_123.22.drString found in binary or memory: https://clients6.google.com
Source: chromecache_123.22.drString found in binary or memory: https://content.googleapis.com
Source: chromecache_123.22.drString found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_123.22.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/(N
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/;N4
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/D
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmp, Q33AJR2N.htm.25.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/s
Source: PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/t
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/
Source: PDFixers.exe, 00000000.00000002.1470929518.000001E1D99A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com//B
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/4
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/L
Source: PDFixers.exe, 00000019.00000002.2120392086.000002AB472A1000.00000004.00000020.00020000.00000000.sdmp, css2[1].css.0.drString found in binary or memory: https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbM
Source: chromecache_117.22.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_117.22.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_117.22.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_117.22.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: PDFixers.exe, 00000019.00000002.2120144392.000002AB4726C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.c
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.1490022827.000001E1E04B4000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2137861206.000002AB4DCD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Fonthausen/NunitoSans)
Source: PDFixers.exe, 00000000.00000002.1490022827.000001E1E04B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Fonthausen/NunitoSans))
Source: PDFixers.exe, 00000000.00000002.1491689599.000001E1E21AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-00001260-Id-00000000:SubsetRegularVersion
Source: PDFixers.exe, 00000019.00000002.2119424389.000002AB47226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-0000162c-Id-00000000:SubsetRegularVersion
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
Source: SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
Source: SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF
Source: PDFixers.exe, 00000000.00000002.1470247465.000001E1D98C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: PDFixers.exe, 00000000.00000002.1468427550.000001E1D97D9000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116276718.000002AB47056000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com
Source: PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/#
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D9885000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/#q_
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/&T
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/(
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/-
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/...
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/...p
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/5
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/6R
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/BRN
Source: PDFixers.exe, 00000000.00000002.1470417873.000001E1D9929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/C:
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/a
Source: PDFixers.exe, 00000000.00000002.1472195416.000001E1D99FE000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protection
Source: PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protectionO~
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-s
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-sail-decode.min.jsnC:
Source: PDFixers.exe, 00000000.00000002.1469114547.000001E1D9851000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.1468071088.000001E1D979B000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2118113549.000002AB4714B000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%
Source: PDFixers.exe, 00000000.00000002.1469114547.000001E1D9851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.
Source: PDFixers.exe, 00000000.00000002.1471993274.000001E1D99E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.J
Source: PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsG
Source: PDFixers.exe, 00000000.00000002.1468071088.000001E1D979B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsJj
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsQ
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsa
Source: PDFixers.exe, 00000000.00000002.1471993274.000001E1D99E1000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjs
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsoO%
Source: PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jssO)
Source: PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsy
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/fR
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/h
Source: PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/m
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/p
Source: PDFixers.exe, 00000000.00000002.1492227048.000001E1E21E0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2118967762.000002AB4719C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/t
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com/vRZ
Source: PDFixers.exe, 00000019.00000002.2116276718.000002AB47056000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixel.pdfixers.com2
Source: chromecache_117.22.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_123.22.drString found in binary or memory: https://plus.google.com
Source: chromecache_123.22.drString found in binary or memory: https://plus.googleapis.com
Source: PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2137861206.000002AB4DCD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFL
Source: PDFixers.exe, 00000000.00000002.1491689599.000001E1E21AB000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119424389.000002AB47226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFLNunito
Source: PDFixers.exe, 00000019.00000002.2120144392.000002AB4726C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFLNunitoSans12pt-LightVersion
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://sectigo.com/CPS0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P
Source: chromecache_123.22.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.deepl.com/translator#-/$
Source: PDFixers.exeString found in binary or memory: https://www.globalsign.com/repository/0
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.google.com/search?q=$
Source: chromecache_123.22.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_123.22.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_117.22.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_117.22.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_117.22.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa%
Source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
Source: SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/manual
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/manualArialwebsiteArial
Source: SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1855046778.000001E5349DB000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853765058.000001E532E53000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 0000000F.00000003.1666812017.0000022F32EDE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-settings.txt.2.dr, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1398824894.00000261E4E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.htmlH
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress
Source: PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drString found in binary or memory: https://www.sumatrapdfreader.org0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.147.142:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: C:\Users\user\Desktop\PDFixers.exeCode function: 0_2_00007FF9CD28A5010_2_00007FF9CD28A501
Source: PDFixers.exeStatic PE information: No import functions for PE file found
Source: PDFixers.exe, 00000000.00000002.1490698840.000001E1E052E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejscript9.dll.muiD vs PDFixers.exe
Source: C:\Users\user\Desktop\PDFixers.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: classification engineClassification label: sus32.winEXE@23/29@5/5
Source: C:\Users\user\Desktop\PDFixers.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\LZ9DK265.htmJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMutant created: NULL
Source: PDFixers.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: PDFixers.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\PDFixers.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: PDFixers.exeReversingLabs: Detection: 54%
Source: PDFixers.exeVirustotal: Detection: 46%
Source: unknownProcess created: C:\Users\user\Desktop\PDFixers.exe "C:\Users\user\Desktop\PDFixers.exe"
Source: C:\Users\user\Desktop\PDFixers.exeProcess created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: unknownProcess created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess created: C:\Windows\System32\notepad.exe notepad.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt"
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1992,i,2968757234271921919,11434174678257635975,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Users\user\Desktop\PDFixers.exe "C:\Users\user\Desktop\PDFixers.exe"
Source: C:\Users\user\Desktop\PDFixers.exeProcess created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess created: C:\Windows\System32\notepad.exe notepad.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt"Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1992,i,2968757234271921919,11434174678257635975,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: t2embed.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: uianimation.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dui70.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: duser.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: assignedaccessruntime.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: structuredquery.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.storage.search.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: networkexplorer.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: ehstorshell.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: cscui.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: mrmdeploy.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: provsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: cldapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: fltlib.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mscoree.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ieframe.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wkscli.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sxs.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dwrite.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dataexchange.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d3d11.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dcomp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dxgi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msiso.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: urlmon.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mshtml.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: powrprof.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: umpdc.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: srpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msimtf.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msls31.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d2d1.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dxcore.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: secur32.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mlang.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: jscript9.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: schannel.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: t2embed.dll
Source: C:\Users\user\Desktop\PDFixers.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\PDFixers.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
Source: SumatraPDF.lnk.0.drLNK file: ..\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
Source: Google Drive.lnk.21.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.21.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.21.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.21.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.21.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.21.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeWindow found: window name: SysTabControl32Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeFile opened: C:\Windows\SYSTEM32\MsftEdit.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeWindow detected: Number of UI elements: 13
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeWindow detected: Number of UI elements: 15
Source: C:\Users\user\Desktop\PDFixers.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDFUninstallJump to behavior
Source: PDFixers.exeStatic PE information: certificate valid
Source: PDFixers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: PDFixers.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: PDFixers.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: PDFixers.exeStatic file information: File size 8507584 > 1048576
Source: PDFixers.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00
Source: PDFixers.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: PDFixers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: .pdb? source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1243347809.00000261DF66F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb$.=<+ source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdb' source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1340051082.00000261DF58B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394782452.00000261DF589000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: .pdbc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF575000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s*.xps;*.oxps*.pdf*.ps;*.eps*.djvu*.chm*.cbz;*.cbr;*.cb7;*.cbt*.svgSVG documents*.mobi*.epub*.pdb;*.prc*.fb2;*.fb2z;*.zfb2;*.fb2.zip*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifImagesAll supported documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$<& source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: *.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcr source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1334005641.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: *.pdf*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1338436851.00000261DDA6A000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbT source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394956228.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1341134365.00000261DF5C5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdb.zip% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1394642968.00000261DF573000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF56E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: .pdbndows`o source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbnV source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332945179.00000261DF594000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1336633748.00000261DF5B3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: All supported documents*.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrPDF documents*.pdfXPS documents*.xps;*.oxpsDjVu documents*.djvuComic books*.cbz;*.cbr;*.cb7;*.cbtCHM documents*.chmSVG documents*.svgEPUB ebooks*.epubMobi documents*.mobiFictionBook documents*.fb2;*.fb2z;*.zfb2;*.fb2.zipPalmDoc documents*.pdb;*.prcImages*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifText documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrAll files*.*a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_] source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1331466222.00000261DF44F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcr_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1337735761.00000261DF450000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.pdb;*.prc source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1329242351.00000261DF49D000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000002.1393525598.00000261DF4CD000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234976868.00000261DF4B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: orted documents*.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrPDF documents*.pdfXPS documents*.xps;*.oxpsDjVu documents*.djvuComic books*.cbz;*.cbr;*.cb7;*.cbtCHM documents*.chmSVG documents*.svgEPUB ebooks*.epubMobi documents*.mobiFictionBook documents*.fb2;*.fb2z;*.zfb2;*.fb2.zipPalmDoc documents*.pdb;*.prcImages*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifText documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrAll files*.*a_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_\REGISTRY\MACHINE\Software\WOW6432Node\GNU Ghostscriptiptadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_dea_deadea_dea_ source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1392566331.00000261DF44E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbsLo source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1397269297.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1330120703.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1335367950.00000261DF6FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.pdf;*.xps;*.oxps;*.djvu;*.cbz;*.cbr;*.cb7;*.cbt;*.chm;*.svg;*.epub;*.mobi;*.fb2;*.fb2z;*.zfb2;*.fb2.zip;*.pdb;*.prc;*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avif;*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrk source: SumatraPDF-3.5.2-64.exe, 00000002.00000002.1391392869.00000261DDA6C000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1332035005.00000261DDA67000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1234012225.00000261DDA25000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 00000002.00000003.1236240627.00000261DDA6B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.pdf*.xps*.oxps*.djvu*.cbz*.cbr*.cb7*.cbt*.chm*.svg*.epub*.mobi*.fb2*.fb2z*.zfb2*.fb2.zip*.pdb*.prc*.bmp*.dib*.gif*.jpg*.jpeg*.jxr*.png*.tga*.tif*.tiff*.webp*.heic*.avif*.txt*.log*.nfofile_id.dizread.me*.tcrK source: SumatraPDF-3.5.2-64.exe, 00000002.00000003.1240665334.00000261DDA5F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.dr
Source: Binary string: C:\Users\user\AppData\Roaming\SumatraPDF\crashinfo\libmupdf.pdb/. source: SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp
Source: PDFixers.exeStatic PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]
Source: SumatraPDF-3.5.2-64.exe.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\PDFixers.exeCode function: 0_2_00007FF9CD28063D push ebx; iretd 0_2_00007FF9CD28066A
Source: C:\Users\user\Desktop\PDFixers.exeCode function: 0_2_00007FF9CD287CD5 push eax; retf 0_2_00007FF9CD287CED
Source: C:\Users\user\Desktop\PDFixers.exeCode function: 25_2_00007FF9CB3F063D push ebx; iretd 25_2_00007FF9CB3F066A
Source: C:\Users\user\Desktop\PDFixers.exeFile created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\Desktop\PDFixers.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\notepad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\notepad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1D9BB4E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1D9D3630000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1D9D5BB0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9BB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9BF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9C10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9C40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9CE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9D40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9D60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9DC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9DE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9E20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9E40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9E60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9E80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9EA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9EC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9EE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9F00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9F20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9F40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9F80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9FA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9FC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1D9FE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DA000000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DA020000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DA060000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DA080000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DA2A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DA2C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAAA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAAE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAB00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAB20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAB40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAB60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAB80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DABA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DABE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAC00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAC20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAC40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAC60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DACA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DACC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DACE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAD00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAD20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAD40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAD80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DADA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DADC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DADE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAE00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAE20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAE60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAE80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAEA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAEC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAEE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAF00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAF40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAF60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAF80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAFA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAFC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DAFE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB020000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB040000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB060000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB080000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB0A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB0E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB100000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB120000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB160000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB180000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB1A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB1C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB1E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB200000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB220000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB260000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB280000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB2A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB2C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB2E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB300000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB320000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB340000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB380000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB3A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB3C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB3E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB400000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB420000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB440000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB460000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB4A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB4C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB4E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB500000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB520000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB540000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB560000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB580000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB5C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB5E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB600000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB620000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB640000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB660000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB680000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB6A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB6E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB700000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB720000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB740000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB760000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB780000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB7A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB7C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB800000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB820000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB840000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB860000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB880000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB8A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB8C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB900000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB920000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB940000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB960000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB980000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB9A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB9C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DB9E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBA20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBA40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBA60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBA80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBAA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBAC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBAE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBB00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBB40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBB60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBB80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBBA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBBC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBBE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBC00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBC20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBC60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBC80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBCA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBCC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBCE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBD00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBD20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBD40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBD80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBDA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBDC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBDE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBE00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBE20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBE40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBE60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBEA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBEC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBEE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBF00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBF20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBF40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBF60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBF80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBFC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DBFE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC000000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC020000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC040000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC060000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC080000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC0C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC0E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC100000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC120000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC140000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC160000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC180000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC1A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC1E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC200000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC220000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC240000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC260000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC280000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC2A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC2C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC300000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC320000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC340000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC360000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC380000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC3A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC3C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC3E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC420000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC440000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC460000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC480000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC4A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC4C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC4E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC500000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC540000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC560000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC580000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC5A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC5C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC5E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC600000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC640000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC660000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC680000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC6A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC6C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC6E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC700000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC720000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC760000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC780000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC7A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC7C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC7E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC800000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC820000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC840000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC880000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC8A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC8C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC8E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC900000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC920000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC940000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC960000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC9A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC9C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DC9E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DCA00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DCA20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DCA40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DCA60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 1E1DCE80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3277C0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3411D0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB43830000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A342E90000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A342ED0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A342EF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A342F20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A342FC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343000000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343040000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343080000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3430C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3430E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343120000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343140000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343160000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343180000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3431A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3431C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3431E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343200000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343220000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343260000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343280000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3432A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3432C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A3432E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343300000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2A343340000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB437F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB473C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB473E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47400000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47440000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47460000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47480000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB474A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB474C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB474E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47520000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47540000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47760000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47780000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB477A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB477C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47800000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47820000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47840000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47860000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47880000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB478A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB478E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47900000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47920000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47940000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47980000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB479C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB479E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47A00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47A20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47A40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47A60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47AA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47AC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47AE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47B00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47B20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB47B40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48340000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48360000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48380000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB483A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB483E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48400000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48420000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48440000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48480000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB484A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB484C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB484E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48500000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48520000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48540000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48580000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB485A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB485C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB485E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48600000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48620000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48640000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48660000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB486A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB486C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB486E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48700000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48720000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48740000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48760000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48780000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB487C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB487E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48800000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48820000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48840000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48860000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48880000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB488A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB488E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48900000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48920000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48940000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48980000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB489A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB489C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48A00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48A20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48A40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48A60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48A80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48AA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48AC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48B00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48B20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48B40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48B60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48B80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48BA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48BC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48BE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48C20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48C40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48C60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48C80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48CA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48CC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48CE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48D00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48D40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48D60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48D80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48DA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48DC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48DE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48E00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48E20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48E60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48E80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48EA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48EC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48EE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48F00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48F20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48F40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48F80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48FA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48FC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB48FE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49000000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49020000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49040000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49060000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB490A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB490C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB490E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49100000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49120000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49140000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49160000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49180000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB491C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB491E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49200000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49220000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49240000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49260000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49280000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB492C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB492E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49300000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49320000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49340000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49360000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49380000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB493A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB493E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49400000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49420000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49440000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49460000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49480000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB494A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB494C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49500000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49520000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49540000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49560000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49580000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB495A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB495C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB495E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49620000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49640000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49660000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49680000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB496A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB496C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB496E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49700000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49740000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49760000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49780000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB497A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB497C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB497E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49800000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49820000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49860000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49880000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB498A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB498C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB498E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49900000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49920000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49980000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB499A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB499C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB499E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49A00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49E20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49E40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49E80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49EA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49EC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49EE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49F00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49F20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49F40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49F60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49FA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: 2AB49FC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\PDFixers.exe TID: 2396Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\PDFixers.exeThread delayed: delay time: 922337203685477
Source: PDFixers.exe, 00000000.00000002.1469540546.000001E1D9885000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: PDFixers.exe, 00000000.00000002.1458137442.000001D9D4064000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: PDFixers.exe, 00000019.00000002.2116423682.000002AB470A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWF
Source: PDFixers.exe, 00000000.00000002.1470417873.000001E1D9929000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
Source: PDFixers.exe, 00000019.00000002.2117265742.000002AB470F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\PDFixers.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeProcess created: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe" Jump to behavior
Source: SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drBinary or memory string: Shell_TrayWndKillProcessesUsingInstallation()
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessorJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessorJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessorJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessorJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFixers.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exeDirectory queried: C:\Users\user\DocumentsJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Windows Service		1
Windows Service		1
Masquerading		OS Credential Dumping1
Query Registry		Remote Services1
Email Collection		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		12
Process Injection		1
Disable or Modify Tools		LSASS Memory11
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		41
Virtualization/Sandbox Evasion		Security Account Manager1
Process Discovery		SMB/Windows Admin Shares1
Data from Local System		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		12
Process Injection		NTDS41
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets11
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain Credentials22
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PDFixers.exe54%ReversingLabsByteCode-MSIL.PUA.Superfluss
PDFixers.exe46%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
pixel.pdfixers.com3%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.broofa.com0%URL Reputationsafe
http://www.broofa.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
https://csp.withgoogle.com/csp/lcreport/0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.J0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
https://pixel.pdfixers.com/50%Avira URL Cloudsafe
http://www.gribuser.ru/xml/fictionbook/2.00%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-s0%Avira URL Cloudsafe
https://pixel.pdfixers.com/&T0%Avira URL Cloudsafe
https://pixel.pdfixers.com/#0%Avira URL Cloudsafe
http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
https://pixel.pdfixers.com/(0%Avira URL Cloudsafe
http://www.gribuser.ru/xml/fictionbook/2.00%VirustotalBrowse
https://pixel.pdfixers.com/53%VirustotalBrowse
https://pixel.pdfixers.com0%Avira URL Cloudsafe
https://pixel.pdfixers.com/-0%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsQ0%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsG0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
https://pixel.pdfixers.com/6R0%Avira URL Cloudsafe
https://pixel.pdfixers.com/#q_0%Avira URL Cloudsafe
https://pixel.pdfixers.com/-5%VirustotalBrowse
https://pixel.pdfixers.com/fR0%Avira URL Cloudsafe
http://www.zhongyicts.com.cn1%VirustotalBrowse
https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P0%Avira URL Cloudsafe
https://pixel.pdfixers.com3%VirustotalBrowse
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsQ5%VirustotalBrowse
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.100%Avira URL Cloudmalware
https://pixel.pdfixers.com/#q_3%VirustotalBrowse
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsG3%VirustotalBrowse
https://pixel.pdfixers.com/#3%VirustotalBrowse
https://pixel.pdfixers.com/...0%Avira URL Cloudsafe
https://pixel.pdfixers.com/...p0%Avira URL Cloudsafe
https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P0%VirustotalBrowse
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-sail-decode.min.jsnC:0%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsJj0%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsy0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.4%VirustotalBrowse
https://pixel.pdfixers.com/...p0%VirustotalBrowse
https://www.sumatrapdfreader.org00%Avira URL Cloudsafe
https://pixel.pdfixers.com/vRZ0%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/l/email-protection0%Avira URL Cloudsafe
https://://https://translate.google.com/?op=translate&sl=auto&tl=$0%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjs100%Avira URL Cloudmalware
https://pixel.pdfixers.com/cdn-cgi/l/email-protection0%VirustotalBrowse
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsa0%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/l/email-protectionO~0%Avira URL Cloudsafe
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsy0%VirustotalBrowse
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%5%VirustotalBrowse
https://pixel.pdfixers.com/...3%VirustotalBrowse
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjs5%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pixel.pdfixers.com
172.67.147.142
truefalseunknown
plus.l.google.com
142.250.105.113
truefalse
    		high
    www.google.com
    		142.251.15.104
    		truefalse
      		high
      apis.google.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
          		high
          https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
              		high
              http://www.broofa.comchromecache_117.22.drfalse
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              https://www.sumatrapdfreader.org/manualArialwebsiteArialSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                		high
                https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                  		high
                  https://scripts.sil.org/OFLNunitoSans12pt-LightVersionPDFixers.exe, 00000019.00000002.2120144392.000002AB4726C000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.fontbureau.com/designersPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://scripts.sil.org/OFLNunitoPDFixers.exe, 00000000.00000002.1491689599.000001E1E21AB000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119424389.000002AB47226000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1chromecache_123.22.drfalse
                          		high
                          http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFileSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                            		high
                            http://www.sajatypeworks.comPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cn/cThePDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.gribuser.ru/xml/fictionbook/2.0SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://github.com/Fonthausen/NunitoSans))PDFixers.exe, 00000000.00000002.1490022827.000001E1E04B4000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-sPDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://pixel.pdfixers.com/5PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 3%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.JPDFixers.exe, 00000000.00000002.1471993274.000001E1D99E1000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://scripts.sil.org/OFLPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2137861206.000002AB4DCD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://pixel.pdfixers.com/&TPDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerelSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                  		high
                                  https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgressSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                    		high
                                    http://www.galapagosdesign.com/DPleasePDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdfSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                      		high
                                      https://pixel.pdfixers.com/#PDFixers.exe, 00000019.00000002.2118392220.000002AB4716E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • 3%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.urwpp.deDPleasePDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.zhongyicts.com.cnPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 1%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa%SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePDFixers.exe, 00000000.00000002.1428870729.000001D9BB631000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A3291D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.sumatrapdfreader.org/docs/Version-history.htmlSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                            		high
                                            https://pixel.pdfixers.com/(PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.daisy.org/z3986/2005/ncx/SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                              		high
                                              https://pixel.pdfixers.comPDFixers.exe, 00000000.00000002.1468427550.000001E1D97D9000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2109336859.000002A341900000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2116276718.000002AB47056000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • 3%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://pixel.pdfixers.com/-PDFixers.exe, 00000019.00000002.2117265742.000002AB47114000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • 5%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.idpf.org/2007/opfapplication/xhtmlSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                		high
                                                https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsQPDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • 5%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsGPDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • 3%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sPDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)SumatraPDF-3.5.2-64.exe, 00000002.00000002.1390316067.00000261DD9E3000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.oasis-open.org/ns/office/1.2/meta/pkg#DocumentSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                    		high
                                                    https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                      		high
                                                      https://www.sumatrapdfreader.org/settings/settings3-5-1.htmlSumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1855046778.000001E5349DB000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853765058.000001E532E53000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 0000000F.00000003.1666812017.0000022F32EDE000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-settings.txt.2.dr, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                        		high
                                                        https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreadeSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                          		high
                                                          https://pixel.pdfixers.com/6RPDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.sumatrapdfreader.org/update-check-rel.txtSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                            		high
                                                            http://www.carterandcone.comlPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://plus.google.comchromecache_123.22.drfalse
                                                              		high
                                                              https://play.google.com/log?format=json&hasfast=truechromecache_117.22.drfalse
                                                                		high
                                                                http://www.fontbureau.com/designers/frere-jones.htmlPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://pixel.pdfixers.com/#q_PDFixers.exe, 00000000.00000002.1469540546.000001E1D9885000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • 3%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://pixel.pdfixers.com/fRPDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64PSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.sumatrapdfreader.org/docs/Corrupted-installationSumatraPDF-3.5.2-64.exe.0.drfalse
                                                                    		high
                                                                    https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                      		high
                                                                      https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js.PDFixers.exe, 00000000.00000002.1469114547.000001E1D9851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • 4%, Virustotal, Browse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://pixel.pdfixers.com/...PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • 3%, Virustotal, Browse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                        		high
                                                                        https://www.sumatrapdfreader.org/settings/settings3-5-1.htmlHSumatraPDF-3.5.2-64.exe, 00000002.00000002.1398824894.00000261E4E12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.deepl.com/translator#-/$SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                            		high
                                                                            https://clients6.google.comchromecache_123.22.drfalse
                                                                              		high
                                                                              https://pixel.pdfixers.com/...pPDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2105834051.000002A329296000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • 0%, Virustotal, Browse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js%PDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • 5%, Virustotal, Browse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.sumatrapdfreader.org/download-free-pdf-viewerSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                		high
                                                                                http://www.idpf.org/2007/opfSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                  		high
                                                                                  http://www.fontbureau.com/designersGPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.fontbureau.com/designers/?PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.founder.com.cn/cn/bThePDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • 0%, Virustotal, Browse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://ocsp.sectigo.com0PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-sail-decode.min.jsnC:PDFixers.exe, 00000019.00000002.2120677950.000002AB472C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.fontbureau.com/designers?PDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                          		high
                                                                                          http://www.tiro.comPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFileSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                            		high
                                                                                            http://www.goodfont.co.krPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.typography.netDPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.galapagosdesign.com/staff/dennis.htmPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORSSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                              		high
                                                                                              https://www.sumatrapdfreader.org/docs/Contribute-translationSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                                		high
                                                                                                http://fontfabrik.comPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsJjPDFixers.exe, 00000000.00000002.1468071088.000001E1D979B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsyPDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • 0%, Virustotal, Browse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                                  		high
                                                                                                  https://www.sumatrapdfreader.org0PDFixers.exe, 00000000.00000002.1428870729.000001D9BB6EB000.00000004.00000800.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.sumatrapdfreader.org/SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                                    		high
                                                                                                    https://csp.withgoogle.com/csp/lcreport/chromecache_123.22.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://github.com/Fonthausen/NunitoSans)Thread-0000162c-Id-00000000:SubsetRegularVersionPDFixers.exe, 00000019.00000002.2119424389.000002AB47226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://pixel.pdfixers.com/vRZPDFixers.exe, 00000000.00000002.1469540546.000001E1D98A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://pixel.pdfixers.com/cdn-cgi/l/email-protectionPDFixers.exe, 00000000.00000002.1472195416.000001E1D99FE000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • 0%, Virustotal, Browse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaM.$SumatraPDF-3.5.2-64.exe, 0000000E.00000002.1853634517.000001E532D9B000.00000004.00000020.00020000.00000000.sdmp, SumatraPDF-3.5.2-64.exe, 0000000E.00000003.1851799451.000001E532D94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.sumatrapdfreader.org/docs/Keyboard-shortcutsSumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                                          		high
                                                                                                          https://://https://translate.google.com/?op=translate&sl=auto&tl=$SumatraPDF-3.5.2-64.exe, 00000002.00000000.1188750058.00007FF771E2E000.00000002.00000001.01000000.0000000F.sdmp, SumatraPDF-3.5.2-64.exe.0.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		low
                                                                                                          http://www.fonts.comPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.sandoll.co.krPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsjsPDFixers.exe, 00000000.00000002.1471993274.000001E1D99E1000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000019.00000002.2120235410.000002AB47277000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • 5%, Virustotal, Browse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://apis.google.comchromecache_123.22.dr, chromecache_117.22.drfalse
                                                                                                              		high
                                                                                                              http://www.sakkal.comPDFixers.exe, 00000000.00000002.1461816919.000001D9D5452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsaPDFixers.exe, 00000019.00000002.2116899045.000002AB470D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://domains.google.com/suggest/flowchromecache_123.22.drfalse
                                                                                                                		high
                                                                                                                https://pixel.pdfixers.com/cdn-cgi/l/email-protectionO~PDFixers.exe, 00000019.00000002.2119022127.000002AB471F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown

                                                                                                                World Map of Contacted IPs

                                                                                                                • No. of IPs < 25%
                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                • 75% < No. of IPs

                                                                                                                Public IPs

                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                142.250.105.113
                                                                                                                		plus.l.google.comUnited States
                                                                                                                		15169GOOGLEUSfalse
                                                                                                                239.255.255.250
                                                                                                                		unknownReserved
                                                                                                                		unknownunknownfalse
                                                                                                                172.67.147.142
                                                                                                                		pixel.pdfixers.comUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                142.251.15.104
                                                                                                                		www.google.comUnited States
                                                                                                                		15169GOOGLEUSfalse

                                                                                                                Private

                                                                                                                IP
                                                                                                                192.168.2.17

                                                                                                                General Information

                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                Analysis ID:1431800
                                                                                                                Start date and time:2024-04-25 19:38:57 +02:00
                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                Overall analysis duration:0h 7m 14s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                Number of analysed new started processes analysed:27
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:0
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Analysis stop reason:Timeout
                                                                                                                Sample name:PDFixers.exe
                                                                                                                Detection:SUS
                                                                                                                Classification:sus32.winEXE@23/29@5/5
                                                                                                                EGA Information:Failed
                                                                                                                HCA Information:
                                                                                                                • Successful, ratio: 99%
                                                                                                                • Number of executed functions: 65
                                                                                                                • Number of non-executed functions: 4
                                                                                                                Cookbook Comments:
                                                                                                                • Found application associated with file extension: .exe

                                                                                                                Warnings

                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
                                                                                                                • Excluded IPs from analysis (whitelisted): 173.194.219.95, 64.233.185.94, 199.232.214.172, 192.229.211.108, 23.40.205.26, 142.250.105.94, 172.253.124.84, 74.125.136.101, 74.125.136.102, 74.125.136.138, 74.125.136.139, 74.125.136.100, 74.125.136.113, 34.104.35.123, 64.233.176.94, 172.253.124.95, 199.232.210.172
                                                                                                                • Excluded domains from analysis (whitelisted): www.bing.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, evoke-windowsservices-tas.msedge.net, clients.l.google.com, www.gstatic.com
                                                                                                                • Execution Graph export aborted for target PDFixers.exe, PID 3724 because it is empty
                                                                                                                • Execution Graph export aborted for target PDFixers.exe, PID 5652 because it is empty
                                                                                                                • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                TimeTypeDescription
                                                                                                                19:39:54API Interceptor2x Sleep call for process: SumatraPDF-3.5.2-64.exe modified

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                239.255.255.250https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=backGet hashmaliciousGRQ ScamBrowse
                                                                                                                  http://www.mh3solaroh.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                    https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      http://www.jdenviro.caGet hashmaliciousUnknownBrowse
                                                                                                                        https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Get hashmaliciousUnknownBrowse
                                                                                                                          Wc 401k Retirement Plan.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                            http://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                                                                                                https://rro5wktwxr4n.rollout-specialist-assistance-network.cfd/support_case_ID/#8347435238Get hashmaliciousUnknownBrowse
                                                                                                                                  https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                    172.67.147.142PDFixers.zipGet hashmaliciousUnknownBrowse
                                                                                                                                      http://pixel.pdfixers.comGet hashmaliciousUnknownBrowse
                                                                                                                                        https://pdfixers.com/downloadFixer.html?campaign_id%5C=21045767915&adgroup_id%5C=158732629346&placement_id%5C=www.espn.com&creative_id%5C=691698233681&gclid%5C=EAIaIQobChMIsdqlwMv-hAMVHKNaBR0-pAc6EAEYASAAEgJE9vD_BwEGet hashmaliciousUnknownBrowse
                                                                                                                                          https://pdfixers.com/fixerPdf.html?campaign_id=20793026578&adgroup_id=154442634943&placement_id=www.kalenderpedia.de&creative_id=690578524755&gclid=EAIaIQobChMIiPuO6tH9hAMVcwVPCB0kPAl9EAEYASAAEgKpQfD_BwEGet hashmaliciousUnknownBrowse
                                                                                                                                            https://pdfixers.com/Get hashmaliciousUnknownBrowse
                                                                                                                                              https://www.hiclipart.com/free-transparent-background-png-clipart-zjdjz/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                ManyToOneMailMerge Ver 18.8.dotmGet hashmaliciousUnknownBrowse
                                                                                                                                                  http://pdfixers.comGet hashmaliciousUnknownBrowse
                                                                                                                                                    http://pdfixers.comGet hashmaliciousUnknownBrowse

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      pixel.pdfixers.comPDFixers.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      http://pixel.pdfixers.comGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      https://pdfixers.com/downloadFixer.html?campaign_id%5C=21045767915&adgroup_id%5C=158732629346&placement_id%5C=www.espn.com&creative_id%5C=691698233681&gclid%5C=EAIaIQobChMIsdqlwMv-hAMVHKNaBR0-pAc6EAEYASAAEgJE9vD_BwEGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      https://pdfixers.com/fixerPdf.html?campaign_id=20793026578&adgroup_id=154442634943&placement_id=www.kalenderpedia.de&creative_id=690578524755&gclid=EAIaIQobChMIiPuO6tH9hAMVcwVPCB0kPAl9EAEYASAAEgKpQfD_BwEGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      https://pdfixers.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.21.11.17
                                                                                                                                                      https://www.hiclipart.com/free-transparent-background-png-clipart-zjdjz/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      ManyToOneMailMerge Ver 18.8.dotmGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      http://pdfixers.comGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      http://pdfixers.comGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.21.11.17

                                                                                                                                                      ASNs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousPureLog Stealer, RisePro Stealer, zgRATBrowse
                                                                                                                                                      • 172.67.75.166
                                                                                                                                                      ProconGO1121082800.LnK.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.21.29.223
                                                                                                                                                      o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                      • 172.67.74.152
                                                                                                                                                      http://www.mh3solaroh.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 104.17.246.203
                                                                                                                                                      https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 172.67.69.226
                                                                                                                                                      https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 162.159.152.4
                                                                                                                                                      http://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 172.67.223.170
                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.16.225
                                                                                                                                                      http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                      • 104.26.0.231
                                                                                                                                                      https://rro5wktwxr4n.rollout-specialist-assistance-network.cfd/support_case_ID/#8347435238Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.222.163

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      28a2c9bd18a11de089ef85a160da29e4https://colunroad.info/?utm_campaign=y0rsMyowMImIDv9DTSX69oig88PrjKrJ9agQ3DpV-9I1&t=backGet hashmaliciousGRQ ScamBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      http://www.jdenviro.caGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      Wc 401k Retirement Plan.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      https://rro5wktwxr4n.rollout-specialist-assistance-network.cfd/support_case_ID/#8347435238Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      https://r20.rs6.net/tn.jsp?f=001mdupJ4qBb-Nd2_ylzx8HBttlQ9opTAsCLDNaIzR_kjOMUNmpNcZJwTrf1-JKcQms1CJ9Uho976bwGC08_tX5C5noMjVDoDyLOXoK3aopxxStOM8t6wvTBKWgVo18etJYQ_eeHjJ4R2lwkep1pKOUg8VLdGfphtuo&c=&ch=/Er8BdK9PMSuOgr2lskWkeZAKVKx339#?ZnJhbmtfZHJhcGVyQGFvLnVzY291cnRzLmdvdg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      data.tmp.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 23.63.206.91
                                                                                                                                                      • 52.165.165.26
                                                                                                                                                      • 40.126.7.32
                                                                                                                                                      6271f898ce5be7dd52b0fc260d0662b3https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      https://itniy4gbb.cc.rs6.net/tn.jsp?f=001DpCT81a7BIE926OduG6KmKkwKebSAbUZq28C52DoY-FfQJyM_2Gq3l18V1j7KWwJQTfGlQ_HSq0vC8xqJqFST9z0CwmpWgUieBjKckdJcSODJ_3vu5MzvaSoOGbGY9SjpWQtg9-aAXm1e6VV91z84Q2_wlyDMR98&c=i37ZFF5Dy2QSFqOfb2TVpr5vkMFqaR6DdoQbIhzcRV7G2oFwX8NEvA==&ch=2ErEiCYnoykaXa1uoD0AgTD1vOpSqc6zh3ef32Gb4XR_ut8_qvmzHA==&c=&ch=&__=/mrlZp0zmTKgGvsPpx0JUyCMjGZr4J6/Z2dvbnphbGV6c2FsYXNAc2FuaXRhcy5lcw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      http://learningstudio.aiGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      FW_ FHAS Inc_ - Private and Confidential.msgGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      https://stake.libertariancounterpoint.com/+6N67YCBGYSfgUDfzZBWz4mBQM+X0RyGi80NjJ/FF4eJwViQGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      https://funcallback.comGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      Payment MT103.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      PO#0023298413.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      Ref_Order04.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.21.200
                                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0eo3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      Isass.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      https://itniy4gbb.cc.rs6.net/tn.jsp?f=001DpCT81a7BIE926OduG6KmKkwKebSAbUZq28C52DoY-FfQJyM_2Gq3l18V1j7KWwJQTfGlQ_HSq0vC8xqJqFST9z0CwmpWgUieBjKckdJcSODJ_3vu5MzvaSoOGbGY9SjpWQtg9-aAXm1e6VV91z84Q2_wlyDMR98&c=i37ZFF5Dy2QSFqOfb2TVpr5vkMFqaR6DdoQbIhzcRV7G2oFwX8NEvA==&ch=2ErEiCYnoykaXa1uoD0AgTD1vOpSqc6zh3ef32Gb4XR_ut8_qvmzHA==&c=&ch=&__=/mrlZp0zmTKgGvsPpx0JUyCMjGZr4J6/Z2dvbnphbGV6c2FsYXNAc2FuaXRhcy5lcw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      Minutes_of_15th_Session_of_PSC.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      Minutes_of_15th_Session_of_PSC.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      SecuriteInfo.com.Win32.PWSX-gen.25877.26069.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      Database4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 13.107.5.88
                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Win32.Malware-gen.9746.16728.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      ProconGO1121082800.LnK.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      Version.125.7599.75.jsGet hashmaliciousSocGholishBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      Database4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      lzShU2RYJa.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      XV9q6mY4DI.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      n8XBpFdVFU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      R5391762lf.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                                      • 172.67.147.142
                                                                                                                                                      Swift Payment.batGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                      • 172.67.147.142

                                                                                                                                                      Dropped Files

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exePDFixers.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                        https://pdfixers.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                          http://pdfixers.comGet hashmaliciousUnknownBrowse

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\css2[1].css

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):306
                                                                                                                                                            Entropy (8bit):5.565724594514051
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:0IFFJMg+56ZzSVg5qh7izlpdUDSUPtgZMLQHkI+ro+iFHj0c4vn:jF7pO6ZGmqt6pSXsVHDFHj0v
                                                                                                                                                            MD5:593563DEFDA42F8FAD22F5EA3F89B775
                                                                                                                                                            SHA1:A0C3D8D8C19C01BD3D02B90A126C8CA7F27421B3
                                                                                                                                                            SHA-256:2F02D38536746DAE6535E3354B5B844C48C26589AE1B499BE5CB35EF66EAB511
                                                                                                                                                            SHA-512:7DB83EF0938D2D732FB3B4F41AAC09B332BFC36FED6E4064DF39968BF3EFC9C2C6135C09E137A024A3B12EFF561344A44F3E67D6C131971919A9889628F61F5C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                            Preview:@font-face {. font-family: 'Nunito Sans';. font-style: normal;. font-weight: 300;. font-stretch: normal;. font-display: swap;. src: url(https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp5F5bxqqtQ1yiU4GiClntQ&skey=60bfdc605ddb00b1&v=v15);.}.

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\email-decode.min[1].js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (1238)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1239
                                                                                                                                                            Entropy (8bit):5.068464054671174
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:ch63Cf5W8QPIHRZ3hwVFS39bYGwNef1yTZsNUkQ1sZmSuLqNWRco5Jcn5IKM6cuY:C6SQnw/x+SR8ZZkQbp1RZ5JwiKMm7Zc
                                                                                                                                                            MD5:9E8F56E8E1806253BA01A95CFC3D392C
                                                                                                                                                            SHA1:A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
                                                                                                                                                            SHA-256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
                                                                                                                                                            SHA-512:63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                            Preview:!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href")||""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\LZ9DK265.htm

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):33684
                                                                                                                                                            Entropy (8bit):5.60453542916055
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:tbRdP1w6Tgt9vJRxcxDc5sWOVD/HSTjnoZ3iIPVhgcEyeoA7JYquMr1:ZRdP1w6TqJJRxcxDc5sWOVD/HSTjnt2+
                                                                                                                                                            MD5:CE1F0BE11F66283228FA6D263DA0BD86
                                                                                                                                                            SHA1:A88A392AC86B82E23C78F58D16EDA0ED2D7469F9
                                                                                                                                                            SHA-256:CFB1DA67174AE42E667431C6B3796831A1DD0D81D25BC516403E903E342031AE
                                                                                                                                                            SHA-512:F82CEAB7E9273473C62F88584A7065BC70B3E690F501E792F58B087F790BA3DA931B5528942D9F094B3144731823F863062959613899BC30FDB5716142B1C939
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=10" />.. <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet">.... <title>PDFixers Installation</title>.. <style>.. body {.. overflow: hidden; /* Hide scrollbars */.. }.... body {.. font-family: Arial, sans-serif;.. margin: 20px;.. }.... .container {.. width: 632px;.. height: 777px;.. margin: auto;.. padding: 20px;.. border: 1px solid #ddd;.. }.... .eula {.. margin-top: 20px;.. border: 1px solid #ddd;.. padding: 10px;.. height: 300px;.. overflow: auto;.. }.... .button {.. margin-top: 10px;.. padding: 10px 20px;.. background-color: #4CAF50;.. color: white;.. border: none;.. borde

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Q33AJR2N.htm

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):33684
                                                                                                                                                            Entropy (8bit):5.60455032371642
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:tbRdP1w6Tgt9vJRxcxDc5sWOVD//STjnoZ3iIwVhgcEyeoA7JYquMr1:ZRdP1w6TqJJRxcxDc5sWOVD//STjnt1+
                                                                                                                                                            MD5:589DD71FB7836EBE5B74C53F4BEAF0C0
                                                                                                                                                            SHA1:8CE8D8638A916985614FC1A6700C4929D4CDDE2A
                                                                                                                                                            SHA-256:4A29E364E2E57284FEC7A9165FA41745033E6FF9AD505B3A04C282581D9C4405
                                                                                                                                                            SHA-512:3C0D1085EFA6E0710C8567005FE7630BD13C4AD81B43DC05FD4FCFD5CECBA5B45178DF8894ED101C5486DB06AF39F99D063C9032E332E838061D4CE1A872C670
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=10" />.. <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet">.... <title>PDFixers Installation</title>.. <style>.. body {.. overflow: hidden; /* Hide scrollbars */.. }.... body {.. font-family: Arial, sans-serif;.. margin: 20px;.. }.... .container {.. width: 632px;.. height: 777px;.. margin: auto;.. padding: 20px;.. border: 1px solid #ddd;.. }.... .eula {.. margin-top: 20px;.. border: 1px solid #ddd;.. padding: 10px;.. height: 300px;.. overflow: auto;.. }.... .button {.. margin-top: 10px;.. padding: 10px 20px;.. background-color: #4CAF50;.. color: white;.. border: none;.. borde

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\font[1].eot

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            File Type:Embedded OpenType (EOT), Nunito Sans 12pt Light family
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):43569
                                                                                                                                                            Entropy (8bit):7.965514187975993
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:BAovAk9wwidcUfGrYHv2GEu2v/ycF+0iwdEGnysM82tvUwV9d3Cxa8iPat:BAyAk9wwiHrHdshi4BysMX1d3CxaNi
                                                                                                                                                            MD5:C6B85601ADBF8C674B4B444DAD696A5D
                                                                                                                                                            SHA1:9103151C858BD4C99150D6B4386D54E99B1EBF90
                                                                                                                                                            SHA-256:EC8671B432FF49E1E77F48692397E57ECFA584555AC664C932DCCEA0C9A16044
                                                                                                                                                            SHA-512:255B28431550FD2BD7C61080E5645CCEA14CCA43F80AFEA2F7A337E70CB67AA38C978D3777B10DB8A3672D909B268F8499692F278AD590C56C9918AB7429C57F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:1...........................,.....LP....K .P........... .......2..................,.N.u.n.i.t.o. .S.a.n.s. .1.2.p.t. .L.i.g.h.t.....R.e.g.u.l.a.r...:.V.e.r.s.i.o.n. .3...1.0.1.;.g.f.t.o.o.l.s.[.0...9...2.7.]...,.N.u.n.i.t.o. .S.a.n.s. .1.2.p.t. .L.i.g.h.t.....BSGP............................l.............L...h4[... ..c#.....>!.@.y>.x..8v6...&.rl..G2?..S.....^:}i..rp...=..v^:._*.[R..x..$)&.;..Pxk.4.Eh..6. ..4.UC7a..I.!..Ib?.l(.....MEz.*..d.[zu.{.-9..2..O...4.>Y.4l..W.g...a..o......3-..ka?..!..9.;.YN..Z.k....'..`....R.y...=.+......`.O....KS.X...:?}0n.....l....P..k.S..).x#...Q..i.e....0n..a.q...H|.<wZ.2.........a.....C..'<`Wr4^.'{.\.....s.N<{R\.Yyo....*)x....-\P.....N...*$..,.M...v.pB..4'.P.T3F.31.......`..ZF.%..J3.....X.W..Ky..+..=`n..{.`.Q.......ri`..Q.5r.=...V..X..~..C..j:...qZ..yX.c.X>n..v.......v.54..h*X.K....!..:.. .6...J.AL.$M.....:YS1z..Ty....0.....AahG...w......j......zu..yw[D..)&'.^.()aj..'....q .0$.G.<tE..@W....K7....~.}A....6...m>Q...`G.x.Q.8^...Ak

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2677
                                                                                                                                                            Entropy (8bit):3.9954778308288748
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:8Xg19dTT87hFHbidAKZdA1JehwiZUklqehoxy+3:8AjgHzy
                                                                                                                                                            MD5:0360E4A91EF7B283DA55492836914478
                                                                                                                                                            SHA1:687985696F7A9E85DA3019789593E61E90D95515
                                                                                                                                                            SHA-256:FEA7BFB3CAD5A3243BF6322009567D51EA5826F88783353F59FA8E9A0B306600
                                                                                                                                                            SHA-512:9134C4EF95609A6B678EB306B5A7D86FC3C8C0ACA61AA2E198ECCED5D8A2FDF0E2C44EDD5BF2F1462C444F64559F7A88E0CACA4F838B7846733E9C640A0167D9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.@.. ...$+.,.....i..7.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2679
                                                                                                                                                            Entropy (8bit):4.0099251857534695
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:8D19dTT87hFHbidAKZdA10eh/iZUkAQkqehZxy+2:8Rjg99QCy
                                                                                                                                                            MD5:54696687B7B653B085797719FA400032
                                                                                                                                                            SHA1:A00D842C5A0714CF2D6BA6BA219F7026793BE9FA
                                                                                                                                                            SHA-256:2E79AE693F538C96CC5E4843FF0CB94F27C53057C6A9C6EDCD3536199FD0BFF7
                                                                                                                                                            SHA-512:1EBA2D05F84D36E0D7F49F72F8DC826FE07EEA783E71B818ABC453D053CB15F0907BB62BDF35B5DCEDEF77570C2AA2BF4E2311A20C80880CEC1E7F1158A68941
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.@.. ...$+.,.....'.7.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2693
                                                                                                                                                            Entropy (8bit):4.018284507881692
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:8e9dTT87hjHbidAKZdA14tIeh7sFiZUkmgqeh7sXxy+BX:8ejgPn3y
                                                                                                                                                            MD5:D7AF2E657D29E9C0A4F9838CD6A1270C
                                                                                                                                                            SHA1:8591BEBFD791EB4AD7BA7545F71FC18731E0DC95
                                                                                                                                                            SHA-256:CA4FD28DE3410ABDDA0642A43BE72E228167B7D5A08C287E544ED76C4A25883D
                                                                                                                                                            SHA-512:EA25FE9C1C5FA8F7DA7A4FA2F8E01803D9EAC942922EEFC7ACF54D15465E232AA7740D4F061C9098DC80BAA444FF48D36E5A357EFE2561CC3E1FFF47E2522F2A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2681
                                                                                                                                                            Entropy (8bit):4.010380383703911
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:8219dTT87hFHbidAKZdA1behDiZUkwqehdxy+R:8ajgOpy
                                                                                                                                                            MD5:1B1CD7FC0ED127B1E9C7B4A905E21541
                                                                                                                                                            SHA1:A679755DAA8717BC469B88AB94AD259EDA302043
                                                                                                                                                            SHA-256:5A0010E5D024C6A984154A4EB355483445CFA0D2823E2EB9DB4AC889FC95AF55
                                                                                                                                                            SHA-512:B2943A9DF2BC6276D4182F99C9ADD4B88CA776FB3731079CB6C80FBD854B212D5604709BB910F13A02582F86AEB2ABE49E24C07C8C616175DB2B2582E79F4751
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.@.. ...$+.,.......7.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2681
                                                                                                                                                            Entropy (8bit):3.9989914600018563
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:8819dTT87hFHbidAKZdA1VehBiZUk1W1qehTxy+C:8sjge9ly
                                                                                                                                                            MD5:092B47DFCEA7D393EBE2F64072374D58
                                                                                                                                                            SHA1:220FB0466363BD01542C239724F0E4F47B6E84DD
                                                                                                                                                            SHA-256:089FCCE5A58DAA9607F505275C762AD181F3EB6A9480199F40497A99A02FB450
                                                                                                                                                            SHA-512:9BFD21DB994A79D82D1D6A3DF14E4DD66185222711BE6FA1048C720DA5D276288CAA97997AD6F0297EC0304B3AB5F26AFD5AB887D5C0816D0336F7CF7E92C26D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.@.. ...$+.,........7.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:40:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2683
                                                                                                                                                            Entropy (8bit):4.009684108916295
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:8Z19dTT87hFHbidAKZdA1duT6ehOuTbbiZUk5OjqehOuTblxy+yT+:8Ljg8TTTbxWOvTb3y7T
                                                                                                                                                            MD5:CAEF93097FDEF91796A5E0FD1F3F766F
                                                                                                                                                            SHA1:C76B550D87D7E442B65FB45FE106D6A96D3ACC45
                                                                                                                                                            SHA-256:35E787033D4B82B06A90189F92339A2D769780B82BD73558EE8891A4879B3122
                                                                                                                                                            SHA-512:73D10AF9028413095F7BD4266854F5E0E230C05AB140488947168272409CEDBE236F3F7EC8C8F79C850FAAF1AC6D521759B7AAB4D9852E32A75C6E9CDB291775
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.@.. ...$+.,.....s.7.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                            C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16065496
                                                                                                                                                            Entropy (8bit):7.0278259579196165
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:393216:Y6OPZedL1pUAuPXiuZ08RBCxXJq3oeNy8x:KedJp9uPXiuZ08RBCxXJxWy8x
                                                                                                                                                            MD5:C02DC2CA96FE9841963883C0FE177399
                                                                                                                                                            SHA1:7E42E66E9198C258DA48A6194577E3DBD424463A
                                                                                                                                                            SHA-256:290E4AA7ED64C728138711C011E89AAB7AA48DBC1AE430371DC2BE4100B92BF0
                                                                                                                                                            SHA-512:D7ACF551D0764FCFB9A895701679981F76B2FF73F99BCE5DA2C6C3F2F0556EE33F45D0D98848FEE96A6CCFA24E09C26303705C5F094E945E647F53F7E4716FAF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                            • Filename: PDFixers.zip, Detection: malicious, Browse
                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........................................................................V...............................e............S.b....S.......S......Rich............................PE..d.....8e.........."....%..Y..........HU........@..........................................`..................................................*....... ..X.......|........K...0..p...`...p.................... ..(...`.Z.@.............Y.(...|........................text....Y.......Y................. ..`.rdata....'...Y...'...Y.............@..@.data...xri..p....b..J..............@....pdata..|........ ... ..............@..@_RDATA..\............@..............@..@.rsrc...X.... .......B..............@..@.reloc..p....0.......F..............@..B................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1906
                                                                                                                                                            Entropy (8bit):5.193721716673668
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:bsGMk3jjseCLuvkkKtY/K0iswT415VPv4CBzOjxB:AGMk3kehkkKtY/Fix4Bvv6B
                                                                                                                                                            MD5:6A39E767AB5F760104D783CCF94E3EB9
                                                                                                                                                            SHA1:70BA8815BD0CD341666D8EE9431C5629793064FE
                                                                                                                                                            SHA-256:B578E8258D18C9C21D653C3C130A28E6CCAB53E39164B68DF51F542BD4B2DACF
                                                                                                                                                            SHA-512:33F1FA130AE390775C8B39645ED0E54F455D4B8F07CFC51E78DF16E118A932BA7799B00F728B8648C6864B6447155F317768D2C33F456FDF7769538845DDF7E7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.# For documentation, see https://www.sumatrapdfreader.org/settings/settings3-5-1.html..Theme = Light..FixedPageUI [...TextColor = #000000...BackgroundColor = #ffffff...SelectionColor = #f5fc0c...WindowMargin = 2 4 2 4...PageSpacing = 4 4...InvertColors = false...HideScrollbars = false..]..ComicBookUI [...WindowMargin = 0 0 0 0...PageSpacing = 4 4...CbxMangaMode = false..]..ChmUI [...UseFixedPageUI = false..]....SelectionHandlers [..]..ExternalViewers [..]....ZoomLevels = 8.33 12.5 18 25 33.33 50 66.67 75 100 125 150 200 300 400 600 800 1000 1200 1600 2000 2400 3200 4800 6400..ZoomIncrement = 0....PrinterDefaults [...PrintScale = shrink..]..ForwardSearch [...HighlightOffset = 0...HighlightWidth = 15...HighlightColor = #6581ff...HighlightPermanent = false..]..Annotations [...HighlightColor = #ffff00...UnderlineColor = #00ff00...SquigglyColor = #ff00ff...StrikeOutColor = #ff0000...FreeTextColor = ...FreeTextSize = 12...FreeTextBorderWidth = 1...TextIconColor = ...TextIconType = ...Defa

                                                                                                                                                            C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8243933
                                                                                                                                                            Entropy (8bit):7.998709533933773
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:196608:an1PLvFtljMRfLjjL4/Y8261NG9HTta83vu:anZFtlIP4/Y7pO8/u
                                                                                                                                                            MD5:21B26AF0D4CE33D609915549F01A7705
                                                                                                                                                            SHA1:5B2D4B056812AF71E159426324CDAA788D1CB5D7
                                                                                                                                                            SHA-256:66CCB395C9184DCE6822DFBB9970C877383B3EAD6D9417B5106A844AAC512989
                                                                                                                                                            SHA-512:DC8FD647D1C01E783EAD3D870232DA3F6B27949EF8325BF3C88DC481D1C62DF1C89806049D5B691BD7860E003B7D62A0D18C9B1C262EBBA8A0149236704CB015
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:PK........;BYW................SumatraPDF-3.5.2-64.exeUT...2.8e.}.XT...d..\....B3..b+....T.1E.I0....w..A.........rm....6.y.er.wmg`.....| .S..."....[{...4.c.......>..}.^..^k.}.,J...0...c..c.3..e..g.06..Nb.._}......_..14;..pNZV...M...Cs..f.....}.Y..V...2!L.......<..w...3...x...i.}_...*.K.....(R.3.E.zf.H="...\.t....E..gW.[..<..}=...t..E.)..7c.........C..c...]....&.L.go....,..$.t.4V.G<.`l.|...K..._.g.,.1.C.....S..-...x....&1.s.m.1..#...2....2...B....Z....._.HB._...n`l..X....5w..\.X.[F"...8..P.Ro.y(-7..m..,.d.....a..2.{+..6.d0...cu......,.f...=g...`,....V.;?..8.a.t...,........1.]h'c.....J..^gZ../.......#....-}.>..l.b.SJ..G.Sf7*..a.R...!#..P.T..<7(.....QJ.....*..[j.<VYeUJ6.B...^..K.b.WJ.oQ....NbL).'..Y...0...E.X...(...)s..bv.4.Q.l...\...0.T):....*...j...DU..4.J.......b.z...FV4...Y."[...X.b.[h..a....k...<.%A.....7'....,.|..Vad.rs%.=.w....../.q......0WV.~.....j..U....h>...G..l.<.....G......YC.......[."....+..P[.....|...5.5X.....4I.GoL...8

                                                                                                                                                            C:\Users\user\Desktop\SumatraPDF.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Apr 25 16:39:42 2024, mtime=Thu Apr 25 16:39:42 2024, atime=Wed Oct 25 05:17:54 2023, length=16065496, window=hide
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):962
                                                                                                                                                            Entropy (8bit):4.985707771276868
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:8VGxVs1O44UbDCbaVMY//HoLGUKOk5lilTRjAjAkUHJHAIJApgMJws3+REpcbEb6:8VMVm93r7SYglTiAkUeDDOM+ipqCZm
                                                                                                                                                            MD5:2F3FF7562E887388B8871109D50E3288
                                                                                                                                                            SHA1:7DB0D582497164A509E95619239030356D655D1F
                                                                                                                                                            SHA-256:52D8AC922F571B3665BAE3FB6651578CAB5C6EA998C96943C6FF2E9C65C9B0CB
                                                                                                                                                            SHA-512:1833101CAE0FF4376D19B122DFF44AACC19B88135802EB8F70D6D2A88F186B6DDB8BE7D98F4D0B18CFFEB3A3426C77F84C2DD81FF7A28223937BC708E89BEABB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:L..................F.... ......7.....7.7.....4......#........................:..DG..Yr?.D..U..k0.&...&......&..9...p.N.7....wh.7.......t...CFSF..1.....FWtM..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FWtM.X......Y.....................?@.A.p.p.D.a.t.a...B.V.1......X...Roaming.@......FWtM.X......Y.....................s..R.o.a.m.i.n.g.....^.1......X....SUMATR~1..F......X...X.............................-#.S.u.m.a.t.r.a.P.D.F.....|.2..#..YW;2 .SUMATR~1.EXE..`......X...X......X.........................S.u.m.a.t.r.a.P.D.F.-.3...5...2.-.6.4...e.x.e.......q...............-.......p.............H......C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe..5.....\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.S.u.m.a.t.r.a.P.D.F.\.S.u.m.a.t.r.a.P.D.F.-.3...5...2.-.6.4...e.x.e.`.......X.......571345...........hT..CrF.f4... ...F...../....%..hT..CrF.f4... ...F...../....%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                            Chrome Cache Entry: 117

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1746)
                                                                                                                                                            Category:downloaded
                                                                                                                                                            Size (bytes):163891
                                                                                                                                                            Entropy (8bit):5.55061820245277
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:S0eiNiuzs8v4HHKWY8s1BgP4IDQ9GURWu8zylA/u8PemUPhDlaY/ADiZ65LpK629:S0eMhzvwHHKWY8s1BgP4IDQ9GURWu8UD
                                                                                                                                                            MD5:0282D5C4C6038FCEB2FF8607EDAC81A4
                                                                                                                                                            SHA1:62EBF05C33F8A3115C208BB4D5CE9B38F6D06447
                                                                                                                                                            SHA-256:AAAF17E8ED9C8DD5D1B69C8BBB617600A768256654C076F760E09C6047973371
                                                                                                                                                            SHA-512:E21D25042E41527B62E80F9D9B82B85B915BA6D0698B2FFA5D8D59115F764770D1DE2108B72D82D57BFB7A8D4406FB53D091C1DC6D8BD03BED3BCA29CEFD0EAD
                                                                                                                                                            Malicious:false
                                                                                                                                                            URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.oT1FwJRCVC4.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvBynad-nWEy1xIb9j1w6LpLOF6IQ"
                                                                                                                                                            Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.nj=function(a,b,c){return c?a|b:a&~b};_.oj=function(a,b,c,d){a=_.hb(a,b,c,d);return Array.isArray(a)?a:_.lc};_.pj=function(a,b){a=_.nj(a,2,!!(2&b));a=_.nj(a,32,!0);return a=_.nj(a,2048,!1)};_.qj=function(a,b){0===a&&(a=_.pj(a,b));return a=_.nj(a,1,!0)};_.rj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.sj=function(a,b,c){32&b&&c||(a=_.nj(a,32,!1));return a};._.tj=function(a,b,c,d,e,f){var g=!!(2&b),h=g?1:2;const k=1===h;h=2===h;e=!!e;f&&(f=!g);g=_.oj(a,b,d);var l=g[_.v]|0;const n=!!(4&l);if(!n){l=_.qj(l,b);var p=g,r=b,t;(t=!!(2&l))&&(r=_.nj(r,2,!0));let C=!t,X=!0,P=0,H=0;for(;P<p.length;P++){const O=_.Sa(p[P],c,r);if(O instanceof c){if(!t){const Fa=!!((O.ma[_.v]|0)&2);C&&(C=!Fa);X&&(X=Fa)}p[H++]=O}}H<P&&(p.length=H);l=_.nj(l,4,!0);l=_.nj(l,16,X);l=_.nj(l,8,C);_.wa(p,l);t&&Object.freeze(p)}c=!!(8&l)||k&&!g.length;if(f&&!c){_.rj(l)&&(g=_.va(g),l=_.pj(l,.b),b=_.gb(a,b,d,g));f=g;c=l;for(p=0;p<f.length;p++)l=f[p],r=_.eb(l),l

                                                                                                                                                            Chrome Cache Entry: 118

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (772)
                                                                                                                                                            Category:downloaded
                                                                                                                                                            Size (bytes):777
                                                                                                                                                            Entropy (8bit):5.130955360468329
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pSumoqKY86VaBHslgT9lCuABuoB7HHHHHHHYqmffffffo:QDD4KlgZ01BuSEqmffffffo
                                                                                                                                                            MD5:5076DCD39EE919CB5A1923F99B835957
                                                                                                                                                            SHA1:22602ECEFAAC45709125E2A8CAC9DC48DA8D37D1
                                                                                                                                                            SHA-256:7F49A6ADAA50A72F8B8D58459A47A5C4FF14DCA95E6A60DF43F4C3802060EECD
                                                                                                                                                            SHA-512:DFF624A196355C959AD7E4B76632837B9ED94D7222F073D1A1B9977180B0D7468C721D860287830CED49658AFF36FA4F36806805B2C39B47D80B973CA734322D
                                                                                                                                                            Malicious:false
                                                                                                                                                            URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                            Preview:)]}'.["",["stellar blade game review","prime energy drink pfas lawsuit","boston bruins toronto maple leafs","quordle answers today","playstation plus games","when is shogun season 2 coming out","stock market","nfl draft trades"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                            Chrome Cache Entry: 119

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:downloaded
                                                                                                                                                            Size (bytes):29
                                                                                                                                                            Entropy (8bit):3.9353986674667634
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                            MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                            SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                            SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                            SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                            Malicious:false
                                                                                                                                                            URL:https://www.google.com/async/newtab_promos
                                                                                                                                                            Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                            Chrome Cache Entry: 120

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (65531)
                                                                                                                                                            Category:downloaded
                                                                                                                                                            Size (bytes):139803
                                                                                                                                                            Entropy (8bit):5.440722013648973
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:yMRA4aTKJXjPInWWt/usD98kiHLnRA0zqevcZx7haV+trbbbhYxvdU:edKJou8TMyeO0shCO
                                                                                                                                                            MD5:69BB1DEEEB581AA4DC7532891C0BFC04
                                                                                                                                                            SHA1:48700BDFDFDF31E03A111137525959DC54B96F38
                                                                                                                                                            SHA-256:8CA615F394D93828EAA16F9C2F691C85D3DF9DEC881DB103CC9131D1781E1321
                                                                                                                                                            SHA-512:C2B57CD6B5000F2E12D4C87E23DEA5668CC90827F7EC9BF4A172D68F49F01443A8ECF6E9D208AE7B35573C98BE8AE83239363DADC8ED8D3053973213635E8D0C
                                                                                                                                                            Malicious:false
                                                                                                                                                            URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                            Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ra gb_ib gb_Ud gb_od\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Id\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_sd gb_ld gb_yd gb_xd\"\u003e\u003cdiv class\u003d\"gb_rd gb_hd\"\u003e\u003cdiv class\u003d\"gb_Pc gb_r\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Pc gb_Sc gb_r\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                            Chrome Cache Entry: 121

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (3572), with no line terminators
                                                                                                                                                            Category:downloaded
                                                                                                                                                            Size (bytes):3572
                                                                                                                                                            Entropy (8bit):5.150542995862274
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:RJYrcoiktfqqMghOKTEzNx8BSIMw591g8IOl8u8i8DF+Ks:wkktfqqMghxlg8Ig8u78D2
                                                                                                                                                            MD5:88BC8C86A83B9BD8EDA6FDF225CDC8DD
                                                                                                                                                            SHA1:473D84930F027A365278C15282725A69721F4B18
                                                                                                                                                            SHA-256:47D960E93D9E7AB4C760A09DA0AA5E6549A8355AD5C0BA8476D4269F4FBDB354
                                                                                                                                                            SHA-512:3BC486D908160D297AD3028C27177A9C41A1D87EF29A456058265FAF74A1DA069D3B0578F05A79F866C2DB752D5E0E42D179158BD62251D4FDA601A7CBA7CC4D
                                                                                                                                                            Malicious:false
                                                                                                                                                            URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.T5bVtXo12IQ.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTssrVR1lBtzoy_MObv1DSp-vWG36A"
                                                                                                                                                            Preview:.gb_3e{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_Hc{text-align:left}.gb_Hc>*{color:#bdc1c6;line-height:16px}.gb_Hc div:first-child{color:white}.gb_qa{background:none;border:1px solid transparent;-webkit-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;box-sizing:border-box;cursor:pointer;height:40px;margin:8px;outline:none;padding:1px;position:absolute;right:0;top:0;width:40px}.gb_qa:hover{background-color:rgba(68,71,70,.08)}.gb_qa:focus,.gb_qa:active{background-color:rgba(68,71,70,.12)}.gb_qa:focus-visible{border-color:#0b57d0;outline:1px solid transparent;outline-offset:-1px}.gb_i .gb_qa:hover,.gb_i .gb_qa:focus,.gb_i .gb_qa:active{background-color:rgba(227,227,227,.08)}.gb_i .gb_qa:focus-visible{border-color:#a8c7fa}.gb_ra{-webkit-box

                                                                                                                                                            Chrome Cache Entry: 122

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                            Category:downloaded
                                                                                                                                                            Size (bytes):1660
                                                                                                                                                            Entropy (8bit):4.301517070642596
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                            MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                            SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                            SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                            SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                            Malicious:false
                                                                                                                                                            URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                            Chrome Cache Entry: 123

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (2124)
                                                                                                                                                            Category:downloaded
                                                                                                                                                            Size (bytes):121628
                                                                                                                                                            Entropy (8bit):5.506662476672723
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:QI9yvwslCsrCF9f/U2Dj3Fkk7rEehA5L1kx:l9ygsrieDkVaL1kx
                                                                                                                                                            MD5:F46ACD807A10216E6EEE8EA51E0F14D6
                                                                                                                                                            SHA1:4702F47070F7046689432DCF605F11364BC0FBED
                                                                                                                                                            SHA-256:D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086
                                                                                                                                                            SHA-512:811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028
                                                                                                                                                            Malicious:false
                                                                                                                                                            URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0"
                                                                                                                                                            Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);.var ba,ca,da,na,pa,va,wa,za;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=da(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)re

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                            Entropy (8bit):7.9781740953081055
                                                                                                                                                            TrID:
                                                                                                                                                            • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                                                                                                            • Win64 Executable GUI (202006/5) 46.43%
                                                                                                                                                            • Win64 Executable (generic) (12005/4) 2.76%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.46%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.46%
                                                                                                                                                            File name:PDFixers.exe
                                                                                                                                                            File size:8'507'584 bytes
                                                                                                                                                            MD5:b4440eea7367c3fb04a89225df4022a6
                                                                                                                                                            SHA1:5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
                                                                                                                                                            SHA256:a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
                                                                                                                                                            SHA512:69c3a0339aa6d060845570527205136d4aa04b2f13b983e1e84a0d2d9a90e99ec827999a20c57e27a4c27d36e633bb264ddd95a43c03e47cfa3d9f6377e57e76
                                                                                                                                                            SSDEEP:196608:qn1PLvFtljMRfLjjL4/Y8261NG9HTta83vm:qnZFtlIP4/Y7pO8/m
                                                                                                                                                            TLSH:248633347200718BEA6A7E39CD47FD24467BDE42AB4B8F3714593288B6FA6DE0710857
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....~............"...P.................. .....@..... ....................................`...@......@............... .....

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:09354145557f6746

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x140000000
                                                                                                                                                            Entrypoint Section:
                                                                                                                                                            Digitally signed:true
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:4
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:4
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:

                                                                                                                                                            Authenticode Signature

                                                                                                                                                            Signature Valid:true
                                                                                                                                                            Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                                            Error Number:0
                                                                                                                                                            Not Before, Not After
                                                                                                                                                            • 21/11/2023 06:47:08 21/11/2024 06:47:08
                                                                                                                                                            Subject Chain
                                                                                                                                                            • CN=ADSMARKETO LLC, O=ADSMARKETO LLC, STREET="Rybolovetska street, building 49", L=Kyiv, S=Kyiv, C=UA, OID.1.3.6.1.4.1.311.60.2.1.3=UA, SERIALNUMBER=45092259, OID.2.5.4.15=Private Organization
                                                                                                                                                            Version:3
                                                                                                                                                            Thumbprint MD5:CE9A9C6EBB57C0A9EEFEAC3B7ECF65DE
                                                                                                                                                            Thumbprint SHA-1:40C0CB1A69BC8AF1256B2862D729A330937B4CFF
                                                                                                                                                            Thumbprint SHA-256:22DE62CECEF82EDAEC2B6586D463BCB8FBABE8734C95916A4C51F5CFFBED346F
                                                                                                                                                            Serial:2AC7FCE6B9C96D57663F6BB4

                                                                                                                                                            Entrypoint Preview

                                                                                                                                                            Instruction
                                                                                                                                                            dec ebp
                                                                                                                                                            pop edx
                                                                                                                                                            nop
                                                                                                                                                            add byte ptr [ebx], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax+eax], al
                                                                                                                                                            add byte ptr [eax], al

                                                                                                                                                            Data Directories

                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x8020000x1b4bc.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x81a2000x2ec0.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x8008600x1c.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                            Sections

                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x20000x7fe87c0x7fea00829ae0eee9a26946b0cb8f6cae5194d8unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rsrc0x8020000x1b4bc0x1b60088250d9b576ea4b56b614ec4fe007258False0.17515696347031964data3.430310527618212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                            Resources

                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                            RT_ICON0x8021a00x282cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9795799299883314
                                                                                                                                                            RT_ICON0x8049dc0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.06360167987696676
                                                                                                                                                            RT_ICON0x8152140x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.09996457250826642
                                                                                                                                                            RT_ICON0x81944c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.13101659751037345
                                                                                                                                                            RT_ICON0x81ba040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.1801125703564728
                                                                                                                                                            RT_ICON0x81cabc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.3120567375886525
                                                                                                                                                            RT_GROUP_ICON0x81cf340x5adata0.7666666666666667
                                                                                                                                                            RT_VERSION0x81cfa00x31cdata0.4271356783919598
                                                                                                                                                            RT_MANIFEST0x81d2cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                            Network Behavior

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Apr 25, 2024 19:39:37.087044954 CEST49678443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:37.087049961 CEST49677443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:37.087109089 CEST49676443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:38.730663061 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:38.730717897 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:38.730807066 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:38.735498905 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:38.735549927 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:38.981626987 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:38.981719017 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.039726019 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.039757013 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.040564060 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.040630102 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.043281078 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.088114977 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.279450893 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.279576063 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.279602051 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.279629946 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.279663086 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.279701948 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.279716969 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.279772043 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.279819012 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.279874086 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.279906988 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.279963970 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.279989004 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.280042887 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.280080080 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.280133963 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.280210972 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.280270100 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.280297041 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.280354977 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.280384064 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.280440092 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.280453920 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.280513048 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.294629097 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.294744015 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.294764996 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.294826984 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.294864893 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.294919014 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.294969082 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295027018 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295061111 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295118093 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295155048 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295209885 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295248032 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295296907 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295319080 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295376062 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295397997 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295440912 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295453072 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295495987 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295507908 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295555115 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295566082 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295607090 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295617104 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295669079 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295671940 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295685053 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295708895 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295756102 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295766115 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295813084 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295823097 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295855999 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.295867920 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.295900106 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.336441994 CEST49700443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.336489916 CEST44349700172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.346039057 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.346080065 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.346165895 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.346358061 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.346373081 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.576806068 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.576926947 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.577313900 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.577322960 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.577486992 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.577491999 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.839798927 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.839867115 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.839883089 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.839931011 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.839937925 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.839965105 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:39.840006113 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.840025902 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.841598988 CEST49701443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:39:39.841617107 CEST44349701172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:47.406438112 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:47.406501055 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:47.406676054 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:47.407763958 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:47.407785892 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:47.840890884 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:47.841001034 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:47.842546940 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:47.842560053 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:47.842885017 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:47.897121906 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:47.897861004 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                            Apr 25, 2024 19:39:48.200124979 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                            Apr 25, 2024 19:39:48.278244019 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:48.324120998 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.381131887 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.492420912 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.493820906 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.493860960 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.493911028 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.493972063 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.494980097 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.495008945 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.495178938 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.495395899 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.495507956 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.558084011 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558146000 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558167934 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558211088 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558243036 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558243036 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:48.558281898 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558291912 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:48.558311939 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558339119 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:48.558358908 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:48.558664083 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558739901 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:48.558754921 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558861017 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.558916092 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:48.604604959 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.604624987 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.604645014 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.604733944 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.604875088 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.604943037 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.604958057 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.605091095 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.714353085 CEST44349693204.79.197.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.714438915 CEST49693443192.168.2.17204.79.197.200
                                                                                                                                                            Apr 25, 2024 19:39:48.806113958 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                            Apr 25, 2024 19:39:48.807200909 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:48.807233095 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:48.807248116 CEST49706443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:39:48.807255983 CEST4434970652.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.011125088 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                            Apr 25, 2024 19:39:50.337220907 CEST49713443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.337275028 CEST4434971323.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.337456942 CEST49713443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.341294050 CEST49713443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.341331005 CEST4434971323.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.571914911 CEST4434971323.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.572084904 CEST49713443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.574615002 CEST49713443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.574629068 CEST4434971323.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.574989080 CEST4434971323.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.612447977 CEST49713443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.660119057 CEST4434971323.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.782949924 CEST4434971323.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.783034086 CEST4434971323.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.783237934 CEST49713443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.783237934 CEST49713443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.783385992 CEST49713443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.783402920 CEST4434971323.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.825822115 CEST49714443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.825860977 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:50.825932980 CEST49714443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.826278925 CEST49714443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:50.826291084 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:51.053164005 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:51.053266048 CEST49714443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:51.054430962 CEST49714443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:51.054440975 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:51.054781914 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:51.055944920 CEST49714443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:51.100117922 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:51.271030903 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:51.271115065 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:51.271159887 CEST49714443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:51.271887064 CEST49714443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:51.271905899 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:51.271915913 CEST49714443192.168.2.1723.63.206.91
                                                                                                                                                            Apr 25, 2024 19:39:51.271922112 CEST4434971423.63.206.91192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:39:52.069590092 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                            Apr 25, 2024 19:39:52.372109890 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                            Apr 25, 2024 19:39:52.421487093 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                            Apr 25, 2024 19:39:52.977133989 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                            Apr 25, 2024 19:39:54.189109087 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                            Apr 25, 2024 19:39:56.593327045 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                            Apr 25, 2024 19:39:57.231159925 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                            Apr 25, 2024 19:40:01.407144070 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                            Apr 25, 2024 19:40:06.437371016 CEST4969180192.168.2.17104.18.20.226
                                                                                                                                                            Apr 25, 2024 19:40:06.548408985 CEST8049691104.18.20.226192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:06.548592091 CEST4969180192.168.2.17104.18.20.226
                                                                                                                                                            Apr 25, 2024 19:40:06.834192038 CEST49675443192.168.2.17204.79.197.203
                                                                                                                                                            Apr 25, 2024 19:40:11.021148920 CEST49680443192.168.2.1720.189.173.13
                                                                                                                                                            Apr 25, 2024 19:40:21.694946051 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:21.694981098 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:21.695055008 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:21.696162939 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:21.696185112 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:21.707156897 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:21.707186937 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:21.707256079 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:21.737468004 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:21.737483978 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.079063892 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.079148054 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:22.082214117 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:22.082235098 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.082479000 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.108786106 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.108865976 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.119710922 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:22.164110899 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.168426991 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.168450117 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.169400930 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.170595884 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.170624018 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.170655012 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.265858889 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.265954018 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.266108990 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:22.266125917 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.266304970 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.266382933 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:22.266390085 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.266855001 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.266906023 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:22.266911983 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.267529964 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.267605066 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:22.274264097 CEST49716443192.168.2.1713.107.5.88
                                                                                                                                                            Apr 25, 2024 19:40:22.274281979 CEST4434971613.107.5.88192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.486123085 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.486152887 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.486188889 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.486221075 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.486238956 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.486257076 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.486262083 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.486303091 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.486741066 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.486757994 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.486771107 CEST49715443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.486774921 CEST4434971540.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.622442007 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.622473001 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:22.622571945 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.622800112 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:22.622812986 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.012522936 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.013806105 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.013806105 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.013834000 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.013845921 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.013978958 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.014004946 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.315037012 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.315067053 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.315109015 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.315176010 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.315186977 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.315378904 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.315988064 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.315988064 CEST49717443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.316018105 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.316025019 CEST4434971740.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.555109024 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.555151939 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.555386066 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.555668116 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.555682898 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.955117941 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.955648899 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.955671072 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.956348896 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.956355095 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:23.956418991 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:23.956425905 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.270140886 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.270200014 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.270258904 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.270293951 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:24.270342112 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.270380974 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:24.270414114 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.270478964 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:24.270684004 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:24.270714045 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.270766020 CEST49718443192.168.2.1740.126.7.32
                                                                                                                                                            Apr 25, 2024 19:40:24.270780087 CEST4434971840.126.7.32192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.623610020 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:24.623665094 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.623749971 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:24.625638962 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:24.625659943 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.979872942 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.979988098 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:24.981153965 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:24.981220007 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.032474041 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.032501936 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.033624887 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.033809900 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.034527063 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.034590960 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.279747963 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.279824972 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.279853106 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.279903889 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.279962063 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.280014038 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.280056000 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.280122995 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.280227900 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.280275106 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.284008026 CEST49719443192.168.2.1713.107.21.200
                                                                                                                                                            Apr 25, 2024 19:40:25.284027100 CEST4434971913.107.21.200192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.428162098 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:25.428251028 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.428337097 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:25.428747892 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:25.428787947 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.864413977 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.864554882 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:25.866235018 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:25.866288900 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.866708994 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:25.872174025 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:25.916156054 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275279999 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275341034 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275383949 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275440931 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:26.275513887 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275557041 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:26.275578976 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:26.275597095 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275633097 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275670052 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:26.275686026 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275736094 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:26.275748968 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275851011 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.275914907 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:26.296715975 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:26.296777964 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:26.296808958 CEST49720443192.168.2.1752.165.165.26
                                                                                                                                                            Apr 25, 2024 19:40:26.296827078 CEST4434972052.165.165.26192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.087488890 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.087583065 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.087665081 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.087869883 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.087922096 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.329396009 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.329668045 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.329687119 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.331406116 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.331475973 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.332593918 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.332690954 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.333051920 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333089113 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.333178043 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333226919 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333280087 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.333347082 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333422899 CEST49728443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333442926 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333451986 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.333501101 CEST44349728142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.333566904 CEST49728443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333667040 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333682060 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.333867073 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333894014 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.333961010 CEST49728443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.333997965 CEST44349728142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.385195017 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.561955929 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.562236071 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.562253952 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.562582016 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.562874079 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.562902927 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.562938929 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.562999010 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.563092947 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.563114882 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.564361095 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.564428091 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.564671040 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.564749002 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.564755917 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.569124937 CEST44349728142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.569322109 CEST49728443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.569380045 CEST44349728142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.570480108 CEST44349728142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.570770979 CEST49728443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.570952892 CEST44349728142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.579018116 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.579127073 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.579181910 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.579200983 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.581696033 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.581758976 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.581825972 CEST49725443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.581840038 CEST44349725142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.604135990 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.606195927 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.606205940 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.613178968 CEST49728443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.653214931 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.818758965 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.819153070 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.819214106 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.819844007 CEST49727443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.819860935 CEST44349727142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.833899021 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.833935022 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.833967924 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.834033966 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.834065914 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.834115982 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.841619015 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.841655016 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.841692924 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.841698885 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.841741085 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.849625111 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.849659920 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.849684954 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.849693060 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.849735022 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.857669115 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.857729912 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.865536928 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.865605116 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.865612030 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.865655899 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.943794966 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.943878889 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.943878889 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.943941116 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.943983078 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.947824955 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.947892904 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.955744982 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.955791950 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.955820084 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.955828905 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.955877066 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.963675022 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.963737011 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.963737965 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.963758945 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.963808060 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.971688986 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.971739054 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.971751928 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.971760035 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.971805096 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.979692936 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.979752064 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.987637043 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.987680912 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.987694979 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.987703085 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.987747908 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.995615959 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.995659113 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.995673895 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:53.995680094 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.995724916 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.003221035 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.010828972 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.010855913 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.010886908 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.010895967 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.010940075 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.018546104 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.026118040 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.026191950 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.026200056 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.029973984 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.030028105 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.030034065 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.037642002 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.037724018 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.037733078 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.053894043 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.053958893 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.053966045 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.056807995 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.056874990 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.056896925 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.062361956 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.062419891 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.062427998 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.067646980 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.067713022 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.067720890 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.072662115 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.072720051 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.072726965 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.077677011 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.077737093 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.077744961 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.082638025 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.082743883 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.082751036 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.087613106 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.087707996 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.087713957 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.092611074 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.092727900 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.092736006 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.097752094 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.097861052 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.097867012 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.105144024 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.105174065 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.105247021 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.105256081 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.105297089 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.110167980 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.115012884 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.115044117 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.115097046 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.115106106 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.115144968 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.120012999 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.125031948 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.125062943 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.125088930 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.125104904 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.125163078 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.129981995 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.134980917 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.135013103 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.135060072 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.135072947 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.135838032 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.139801979 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.144532919 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.144557953 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.144575119 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.144588947 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.144625902 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.149122953 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.153860092 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.153892994 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.153951883 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.153961897 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.154033899 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.158225060 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.162636042 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.162698030 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.162708044 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.164844990 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.165138006 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.165146112 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.169298887 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.173079014 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.173086882 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.173715115 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.173754930 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.173760891 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.176466942 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.176520109 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.176527023 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.179152012 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.181128025 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.181135893 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.181927919 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.181946993 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.181997061 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.182004929 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.182050943 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.184678078 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.187186003 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.187246084 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.187252045 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.189966917 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.189985037 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.190016031 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.190021992 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.190331936 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.192409992 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.195051908 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.195086002 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.195100069 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.195106030 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.195451975 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.197789907 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.200092077 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.200140953 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.200148106 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.201395035 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.201442957 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.201450109 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.203844070 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.203895092 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.204040051 CEST49726443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:40:54.204055071 CEST44349726142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.371834040 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.371911049 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.372004986 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.372208118 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.372241020 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.604048967 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.604382992 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.604444027 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.605897903 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.606004000 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.607036114 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.607124090 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.607234001 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.607250929 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.653230906 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.823745012 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.823811054 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.823847055 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.823877096 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.823908091 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.823947906 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.823971987 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.823986053 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.824034929 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.831201077 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.838619947 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.838686943 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.838700056 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.838730097 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.838783979 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.846379042 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.854015112 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.854083061 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.854101896 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.908207893 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.933732986 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.937550068 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.937608957 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.937623024 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.945180893 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.945236921 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.945245981 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.952893019 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.952949047 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.952956915 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.960577011 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.960635900 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.960644960 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.968333006 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.968386889 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.968396902 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.976054907 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.976120949 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.976135015 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.983222961 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.983285904 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.983309984 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.990427017 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.990487099 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.990503073 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.997646093 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.997720957 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:55.997735023 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.004859924 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.004935026 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.004951000 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.011864901 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.011925936 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.011940002 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.019098997 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.019175053 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.019191027 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.019217968 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.019263983 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.026316881 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.043658018 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.043721914 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.043735981 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.047219038 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.047282934 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.047295094 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.054570913 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.054639101 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.054651976 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.061611891 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.061676979 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.061690092 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.068723917 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.068777084 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.068780899 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.068795919 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.068840981 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.075829029 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.082336903 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.082371950 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.082391024 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.082406998 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.082453966 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.088371038 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.094541073 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.094604969 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.094618082 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.100579977 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.100653887 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.100667000 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.103641033 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.103697062 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.103708982 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.109682083 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.109746933 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.109759092 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.115298033 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.115358114 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.115371943 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.120599985 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.120665073 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.120678902 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.125663042 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.125727892 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.125741005 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.130532026 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.130601883 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.130614996 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.136225939 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.136305094 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.136323929 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.139995098 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.140069962 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.140083075 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.144393921 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.144458055 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.144470930 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.153119087 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.153209925 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.153218985 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.153237104 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.153285027 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.157402992 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.161675930 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.161740065 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.161755085 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.163914919 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.163979053 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.163991928 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.168201923 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.168272972 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.168287039 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.170783997 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.170845032 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.170857906 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.173444986 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.173506975 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.173520088 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.176062107 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.176136017 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.176148891 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.178709984 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.178769112 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.178782940 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.181358099 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.181421041 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.181433916 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.181466103 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:56.181515932 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.181679010 CEST49733443192.168.2.17142.250.105.113
                                                                                                                                                            Apr 25, 2024 19:40:56.181709051 CEST44349733142.250.105.113192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:57.787866116 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:57.787894964 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:57.787909031 CEST44349734172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:57.787935019 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:57.787997007 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:57.788027048 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:57.791856050 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:57.791874886 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:57.792085886 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:57.792103052 CEST44349734172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.030008078 CEST44349734172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.030085087 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.031287909 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.031377077 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.033020973 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.033031940 CEST44349734172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.033703089 CEST44349734172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.033788919 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.033818960 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.033832073 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.034221888 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.034282923 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.034682035 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.076157093 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.336358070 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.336410046 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.336433887 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.336438894 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.336467028 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.336488008 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.336488008 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.336499929 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.336504936 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.336538076 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.336541891 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.336549997 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.336570024 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.336599112 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.336601973 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.336639881 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.340140104 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.340200901 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.340221882 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.340225935 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.340234995 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.340240002 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.340276003 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.348197937 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.348258018 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.348257065 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.348284960 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.348311901 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.348380089 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.351480961 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.351541042 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.351624012 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.351665020 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.351742983 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.351790905 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.351831913 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.351895094 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.351917028 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.351965904 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352004051 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352056980 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352088928 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352150917 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352196932 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352247000 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352299929 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352356911 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352411985 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352458954 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352488995 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352539062 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352575064 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352619886 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352689028 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352744102 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352775097 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352823973 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.352910042 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:58.352968931 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.445167065 CEST49735443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:40:58.445210934 CEST44349735172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:41:03.573617935 CEST44349728142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:41:03.573767900 CEST44349728142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:41:03.573854923 CEST49728443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:41:05.268235922 CEST49728443192.168.2.17142.251.15.104
                                                                                                                                                            Apr 25, 2024 19:41:05.268263102 CEST44349728142.251.15.104192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:41:13.013916016 CEST44349734172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:41:13.014062881 CEST44349734172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:41:13.014126062 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:41:13.014166117 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:41:14.471529007 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:41:14.471529007 CEST49734443192.168.2.17172.67.147.142
                                                                                                                                                            Apr 25, 2024 19:41:14.471565962 CEST44349734172.67.147.142192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:41:14.471652031 CEST49734443192.168.2.17172.67.147.142

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Apr 25, 2024 19:39:38.610464096 CEST5396853192.168.2.171.1.1.1
                                                                                                                                                            Apr 25, 2024 19:39:38.723880053 CEST53539681.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:49.291627884 CEST138138192.168.2.17192.168.2.255
                                                                                                                                                            Apr 25, 2024 19:40:52.873096943 CEST53547401.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:52.928769112 CEST53633171.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:52.976654053 CEST6514653192.168.2.171.1.1.1
                                                                                                                                                            Apr 25, 2024 19:40:52.976816893 CEST5020353192.168.2.171.1.1.1
                                                                                                                                                            Apr 25, 2024 19:40:53.086685896 CEST53651461.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.086880922 CEST53502031.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:53.565593004 CEST53494971.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:54.384265900 CEST53525061.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.259787083 CEST6299253192.168.2.171.1.1.1
                                                                                                                                                            Apr 25, 2024 19:40:55.259991884 CEST6207953192.168.2.171.1.1.1
                                                                                                                                                            Apr 25, 2024 19:40:55.369935989 CEST53629921.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:40:55.370882034 CEST53620791.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:41:10.552993059 CEST53628021.1.1.1192.168.2.17
                                                                                                                                                            Apr 25, 2024 19:41:29.263063908 CEST53533741.1.1.1192.168.2.17

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                            Apr 25, 2024 19:39:38.610464096 CEST192.168.2.171.1.1.10x99edStandard query (0)pixel.pdfixers.comA (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:52.976654053 CEST192.168.2.171.1.1.10x6295Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:52.976816893 CEST192.168.2.171.1.1.10xfdc3Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.259787083 CEST192.168.2.171.1.1.10xae1bStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.259991884 CEST192.168.2.171.1.1.10x34faStandard query (0)apis.google.com65IN (0x0001)false

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                            Apr 25, 2024 19:39:38.723880053 CEST1.1.1.1192.168.2.170x99edNo error (0)pixel.pdfixers.com172.67.147.142A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:39:38.723880053 CEST1.1.1.1192.168.2.170x99edNo error (0)pixel.pdfixers.com104.21.11.17A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:53.086685896 CEST1.1.1.1192.168.2.170x6295No error (0)www.google.com142.251.15.104A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:53.086685896 CEST1.1.1.1192.168.2.170x6295No error (0)www.google.com142.251.15.99A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:53.086685896 CEST1.1.1.1192.168.2.170x6295No error (0)www.google.com142.251.15.106A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:53.086685896 CEST1.1.1.1192.168.2.170x6295No error (0)www.google.com142.251.15.147A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:53.086685896 CEST1.1.1.1192.168.2.170x6295No error (0)www.google.com142.251.15.103A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:53.086685896 CEST1.1.1.1192.168.2.170x6295No error (0)www.google.com142.251.15.105A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:53.086880922 CEST1.1.1.1192.168.2.170xfdc3No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.369935989 CEST1.1.1.1192.168.2.170xae1bNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.369935989 CEST1.1.1.1192.168.2.170xae1bNo error (0)plus.l.google.com142.250.105.113A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.369935989 CEST1.1.1.1192.168.2.170xae1bNo error (0)plus.l.google.com142.250.105.138A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.369935989 CEST1.1.1.1192.168.2.170xae1bNo error (0)plus.l.google.com142.250.105.101A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.369935989 CEST1.1.1.1192.168.2.170xae1bNo error (0)plus.l.google.com142.250.105.102A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.369935989 CEST1.1.1.1192.168.2.170xae1bNo error (0)plus.l.google.com142.250.105.139A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.369935989 CEST1.1.1.1192.168.2.170xae1bNo error (0)plus.l.google.com142.250.105.100A (IP address)IN (0x0001)false
                                                                                                                                                            Apr 25, 2024 19:40:55.370882034 CEST1.1.1.1192.168.2.170x34faNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • pixel.pdfixers.com
                                                                                                                                                            • https:
                                                                                                                                                            • slscr.update.microsoft.com
                                                                                                                                                            • fs.microsoft.com
                                                                                                                                                            • evoke-windowsservices-tas.msedge.net
                                                                                                                                                            • login.live.com
                                                                                                                                                            • www.bing.com
                                                                                                                                                            • www.google.com
                                                                                                                                                            • apis.google.com

                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            0192.168.2.1749700172.67.147.1424435652C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:39:39 UTC432OUTGET / HTTP/1.1
                                                                                                                                                            Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                            UA-CPU: AMD64
                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                            Host: pixel.pdfixers.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-04-25 17:39:39 UTC991INHTTP/1.1 200 OK
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:39:39 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: AWSALB=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; Expires=Thu, 02 May 2024 17:39:39 GMT; Path=/
                                                                                                                                                            Set-Cookie: AWSALBCORS=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; Expires=Thu, 02 May 2024 17:39:39 GMT; Path=/; SameSite=None
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vb2IY38vT0N42IXBeGpfPZN%2Bp6Yrz2oln3X2TwBiQ8PcLCySyhTCxu5%2FexBEXqiyehvsySLhgsyuz71qSFDkc1NbRgaH411cacxmyD%2FYjSHNadAYnX6FmLHx2RnsHlHU1n0U1Tw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 87a01d19df7a7bba-ATL
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            2024-04-25 17:39:39 UTC378INData Raw: 33 35 62 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 75 6e 69 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 33 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 44 46 69 78 65 72 73 20 49 6e 73 74 61 6c 6c 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20
                                                                                                                                                            Data Ascii: 35bd<!DOCTYPE html><html><head> <meta http-equiv="X-UA-Compatible" content="IE=10" /> <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet"> <title>PDFixers Installation</title>
                                                                                                                                                            2024-04-25 17:39:39 UTC1369INData Raw: 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 33 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 37 37 37 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20
                                                                                                                                                            Data Ascii: -family: Arial, sans-serif; margin: 20px; } .container { width: 632px; height: 777px; margin: auto; padding: 20px; border: 1px solid #ddd; }
                                                                                                                                                            2024-04-25 17:39:39 UTC1369INData Raw: 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 34 30 70 78 3b 0d 0a 20
                                                                                                                                                            Data Ascii: center; flex-direction: column; align-items: center; } .loader { border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%; width: 40px;
                                                                                                                                                            2024-04-25 17:39:39 UTC1369INData Raw: 2f 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 74 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 35 70 78 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73
                                                                                                                                                            Data Ascii: / text-align: center; } .button-container span { vertical-align: middle; font-size: 10px; } .btn { width: 100px; padding: 15px 10px; curs
                                                                                                                                                            2024-04-25 17:39:39 UTC1369INData Raw: 4e 6f 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 61 6c 6c 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 22 20 73 72 63 3d 27 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 4d 67 41 41 41 44 49 43 41 59 41 41 41 43 74 57 4b 36 65 41 41 41 41 42 48 4e 43 53 56 51 49 43 41 67 49 66 41 68 6b 69 41 41 41 41 41 6c 77 53 46 6c 7a 41 41 41
                                                                                                                                                            Data Ascii: No</button> </div> </div> <div id="all"> <div class="close-button"> <img width="10" src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAA
                                                                                                                                                            2024-04-25 17:39:39 UTC1369INData Raw: 43 42 76 31 4c 6c 59 6a 67 46 62 42 72 35 4a 2f 4f 4d 33 77 48 57 5a 73 38 37 43 63 6f 68 6c 34 42 76 45 4c 30 45 44 48 4d 79 63 64 52 71 57 51 36 2b 6f 71 53 51 31 66 4b 6d 4c 35 64 42 70 6c 6f 43 76 45 37 38 55 44 58 41 6f 63 39 59 7a 73 52 78 61 31 78 4c 77 4e 65 4b 58 6f 77 45 4f 5a 38 37 36 61 69 79 48 4e 72 51 45 50 45 62 38 6b 6a 54 41 6b 63 78 5a 54 32 59 35 4e 4c 45 6c 34 4b 76 45 4c 30 73 44 33 4a 41 35 4b 30 41 4b 79 6d 59 35 46 74 67 53 38 42 58 69 6c 36 59 42 62 73 79 59 4d 31 57 51 7a 33 49 73 71 43 58 67 79 38 51 76 54 77 50 63 6c 43 46 66 71 69 43 58 35 56 68 77 53 38 43 6a 78 43 39 52 41 39 7a 63 59 61 35 55 51 5a 36 47 6e 6e 32 4a 7a 56 41 74 41 59 38 51 76 30 77 4e 63 45 73 48 65 56 49 46 4f 53 78 48 7a 79 77 42 44 78 4f 2f 56 41 33 7a
                                                                                                                                                            Data Ascii: CBv1LlYjgFbBr5J/OM3wHWZs87Ccohl4BvEL0EDHMycdRqWQ6+oqSQ1fKmL5dBploCvE78UDXAoc9YzsRxa1xLwNeKXowEOZ876aiyHNrQEPEb8kjTAkcxZT2Y5NLEl4KvEL0sD3JA5K0AKymY5FtgS8BXil6YBbsyYM1WQz3IsqCXgy8QvTwPclCFfqiCX5VhwS8CjxC9RA9zcYa5UQZ6Gnn2JzVAtAY8Qv0wNcEsHeVIFOSxHzywBDxO/VA3z
                                                                                                                                                            2024-04-25 17:39:39 UTC1369INData Raw: 6a 75 6f 49 45 53 38 66 4f 31 4a 44 4f 34 44 4d 74 52 53 69 4a 2b 7a 71 76 41 4a 5a 6c 7a 39 73 5a 57 78 67 4f 4c 66 72 51 68 6c 4b 4f 56 69 4a 2f 33 4b 6e 42 78 35 70 77 4c 37 31 49 73 52 35 52 45 2f 4e 78 58 67 59 73 79 35 31 78 59 6c 69 4e 65 49 6e 37 2b 4b 38 43 46 6d 58 4d 75 6e 45 75 77 48 4c 56 49 78 4c 2f 44 43 6e 42 42 35 70 77 4c 77 33 4c 55 4a 78 48 2f 48 70 61 45 38 56 2f 4b 4c 45 65 64 45 76 48 76 73 67 4b 63 6e 7a 6c 6e 74 53 37 43 63 74 51 75 45 66 38 2b 4b 38 42 35 6d 58 4e 57 35 30 4c 47 77 61 4f 48 62 7a 6b 32 6c 6f 68 2f 70 35 65 42 54 32 54 4f 57 59 33 7a 73 42 79 4c 4a 68 48 2f 58 69 38 44 48 38 75 63 4d 39 77 48 67 42 50 45 44 39 74 79 54 43 38 52 2f 32 37 2f 42 64 36 62 4f 57 65 59 73 34 41 2f 45 7a 39 6b 79 7a 47 37 52 50 7a 37 2f
                                                                                                                                                            Data Ascii: juoIES8fO1JDO4DMtRSiJ+zqvAJZlz9sZWxgOLfrQhlKOViJ/3KnBx5pwL71IsR5RE/NxXgYsy51xYliNeIn7+K8CFmXMunEuwHLVIxL/DCnBB5pwLw3LUJxH/HpaE8V/KLEedEvHvsgKcnzlntS7CctQuEf8+K8B5mXNW50LGwaOHbzk2loh/p5eBT2TOWY3zsByLJhH/Xi8DH8ucM9wHgBPED9tyTC8R/27/Bd6bOWeYs4A/Ez9kyzG7RPz7/
                                                                                                                                                            2024-04-25 17:39:39 UTC1369INData Raw: 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 41 74 20 70 64 66 69 78 65 72 73 20 28 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 43 6f 6d 70 61 6e 79 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 26 72 64 71 75 6f 3b 20 6f 72 20 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 77 65 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 26 6c 64 71 75 6f 3b 29 2c 20 77 65 20 70 6c 61 63 65 20 67 72 65 61 74 20 69 6d 70 6f 72 74 61 6e 63 65 20 6f 6e 20 70 72 69 76 61 63 79 2c 20 73 65 63 75 72 69 74 79 2c 20 61 6e 64 20 6f 6e 6c 69 6e 65 20 73 61 66 65 74 79
                                                                                                                                                            Data Ascii: <p class="c4"><span class="c12">At pdfixers (&ldquo;</span><span class="c1">Company</span><span class="c12">&rdquo; or &ldquo;</span><span class="c1">we</span><span class="c0">&ldquo;), we place great importance on privacy, security, and online safety
                                                                                                                                                            2024-04-25 17:39:39 UTC1369INData Raw: 65 20 53 6f 66 74 77 61 72 65 2c 20 77 65 20 73 74 72 6f 6e 67 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 20 74 68 61 74 20 75 73 65 72 73 20 63 61 72 65 66 75 6c 6c 79 20 72 65 76 69 65 77 20 74 68 69 73 20 50 6f 6c 69 63 79 2e 20 46 6f 72 20 43 61 6c 69 66 6f 72 6e 69 61 20 72 65 73 69 64 65 6e 74 73 2c 20 77 65 20 61 6c 73 6f 20 61 64 76 69 73 65 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6f 6d 70 61 6e 79 26 72 73 71 75 6f 3b 73 20 73 70 65 63 69 66 69 63 26 6e 62 73 70 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 37 22 3e 43 43 50 41 20 50 72 69 76 61 63 79 20 4e 6f 74 69 63 65 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61
                                                                                                                                                            Data Ascii: e Software, we strongly recommend that users carefully review this Policy. For California residents, we also advise reviewing the Company&rsquo;s specific&nbsp;</span><span class="c7">CCPA Privacy Notice</span></p> <p class="c4"><span cla
                                                                                                                                                            2024-04-25 17:39:39 UTC1369INData Raw: 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 41 6c 6c 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 20 77 69 6c 6c 20 61 64 68 65 72 65 20 74 6f 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6c 61 77 66 75 6c 20 70 72 69 6e 63 69 70 6c 65 73 20 75 6e 64 65 72 20 74 68 65 20 47 44 50 52 3a 20 28 31 29 20 70 72 6f 63 65 73 73 69 6e 67 20 6f 6e 6c 69 6e 65 20 69 64 65 6e 74 69 66 69 65 72 73 20 66 6f 72 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 61 6e 64 20 66 75 6e 63 74 69 6f 6e 61 6c 20 70 75 72 70 6f 73 65 73 2c 20 28 32 29 20 70 72 6f 63 65 73 73 69 6e 67 20 74 68 65 20 75 73 65 72 26 72 73 71 75 6f 3b 73 20 63 6f 6e 74 61 63 74 20 64 65 74 61 69 6c 73 20 69 66 20 74 68
                                                                                                                                                            Data Ascii: <p class="c4"><span class="c0">All collection of Personal Data will adhere to the following lawful principles under the GDPR: (1) processing online identifiers for operational and functional purposes, (2) processing the user&rsquo;s contact details if th


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            1192.168.2.1749701172.67.147.1424435652C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:39:39 UTC699OUTGET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
                                                                                                                                                            Accept: */*
                                                                                                                                                            Referer: https://pixel.pdfixers.com/
                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                            UA-CPU: AMD64
                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                            Host: pixel.pdfixers.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Cookie: AWSALB=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; AWSALBCORS=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy
                                                                                                                                                            2024-04-25 17:39:39 UTC758INHTTP/1.1 200 OK
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:39:39 GMT
                                                                                                                                                            Content-Type: application/javascript
                                                                                                                                                            Content-Length: 1239
                                                                                                                                                            Connection: close
                                                                                                                                                            Last-Modified: Fri, 19 Apr 2024 20:54:07 GMT
                                                                                                                                                            ETag: "6622d9ef-4d7"
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAueGn9BR9208oDPTc%2BJZQH%2FbDcBrf40u42Lef%2FBcPrAi9l%2BH5v39ogiMF2l7ip3bjsAU97ElhRF39nWwfEqlIxkWqHwT88rN4aebJApLfLV3lHtsYlWL5o9BbNLlmadl%2FLyZcE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 87a01d1daf0d4554-ATL
                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Expires: Sat, 27 Apr 2024 17:39:39 GMT
                                                                                                                                                            Cache-Control: max-age=172800
                                                                                                                                                            Cache-Control: public
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            2024-04-25 17:39:39 UTC611INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 74 72 79 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 63 6f 6e 73 6f 6c 65 29 72 65 74 75 72 6e 3b 22 65 72 72 6f 72 22 69 6e 20 63 6f 6e 73 6f 6c 65 3f 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 65 29 3a 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 65 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 61 20 68 72 65 66 3d 22 27 2b 65 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2b 27 22 3e 3c 2f 61 3e 27 2c 64 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 68 72 65 66
                                                                                                                                                            Data Ascii: !function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href
                                                                                                                                                            2024-04-25 17:39:39 UTC628INData Raw: 28 6f 2e 68 72 65 66 2c 61 2b 6c 2e 6c 65 6e 67 74 68 29 29 7d 63 61 74 63 68 28 69 29 7b 65 28 69 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 75 29 2c 63 3d 30 3b 63 3c 72 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 74 72 79 7b 76 61 72 20 6f 3d 72 5b 63 5d 2c 61 3d 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 69 3d 6f 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 66 29 3b 69 66 28 69 29 7b 76 61 72 20 6c 3d 6e 28 69 2c 30 29 2c 64 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 6c 29 3b 61 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 64 2c 6f 29 7d 7d 63 61 74 63 68 28 68 29 7b 65 28 68 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 74 29 7b 66 6f 72 28 76 61
                                                                                                                                                            Data Ascii: (o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(va


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            2192.168.2.174970652.165.165.26443
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:39:48 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kYBufEXeanGUrwf&MD=g2hAdKhR HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                                            2024-04-25 17:39:48 UTC560INHTTP/1.1 200 OK
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                            Expires: -1
                                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                            MS-CorrelationId: 7a8dee49-9423-4844-9feb-6ab130727bd6
                                                                                                                                                            MS-RequestId: 83c1c7fb-6052-4686-a819-d99cf3982389
                                                                                                                                                            MS-CV: lKjdQ9iy70ykzZyF.0
                                                                                                                                                            X-Microsoft-SLSClientCache: 2880
                                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:39:48 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 24490
                                                                                                                                                            2024-04-25 17:39:48 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                            2024-04-25 17:39:48 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            3192.168.2.174971323.63.206.91443
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:39:50 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                            User-Agent: Microsoft BITS/7.8
                                                                                                                                                            Host: fs.microsoft.com
                                                                                                                                                            2024-04-25 17:39:50 UTC467INHTTP/1.1 200 OK
                                                                                                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                            Server: ECAcc (chd/0758)
                                                                                                                                                            X-CID: 11
                                                                                                                                                            X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                            X-Ms-Region: prod-eus-z1
                                                                                                                                                            Cache-Control: public, max-age=134625
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:39:50 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            X-CID: 2


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            4192.168.2.174971423.63.206.91443
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:39:51 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                            Range: bytes=0-2147483646
                                                                                                                                                            User-Agent: Microsoft BITS/7.8
                                                                                                                                                            Host: fs.microsoft.com
                                                                                                                                                            2024-04-25 17:39:51 UTC531INHTTP/1.1 200 OK
                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                            ApiVersion: Distribute 1.1
                                                                                                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                            X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                                                                                                                                            Cache-Control: public, max-age=134637
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:39:51 GMT
                                                                                                                                                            Content-Length: 55
                                                                                                                                                            Connection: close
                                                                                                                                                            X-CID: 2
                                                                                                                                                            2024-04-25 17:39:51 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                            5192.168.2.174971613.107.5.88443
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:22 UTC537OUTGET /ab HTTP/1.1
                                                                                                                                                            Host: evoke-windowsservices-tas.msedge.net
                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                            X-PHOTOS-CALLERID: 9NMPJ99VJBWV
                                                                                                                                                            X-EVOKE-RING:
                                                                                                                                                            X-WINNEXT-RING: Public
                                                                                                                                                            X-WINNEXT-TELEMETRYLEVEL: Basic
                                                                                                                                                            X-WINNEXT-OSVERSION: 10.0.19045.0
                                                                                                                                                            X-WINNEXT-APPVERSION: 1.23082.131.0
                                                                                                                                                            X-WINNEXT-PLATFORM: Desktop
                                                                                                                                                            X-WINNEXT-CANTAILOR: False
                                                                                                                                                            X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}
                                                                                                                                                            X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=
                                                                                                                                                            If-None-Match: 2056388360_-1434155563
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            2024-04-25 17:40:22 UTC437INHTTP/1.1 200 OK
                                                                                                                                                            Content-Length: 7285
                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                            ETag: 1319160303_1440641302
                                                                                                                                                            Strict-Transport-Security: max-age=2592000
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-ExP-TrackingId: d9e55cbd-f30a-445f-87ff-b60c972a970c
                                                                                                                                                            X-Cache: CONFIG_NOCACHE
                                                                                                                                                            X-MSEdge-Ref: Ref A: 8B75EC1B689549E49225C50AE865D758 Ref B: ATL331000102039 Ref C: 2024-04-25T17:40:22Z
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:22 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            2024-04-25 17:40:22 UTC1024INData Raw: 7b 22 46 65 61 74 75 72 65 73 22 3a 5b 22 68 69 67 68 71 75 61 6c 69 74 79 63 61 70 74 75 72 65 63 22 2c 22 79 6f 61 6c 77 39 38 30 31 63 66 22 2c 22 79 6f 63 33 37 32 31 22 2c 22 61 61 74 65 73 31 32 31 22 2c 22 79 6f 63 61 6c 38 33 30 22 2c 22 65 6d 70 72 6f 37 30 32 22 2c 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 79 6f 79 70 70 31 31 37 22 2c 22 79 6f 79 70 70 35 36 31 22 2c 22 79 6f 70 68 6f 31 35 36 22 2c 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 79 6f 72 65 6d 37 38 32 22 2c 22 79 6f 72 65 6d 33 32 35 22 2c 22 79 6f 72 6f 6d 39 33 39 22 2c 22 79 6f 79 70 70 36 33 38 22 2c 22 79 6f 61 61 6f 77 63 34 36 63 66 22 2c 22 79 6f 35 35 36 22 2c 22 79 6f 61 61 6f 32 36 37 22 2c 22 79 6f 70 72 69 32 35
                                                                                                                                                            Data Ascii: {"Features":["highqualitycapturec","yoalw9801cf","yoc3721","aates121","yocal830","empro702","yonon248","contactsv2synconly","yoypp117","yoypp561","yopho156","ypromeless","yorem782","yorem325","yorom939","yoypp638","yoaaowc46cf","yo556","yoaao267","yopri25
                                                                                                                                                            2024-04-25 17:40:22 UTC1024INData Raw: 2c 22 31 34 67 36 22 3a 22 61 61 74 65 73 31 32 31 22 2c 22 31 38 66 7a 22 3a 22 79 6f 63 61 6c 38 33 30 22 2c 22 31 68 6a 65 22 3a 22 65 6d 70 72 6f 37 30 32 22 2c 22 31 71 61 38 22 3a 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 31 77 6d 74 22 3a 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 32 69 77 6a 22 3a 22 79 6f 79 70 70 31 31 37 22 2c 22 32 6a 36 61 22 3a 22 79 6f 79 70 70 35 36 31 22 2c 22 32 6b 71 32 22 3a 22 79 6f 70 68 6f 31 35 36 22 2c 22 32 6c 61 64 22 3a 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 32 6f 63 64 22 3a 22 79 6f 72 65 6d 37 38 32 22 2c 22 32 72 65 6b 22 3a 22 79 6f 72 65 6d 33 32 35 22 2c 22 32 73 63 78 22 3a 22 79 6f 72 6f 6d 39 33 39 22 2c 22 32 74 70 33 22 3a 22 79 6f 79 70 70 36 33 38 22 2c 22 33 30 62 38 22 3a 22
                                                                                                                                                            Data Ascii: ,"14g6":"aates121","18fz":"yocal830","1hje":"empro702","1qa8":"yonon248","1wmt":"contactsv2synconly","2iwj":"yoypp117","2j6a":"yoypp561","2kq2":"yopho156","2lad":"ypromeless","2ocd":"yorem782","2rek":"yorem325","2scx":"yorom939","2tp3":"yoypp638","30b8":"
                                                                                                                                                            2024-04-25 17:40:22 UTC1024INData Raw: 32 36 34 22 2c 22 35 39 30 71 22 3a 22 34 61 33 30 64 34 35 35 22 2c 22 35 39 67 67 22 3a 22 32 69 32 68 65 31 31 38 22 2c 22 35 39 67 6a 22 3a 22 34 64 65 35 67 35 34 32 22 2c 22 35 39 76 7a 22 3a 22 62 65 63 34 34 37 35 37 22 2c 22 35 61 39 73 22 3a 22 39 38 34 65 39 37 37 34 22 2c 22 35 61 74 6b 22 3a 22 35 35 35 64 37 39 37 38 22 2c 22 35 62 61 74 22 3a 22 65 6a 66 34 36 37 39 35 22 2c 22 35 63 70 66 22 3a 22 34 39 62 34 67 31 33 33 22 2c 22 35 63 72 73 22 3a 22 33 62 66 39 67 38 35 35 22 2c 22 35 64 77 37 22 3a 22 69 34 37 62 65 31 37 38 22 2c 22 35 65 74 36 22 3a 22 32 34 38 66 61 31 38 36 22 2c 22 35 66 6c 32 22 3a 22 68 35 31 66 30 33 34 32 22 2c 22 35 66 79 6f 22 3a 22 68 64 65 31 67 32 36 37 22 2c 22 35 66 79 71 22 3a 22 34 6a 6a 66 62 37 36 38
                                                                                                                                                            Data Ascii: 264","590q":"4a30d455","59gg":"2i2he118","59gj":"4de5g542","59vz":"bec44757","5a9s":"984e9774","5atk":"555d7978","5bat":"ejf46795","5cpf":"49b4g133","5crs":"3bf9g855","5dw7":"i47be178","5et6":"248fa186","5fl2":"h51f0342","5fyo":"hde1g267","5fyq":"4jjfb768
                                                                                                                                                            2024-04-25 17:40:22 UTC1024INData Raw: 7d 7d 2c 7b 22 49 64 22 3a 22 59 6f 75 72 50 68 6f 6e 65 22 2c 22 50 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 41 41 4f 57 43 34 36 22 3a 36 34 30 30 2c 22 41 41 4f 57 43 34 37 22 3a 37 34 30 30 2c 22 41 41 4f 57 43 36 31 22 3a 31 36 30 30 2c 22 41 41 4f 57 43 36 32 22 3a 32 36 30 30 2c 22 41 41 4f 57 43 36 33 22 3a 33 36 30 30 2c 22 41 69 72 70 6c 61 6e 65 4d 6f 64 65 53 74 61 74 75 73 22 3a 74 72 75 65 2c 22 41 75 74 6f 48 79 64 72 61 74 65 64 49 6d 61 67 65 73 43 6f 75 6e 74 22 3a 30 2c 22 43 61 6c 6c 69 6e 67 41 6c 74 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 45 76 65 6e 74 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 45 78 69 74 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 4f 53 53 65 72 76 69 63 69 6e 67 46 69
                                                                                                                                                            Data Ascii: }},{"Id":"YourPhone","Parameters":{"AAOWC46":6400,"AAOWC47":7400,"AAOWC61":1600,"AAOWC62":2600,"AAOWC63":3600,"AirplaneModeStatus":true,"AutoHydratedImagesCount":0,"CallingAltBluetoothPairingEvent":true,"CallingExitConfirmation":true,"CallingOSServicingFi
                                                                                                                                                            2024-04-25 17:40:22 UTC1024INData Raw: 3a 74 72 75 65 2c 22 49 73 41 75 74 68 56 32 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 4d 65 64 69 61 50 61 63 6b 43 68 65 63 6b 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 68 61 74 46 69 6c 74 65 72 54 6f 67 67 6c 65 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 73 65 6e 74 56 32 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 76 65 72 73 61 74 69 6f 6e 56 69 65 77 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 48 69 64 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 4d 75 74 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 50 69 6e 6e 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 53 65 61 72 63 68 22 3a 74 72 75 65 2c 22
                                                                                                                                                            Data Ascii: :true,"IsAuthV2Enabled":true,"MediaPackCheck":true,"MessagingChatFilterToggle":true,"MessagingConsentV2":true,"MessagingConversationView":true,"MessagingEnableHiding":true,"MessagingEnableMuting":true,"MessagingEnablePinning":true,"MessagingSearch":true,"
                                                                                                                                                            2024-04-25 17:40:22 UTC1024INData Raw: 69 6e 67 54 6f 70 30 31 31 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 32 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 35 22 3a 74 72 75 65 2c 22 52 6f 6d 65 44 69 73 61 62 6c 65 64 22 3a 34 34 31 35 30 33 2c 22 53 65 63 75 72 65 43 6f 6e 74 65 6e 74 22 3a 74 72 75 65 2c 22 53 68 65 6c 6c 45 78 74 65 6e 64 65 64 4c 65 66 74 50 61 6e 65 22 3a 74 72 75 65 2c 22 54 65 73 74 46 65 61 74 75 72 65 32 22 3a 66 61 6c 73 65 2c 22 55 6e 69 76 65 72 73 61 6c 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 22 3a 74 72 75 65 2c 22 57 68 61 74 73 4e 65 77 43 4e 22 3a 74 72 75 65 2c 22 59 50 50 43 61 74 61 73 74 72 6f 70 68 69 63 45 72 72 6f 72 41 75 74 6f 52 65 73 65 74 22 3a 74 72 75 65 2c 22 59 50 50 43 6f 6e 73 65 63 75 74 69 76
                                                                                                                                                            Data Ascii: ingTop011":true,"RemotingTop012":true,"RemotingTop015":true,"RomeDisabled":441503,"SecureContent":true,"ShellExtendedLeftPane":true,"TestFeature2":false,"UniversalBluetoothPairing":true,"WhatsNewCN":true,"YPPCatastrophicErrorAutoReset":true,"YPPConsecutiv
                                                                                                                                                            2024-04-25 17:40:22 UTC1024INData Raw: 79 6f 35 35 36 3a 33 30 39 38 36 35 35 36 3b 79 6f 61 61 6f 32 36 37 3a 33 30 34 33 34 36 37 32 3b 79 6f 70 72 69 32 35 37 3a 33 30 34 36 34 34 33 33 3b 79 6f 31 37 39 3a 33 30 34 34 35 33 31 30 3b 79 6f 69 73 61 38 36 31 3a 33 30 35 32 35 38 36 38 3b 79 6f 72 65 6d 31 34 31 3a 33 30 34 38 36 33 35 33 3b 79 6f 79 70 70 36 35 32 3a 33 30 35 31 35 34 38 33 3b 79 6f 35 32 35 3a 33 30 35 35 33 39 38 35 3b 79 6f 36 30 36 3a 33 30 35 32 37 38 35 30 3b 79 6f 6e 6f 74 36 33 33 3a 33 30 36 32 36 30 37 38 3b 79 6f 79 70 70 38 35 39 3a 33 30 36 38 37 38 35 39 3b 79 6f 69 6e 64 36 36 35 3a 33 30 35 39 35 31 36 33 3b 79 6f 64 63 67 38 33 30 3a 33 30 37 31 32 39 34 39 3b 6f 6e 6c 79 5f 74 6f 61 73 74 63 6f 6e 74 65 78 74 6d 65 6e 75 3a 33 30 36 34 38 30 38 31 3b 61 6a
                                                                                                                                                            Data Ascii: yo556:30986556;yoaao267:30434672;yopri257:30464433;yo179:30445310;yoisa861:30525868;yorem141:30486353;yoypp652:30515483;yo525:30553985;yo606:30527850;yonot633:30626078;yoypp859:30687859;yoind665:30595163;yodcg830:30712949;only_toastcontextmenu:30648081;aj
                                                                                                                                                            2024-04-25 17:40:22 UTC117INData Raw: 38 33 38 35 30 33 3b 35 30 63 37 39 31 30 36 3a 33 30 38 33 38 36 31 39 3b 6a 61 35 63 34 32 34 39 3a 33 31 30 30 36 32 34 34 3b 68 33 65 64 34 31 36 31 3a 33 30 38 39 31 37 38 34 3b 61 62 69 30 67 38 31 37 3a 33 30 39 35 32 38 37 35 3b 61 35 34 66 61 35 37 34 3a 33 30 39 39 33 33 34 39 3b 64 69 66 32 32 32 31 39 3a 33 30 39 36 30 34 30 32 3b 22 7d
                                                                                                                                                            Data Ascii: 838503;50c79106:30838619;ja5c4249:31006244;h3ed4161:30891784;abi0g817:30952875;a54fa574:30993349;dif22219:30960402;"}


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            6192.168.2.174971540.126.7.32443
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:22 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: application/soap+xml
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                            Content-Length: 3592
                                                                                                                                                            Host: login.live.com
                                                                                                                                                            2024-04-25 17:40:22 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                            2024-04-25 17:40:22 UTC569INHTTP/1.1 200 OK
                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                            Expires: Thu, 25 Apr 2024 17:39:22 GMT
                                                                                                                                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                            x-ms-route-info: C529_SN1
                                                                                                                                                            x-ms-request-id: f337f7f9-ff1c-468c-aae2-2fb8a43d35fb
                                                                                                                                                            PPServer: PPV: 30 H: SN1PEPF0002F922 V: 0
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:21 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 11392
                                                                                                                                                            2024-04-25 17:40:22 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            7192.168.2.174971740.126.7.32443
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:23 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: application/soap+xml
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                            Content-Length: 4775
                                                                                                                                                            Host: login.live.com
                                                                                                                                                            2024-04-25 17:40:23 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                            2024-04-25 17:40:23 UTC569INHTTP/1.1 200 OK
                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                            Expires: Thu, 25 Apr 2024 17:39:23 GMT
                                                                                                                                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                            x-ms-route-info: C529_SN1
                                                                                                                                                            x-ms-request-id: f0e12ae8-528d-4806-8a4e-e5e84e453a30
                                                                                                                                                            PPServer: PPV: 30 H: SN1PEPF0002F0AC V: 0
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:22 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 11372
                                                                                                                                                            2024-04-25 17:40:23 UTC11372INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            8192.168.2.174971840.126.7.32443
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:23 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: application/soap+xml
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                            Content-Length: 4788
                                                                                                                                                            Host: login.live.com
                                                                                                                                                            2024-04-25 17:40:23 UTC4788OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                            2024-04-25 17:40:24 UTC569INHTTP/1.1 200 OK
                                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                            Expires: Thu, 25 Apr 2024 17:39:24 GMT
                                                                                                                                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                            x-ms-route-info: C529_SN1
                                                                                                                                                            x-ms-request-id: de67b7ba-a48c-41af-a14f-1fd2f66c40ff
                                                                                                                                                            PPServer: PPV: 30 H: SN1PEPF0002F1AA V: 0
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:23 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 11153
                                                                                                                                                            2024-04-25 17:40:24 UTC11153INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            9192.168.2.174971913.107.21.200443
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:25 UTC2572OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
                                                                                                                                                            X-Search-CortanaAvailableCapabilities: None
                                                                                                                                                            X-Search-SafeSearch: Moderate
                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                            X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                                                            X-UserAgeClass: Unknown
                                                                                                                                                            X-BM-Market: CH
                                                                                                                                                            X-BM-DateFormat: dd/MM/yyyy
                                                                                                                                                            X-Device-OSSKU: 48
                                                                                                                                                            X-BM-DTZ: 120
                                                                                                                                                            X-DeviceID: 01000A41090080B6
                                                                                                                                                            X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                                                            X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                                                                                                                                            X-BM-Theme: 000000;0078d7
                                                                                                                                                            X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAcygOmPQa%2B4%2Bv9iVC1zhhy2y%2BYByynO6SUvsEboHWZRwn9VRCL5EY4dy11ACqC7T0a6htVFufdTOQlusIJYM09IRjq/5KQ4WAgfAyOsGZee57ZAzmGeMgmO9rcFQhm%2BIl0ubXW7oYef9B9SVFzMdtJoIhsTcUUcBTw0AwIMdlzVqj34OdcHINOdoORkq7n4La3Xk1KQ/EDXde/DP%2BvadpPNN19u/u4blyNLp9zaFsMkEr0eZNPb9B0tf2Zn8vgrg6L/lNVxTJfHztFSGBr3k8eYityUpss3C5NQMtCI9kNkqLHRMLG4C4KxW6rA3aeg0TmEj/xZIgYlfXjvJd0DaQqkDZgAACIXF%2BSyMF59HqAFVK5pbhTaMU/BQUJy%2BZeOTpCxwX82QpiBkPX2nAa6whnCNE/75/VaxygMsS0eWehH9CAeZ1n2hB2TXDwqMrJUk5IC/zgC34WeIsz7SsKZDE7LktP1Mg9M4Zt6uBi%2BuuP1w7QA/Mjt8uK1QoAvJUYuptJIoT311%2Bfe3O5aSwSf%2Bg8wphBcGuDep78qASrdsvDhJjgaBr7aK/aIUeuJutWEaj%2B1HxtjE2wPbmefyXXz6dwSir4pK4glm7zKceuoW78AZRyX8Q8HTxRZoARt8YWD/jSXRr2I6%2BsPlGUHpHDVjswgIuiLyyqhmyiNj0OtP/Zvwzlvu6Og28E0OI/hFIaq4wJUDzIEQnwdRF%2BY5zjqb6zbNXQJ7IgPCAa9bdt2MGfEys8wdhptK4u4mgYpMdm7DXzjTlMVMXc7YqO5eRIg4/tApSvflTD4uO6b7/%2BwcwZ3Q7XMMj6fjSW2Pneht4T%2Bm61D7XVS%2BzE9E56sbHdEQ1vX/Ib9Rgma9xieZ88avnwSXsKbvoPaQ9xPIoj5tmbiPnqIqXi4CTsjwww6IAd9sDnYaU28HlxeP2gE%3D%26p%3D
                                                                                                                                                            X-Agent-DeviceId: 01000A41090080B6
                                                                                                                                                            X-BM-CBT: 1714066820
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                            X-Device-isOptin: false
                                                                                                                                                            Accept-language: en-GB, en, en-US
                                                                                                                                                            X-Device-Touch: false
                                                                                                                                                            X-Device-ClientSession: D89B6D88BE0B4D08ADFDA735253C5F4B
                                                                                                                                                            X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                                                            Host: www.bing.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                                                                                                                                            2024-04-25 17:40:25 UTC1463INHTTP/1.1 200 OK
                                                                                                                                                            Cache-Control: private
                                                                                                                                                            Content-Length: 2215
                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                            P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                                                                                                                                                            Set-Cookie: _EDGE_S=SID=1D4E1C97D91360CF3ACC08FBD83A6142&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
                                                                                                                                                            Set-Cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 20-May-2025 17:40:25 GMT; path=/; HttpOnly
                                                                                                                                                            Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Tue, 20-May-2025 17:40:25 GMT; path=/; secure; SameSite=None
                                                                                                                                                            Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
                                                                                                                                                            Set-Cookie: _SS=SID=1D4E1C97D91360CF3ACC08FBD83A6142; domain=.bing.com; path=/; secure; SameSite=None
                                                                                                                                                            X-EventID: 662a9589e22048778fb51b7985a55acb
                                                                                                                                                            UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            X-Cache: CONFIG_NOCACHE
                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                            X-MSEdge-Ref: Ref A: 2E891A8F19EB4D958CF633201837D9D1 Ref B: ATL331000101023 Ref C: 2024-04-25T17:40:25Z
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:24 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            2024-04-25 17:40:25 UTC388INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
                                                                                                                                                            Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value
                                                                                                                                                            2024-04-25 17:40:25 UTC1827INData Raw: 64 41 67 65 6e 74 5f 47 6c 6f 62 61 6c 53 68 65 6c 6c 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 43 6c 6f 75 64 41 67 65 6e 74 5f 4c 61 75 6e 63 68 41 70 70 6c 69 63 61 74 69 6f 6e 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 43 6c 6f 75 64 41 67 65 6e 74 5f 53 65 74 74 69 6e 67 73 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 44 65 76 69 63 65 4d 61 6e 61 67 65 6d 65 6e 74 45 6e 61 62 6c 65 64 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 50 57 49 4c 4f 41 63 74 69 76 69 74 79 55 70 6c 6f 61 64 45 6e 61 62 6c 65 64 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61
                                                                                                                                                            Data Ascii: dAgent_GlobalShell":{"value":false,"feature":""},"CloudAgent_LaunchApplication":{"value":false,"feature":""},"CloudAgent_Settings":{"value":false,"feature":""},"DeviceManagementEnabled":{"value":false,"feature":""},"PWILOActivityUploadEnabled":{"value":fa


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            10192.168.2.174972052.165.165.26443
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:25 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kYBufEXeanGUrwf&MD=g2hAdKhR HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Accept: */*
                                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                                            2024-04-25 17:40:26 UTC560INHTTP/1.1 200 OK
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                            Expires: -1
                                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                            ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                            MS-CorrelationId: 0f8444ba-c4c4-4c1c-9ef6-cce3245e9059
                                                                                                                                                            MS-RequestId: c1b85f32-66b2-44f3-80e9-689e5cc21f30
                                                                                                                                                            MS-CV: VAKbr/bik0GohG4h.0
                                                                                                                                                            X-Microsoft-SLSClientCache: 2160
                                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:25 GMT
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 25457
                                                                                                                                                            2024-04-25 17:40:26 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                            Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                            2024-04-25 17:40:26 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                            Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            11192.168.2.1749725142.251.15.1044432376C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:53 UTC627OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                            Host: www.google.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUX
                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            2024-04-25 17:40:53 UTC1703INHTTP/1.1 200 OK
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:53 GMT
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Expires: -1
                                                                                                                                                            Cache-Control: no-cache, must-revalidate
                                                                                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-OVpK7hdXk0bkNgN8jh8r3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                            Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                                                                            Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                            Server: gws
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Connection: close
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            2024-04-25 17:40:53 UTC784INData Raw: 33 30 39 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 74 65 6c 6c 61 72 20 62 6c 61 64 65 20 67 61 6d 65 20 72 65 76 69 65 77 22 2c 22 70 72 69 6d 65 20 65 6e 65 72 67 79 20 64 72 69 6e 6b 20 70 66 61 73 20 6c 61 77 73 75 69 74 22 2c 22 62 6f 73 74 6f 6e 20 62 72 75 69 6e 73 20 74 6f 72 6f 6e 74 6f 20 6d 61 70 6c 65 20 6c 65 61 66 73 22 2c 22 71 75 6f 72 64 6c 65 20 61 6e 73 77 65 72 73 20 74 6f 64 61 79 22 2c 22 70 6c 61 79 73 74 61 74 69 6f 6e 20 70 6c 75 73 20 67 61 6d 65 73 22 2c 22 77 68 65 6e 20 69 73 20 73 68 6f 67 75 6e 20 73 65 61 73 6f 6e 20 32 20 63 6f 6d 69 6e 67 20 6f 75 74 22 2c 22 73 74 6f 63 6b 20 6d 61 72 6b 65 74 22 2c 22 6e 66 6c 20 64 72 61 66 74 20 74 72 61 64 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22
                                                                                                                                                            Data Ascii: 309)]}'["",["stellar blade game review","prime energy drink pfas lawsuit","boston bruins toronto maple leafs","quordle answers today","playstation plus games","when is shogun season 2 coming out","stock market","nfl draft trades"],["","","","","","",""
                                                                                                                                                            2024-04-25 17:40:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            12192.168.2.1749726142.251.15.1044432376C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:53 UTC530OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                            Host: www.google.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUX
                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INHTTP/1.1 200 OK
                                                                                                                                                            Version: 627109246
                                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                            Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                                                                            Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:53 GMT
                                                                                                                                                            Server: gws
                                                                                                                                                            Cache-Control: private
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Connection: close
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 38 30 30 30 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 52 61 20 67 62 5f 69 62 20 67 62 5f 55 64 20 67 62 5f 6f 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                            Data Ascii: 8000)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ra gb_ib gb_Ud gb_od\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 30 33 64 5c 22 67 62 5f 4a 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 39 64 20 67 62 5f 4b 63 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4f 63 20 67 62 5f 36 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c
                                                                                                                                                            Data Ascii: 03d\"gb_Jc\"\u003e\u003ca class\u003d\"gb_9d gb_Kc gb_7d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Oc gb_6d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 53 65 61 72 63 68 20 4c 61 62 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 6c 61 62 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 61 72 63 68 3f 73 6f 75 72 63 65 5c 75 30 30 33 64 6e 74 70 5c 22 20 74 61 72 67 65 74 5c 75 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 67 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20
                                                                                                                                                            Data Ascii: aria-label\u003d\"Search Labs\" href\u003d\"https://labs.google.com/search?source\u003dntp\" target\u003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_g\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32
                                                                                                                                                            Data Ascii: 9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 31 33 30 30 31 30 32 2c 33 37 30 30 33 31 36 2c 33 37 30 31 33 31 30 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30
                                                                                                                                                            Data Ascii: u-content","metadata":{"bar_height":60,"experiment_id":[1300102,3700316,3701310],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u00
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 20 69 6e 20 61 2e 69 29 72 65 74 75 72 6e 20 61 2e 69 5b 62 5d 3b 74 68 72 6f 77 20 6e 65 77 20 72 64 3b 7d 3b 5f 2e 74 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 73 64 28 5f 2e 57 63 2e 69 28 29 2c 61 29 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 7a 64 2c 49 64 2c 4b 64 3b 5f 2e 75 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 29 72 65 74
                                                                                                                                                            Data Ascii: \u003dfunction(a,b){if(b in a.i)return a.i[b];throw new rd;};_.td\u003dfunction(a){return _.sd(_.Wc.i(),a)};\n}catch(e){_._DumpException(e)}\ntry{\n/*\n\n SPDX-License-Identifier: Apache-2.0\n*/\nvar zd,Id,Kd;_.ud\u003dfunction(a){if(null\u003d\u003da)ret
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 5f 2e 76 62 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 5b 5f 2e 76 62 5d 7c 7c 28 61 5b 5f 2e 76 62 5d 5c 75 30 30 33 64 2b 2b 49 64 29 7d 3b 4b 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 6e 75 6c 6c 2c 63 5c 75 30 30 33 64 5f 2e 71 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 21 63 7c 7c 21 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 62 3b 74 72 79 7b 62 5c 75 30 30 33 64 63 2e 63 72 65 61 74 65 50 6f 6c 69
                                                                                                                                                            Data Ascii: 03dfunction(a){return Object.prototype.hasOwnProperty.call(a,_.vb)\u0026\u0026a[_.vb]||(a[_.vb]\u003d++Id)};Kd\u003dfunction(a){return a};_.Ld\u003dfunction(a){var b\u003dnull,c\u003d_.q.trustedTypes;if(!c||!c.createPolicy)return b;try{b\u003dc.createPoli
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 28 29 7d 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 57 64 28 5c 22 5c 22 2c 5f 2e 56 64 29 3b 5f 2e 59 64 5c 75 30 30 33 64 52 65 67 45 78 70 28 5c 22 5e 5b 2d 2b 2c 2e 5c 5c 5c 22 5c 75 30 30 32 37 25 5f 21 23 2f 20 61 2d 7a 41 2d 5a 30 2d 39 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 5d 2b 24 5c 22 29 3b 5f 2e 5a 64 5c 75 30 30 33 64 52 65 67 45 78 70 28 5c 22 5c 5c 5c 5c 62 28 75 72 6c 5c 5c 5c 5c 28 5b 20 5c 5c 74 5c 5c 6e 5d 2a 29 28 5c 75 30 30 32 37 5b 20 2d 5c 75 30 30 32 36 28 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 5c 75 30 30 32 37 7c 5c 5c 5c 22 5b 20 21 23 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 5c 5c 5c 22 7c 5b 21 23 2d 5c 75 30 30 32 36 2a 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 29 28 5b 20 5c 5c 74 5c 5c 6e 5d 2a 5c 5c 5c 5c
                                                                                                                                                            Data Ascii: ()}};_.Xd\u003dnew _.Wd(\"\",_.Vd);_.Yd\u003dRegExp(\"^[-+,.\\\"\u0027%_!#/ a-zA-Z0-9\\\\[\\\\]]+$\");_.Zd\u003dRegExp(\"\\\\b(url\\\\([ \\t\\n]*)(\u0027[ -\u0026(-\\\\[\\\\]-~]*\u0027|\\\"[ !#-\\\\[\\\\]-~]*\\\"|[!#-\u0026*-\\\\[\\\\]-~]*)([ \\t\\n]*\\\\
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 33 64 61 2e 6e 6f 6e 63 65 7c 7c 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 68 65 2e 74 65 73 74 28 61 29 3f 61 3a 5c 22 5c 22 3a 5c 22 5c 22 7d 3b 5f 2e 6a 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 77 69 64 74 68 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 68 65 69 67 68 74 5c 75 30 30 33 64 62 7d 3b 5f 2e 6d 5c 75 30 30 33 64 5f 2e 6a 65 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6d 2e 61 73 70 65 63 74 52 61 74 69 6f 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 77 69 64 74 68 2f 74 68 69 73 2e 68 65 69 67 68 74 7d 3b 5f 2e 6d 2e 45 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 28 74 68
                                                                                                                                                            Data Ascii: 3da.nonce||a.getAttribute(\"nonce\"))\u0026\u0026he.test(a)?a:\"\":\"\"};_.je\u003dfunction(a,b){this.width\u003da;this.height\u003db};_.m\u003d_.je.prototype;_.m.aspectRatio\u003dfunction(){return this.width/this.height};_.m.Eb\u003dfunction(){return!(th
                                                                                                                                                            2024-04-25 17:40:53 UTC1479INData Raw: 62 29 7b 62 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 3b 5c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 63 6f 6e 74 65 6e 74 54 79 70 65 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 29 7d 3b 5f 2e 6e 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3b 62 5c 75 30 30 33 64 61 2e 66 69 72 73 74 43 68 69 6c 64 3b 29 61 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 29 7d 3b 5f 2e 6f 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 39 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e
                                                                                                                                                            Data Ascii: b){b\u003dString(b);\"application/xhtml+xml\"\u003d\u003d\u003da.contentType\u0026\u0026(b\u003db.toLowerCase());return a.createElement(b)};_.ne\u003dfunction(a){for(var b;b\u003da.firstChild;)a.removeChild(b)};_.oe\u003dfunction(a){return 9\u003d\u003da.


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            13192.168.2.1749727142.251.15.1044432376C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:53 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                            Host: www.google.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            2024-04-25 17:40:53 UTC1434INHTTP/1.1 200 OK
                                                                                                                                                            Version: 627109246
                                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                            Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                                                                            Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:53 GMT
                                                                                                                                                            Server: gws
                                                                                                                                                            Cache-Control: private
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Connection: close
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            2024-04-25 17:40:53 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                            Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                            2024-04-25 17:40:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            14192.168.2.1749733142.250.105.1134432376C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:55 UTC741OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                            Host: apis.google.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                            Accept: */*
                                                                                                                                                            X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUX
                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            2024-04-25 17:40:55 UTC915INHTTP/1.1 200 OK
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                            Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                            Content-Length: 121628
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Server: sffe
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            Date: Wed, 24 Apr 2024 22:57:56 GMT
                                                                                                                                                            Expires: Thu, 24 Apr 2025 22:57:56 GMT
                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                            Last-Modified: Mon, 15 Apr 2024 17:34:54 GMT
                                                                                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Age: 67379
                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                            Connection: close
                                                                                                                                                            2024-04-25 17:40:55 UTC340INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 32 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 63 61 2c 64 61 2c 6e 61 2c 70 61 2c 76 61 2c 77 61 2c 7a 61 3b 62 61 3d 66 75 6e 63
                                                                                                                                                            Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);var ba,ca,da,na,pa,va,wa,za;ba=func
                                                                                                                                                            2024-04-25 17:40:55 UTC1255INData Raw: 7d 3b 63 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22
                                                                                                                                                            Data Ascii: };ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"
                                                                                                                                                            2024-04-25 17:40:55 UTC1255INData Raw: 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 64 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 26 26 63 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 61 28 62 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 75 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 75 6e 64 65
                                                                                                                                                            Data Ascii: n"===typeof d&&"function"!=typeof d.prototype[a]&&ca(d.prototype,a,{configurable:!0,writable:!0,value:function(){return pa(ba(this))}})}return a});pa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.ua=function(a){var b="unde
                                                                                                                                                            2024-04-25 17:40:55 UTC1255INData Raw: 50 66 29 7b 74 68 69 73 2e 50 66 3d 5b 5d 3b 76 61 72 20 6b 3d 74 68 69 73 3b 74 68 69 73 2e 74 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 45 37 28 29 7d 29 7d 74 68 69 73 2e 50 66 2e 70 75 73 68 28 68 29 7d 3b 76 61 72 20 64 3d 5f 2e 6d 61 2e 73 65 74 54 69 6d 65 6f 75 74 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 74 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 45 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 50 66 26 26 74 68 69 73 2e 50 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 50 66 3b 74 68 69 73 2e 50 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e
                                                                                                                                                            Data Ascii: Pf){this.Pf=[];var k=this;this.tP(function(){k.E7()})}this.Pf.push(h)};var d=_.ma.setTimeout;b.prototype.tP=function(h){d(h,0)};b.prototype.E7=function(){for(;this.Pf&&this.Pf.length;){var h=this.Pf;this.Pf=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=n
                                                                                                                                                            2024-04-25 17:40:55 UTC1255INData Raw: 6f 74 79 70 65 2e 6e 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 68 69 73 3b 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 68 2e 67 63 61 28 29 29 7b 76 61 72 20 6b 3d 5f 2e 6d 61 2e 63 6f 6e 73 6f 6c 65 3b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 6b 26 26 6b 2e 65 72 72 6f 72 28 68 2e 46 66 29 7d 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 63 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 73 56 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 5f 2e 6d 61 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 5f 2e 6d 61 2e 45 76 65 6e 74 2c 6c 3d 5f 2e 6d 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 3d 74 79 70 65 6f 66 20 6c 29 72 65 74 75
                                                                                                                                                            Data Ascii: otype.nea=function(){var h=this;d(function(){if(h.gca()){var k=_.ma.console;"undefined"!==typeof k&&k.error(h.Ff)}},1)};e.prototype.gca=function(){if(this.sV)return!1;var h=_.ma.CustomEvent,k=_.ma.Event,l=_.ma.dispatchEvent;if("undefined"===typeof l)retu
                                                                                                                                                            2024-04-25 17:40:55 UTC1255INData Raw: 74 68 69 73 2e 73 56 3d 21 30 7d 3b 65 2e 72 65 73 6f 6c 76 65 3d 63 3b 65 2e 72 65 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6c 28 68 29 7d 29 7d 3b 65 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 66 6f 72 28 76 61 72 20 6d 3d 5f 2e 75 61 28 68 29 2c 6e 3d 6d 2e 6e 65 78 74 28 29 3b 21 6e 2e 64 6f 6e 65 3b 6e 3d 6d 2e 6e 65 78 74 28 29 29 63 28 6e 2e 76 61 6c 75 65 29 2e 42 79 28 6b 2c 6c 29 7d 29 7d 3b 65 2e 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 5f 2e 75 61 28 68 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6c 2e 64 6f 6e 65 3f 63 28
                                                                                                                                                            Data Ascii: this.sV=!0};e.resolve=c;e.reject=function(h){return new e(function(k,l){l(h)})};e.race=function(h){return new e(function(k,l){for(var m=_.ua(h),n=m.next();!n.done;n=m.next())c(n.value).By(k,l)})};e.all=function(h){var k=_.ua(h),l=k.next();return l.done?c(
                                                                                                                                                            2024-04-25 17:40:55 UTC1255INData Raw: 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6d 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6e 3d 6e 65 77 20 61 28 5b 5b 6c 2c 32 5d 2c 5b 6d 2c 33 5d 5d 29 3b 69 66 28 32 21 3d 6e 2e 67 65 74 28 6c 29 7c 7c 33 21 3d 6e 2e 67 65 74 28 6d 29 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e 68 61 73 28 6c 29 26 26 34 3d 3d 6e 2e 67 65 74 28 6d 29 7d 63 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 0a 76 61 72 20 66 3d 22 24 6a 73 63 6f 6d 70 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65
                                                                                                                                                            Data Ascii: t.seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),n=new a([[l,2],[m,3]]);if(2!=n.get(l)||3!=n.get(m))return!1;n.delete(l);n.set(m,4);return!n.has(l)&&4==n.get(m)}catch(p){return!1}}())return a;var f="$jscomp_hidden_"+Math.random();e("freeze");e
                                                                                                                                                            2024-04-25 17:40:55 UTC1255INData Raw: 62 3d 6e 65 77 20 57 65 61 6b 4d 61 70 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 0a 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 6b 29 7b 6b 3d 5f 2e 75 61 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6b 3d 30 3d 3d 3d 6b 3f 30 3a 6b 3b 76 61 72 20 6d 3d 64 28 74 68 69 73 2c 6b 29 3b 6d 2e 6c 69 73 74 7c 7c 28 6d 2e 6c 69 73 74 3d 74 68 69 73 5b 30 5d 5b 6d 2e 69 64 5d 3d 5b 5d 29 3b 6d 2e 6e 66 3f 6d 2e 6e 66 2e 76 61 6c 75 65 3d 6c 3a 28 6d 2e
                                                                                                                                                            Data Ascii: b=new WeakMap,c=function(k){this[0]={};this[1]=f();this.size=0;if(k){k=_.ua(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=function(k,l){k=0===k?0:k;var m=d(this,k);m.list||(m.list=this[0][m.id]=[]);m.nf?m.nf.value=l:(m.
                                                                                                                                                            2024-04-25 17:40:55 UTC1255INData Raw: 3d 62 2e 67 65 74 28 6c 29 3a 28 6d 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6c 2c 6d 29 29 3a 6d 3d 22 70 5f 22 2b 6c 3b 76 61 72 20 6e 3d 6b 5b 30 5d 5b 6d 5d 3b 69 66 28 6e 26 26 76 61 28 6b 5b 30 5d 2c 6d 29 29 66 6f 72 28 6b 3d 30 3b 6b 3c 6e 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 70 3d 6e 5b 6b 5d 3b 69 66 28 6c 21 3d 3d 6c 26 26 70 2e 6b 65 79 21 3d 3d 70 2e 6b 65 79 7c 7c 6c 3d 3d 3d 70 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 6b 2c 6e 66 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 2d 31 2c 6e 66 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 76 61 72 20 6d 3d 6b 5b 31 5d 3b 72 65 74 75 72 6e 20 70 61 28 66 75
                                                                                                                                                            Data Ascii: =b.get(l):(m=""+ ++h,b.set(l,m)):m="p_"+l;var n=k[0][m];if(n&&va(k[0],m))for(k=0;k<n.length;k++){var p=n[k];if(l!==l&&p.key!==p.key||l===p.key)return{id:m,list:n,index:k,nf:p}}return{id:m,list:n,index:-1,nf:void 0}},e=function(k,l){var m=k[1];return pa(fu
                                                                                                                                                            2024-04-25 17:40:55 UTC1255INData Raw: 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 34 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 74 68 69 73 2e 44 61 3d 6e 65 77 20 4d 61 70 3b 69 66 28 63 29 7b 63 3d 0a
                                                                                                                                                            Data Ascii: rn!1;var e=d.entries(),f=e.next();if(f.done||f.value[0]!=c||f.value[1]!=c)return!1;f=e.next();return f.done||f.value[0]==c||4!=f.value[0].x||f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var b=function(c){this.Da=new Map;if(c){c=


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            15192.168.2.1749735172.67.147.1424433724C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-04-25 17:40:58 UTC710OUTGET / HTTP/1.1
                                                                                                                                                            Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                            UA-CPU: AMD64
                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                            Host: pixel.pdfixers.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Cookie: AWSALB=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy; AWSALBCORS=QzC/6L6RRlHk2Sn9xB9KZwM/TeBHiLat2EaBNM75RNiMZGaaCcHz30S5UlfQ/9NvGJHpcGp6VKBfId+m9oeB5flmjaGj4RWBhg+jwlOdsQVsKNvyx7BdT5MqKwyy
                                                                                                                                                            2024-04-25 17:40:58 UTC991INHTTP/1.1 200 OK
                                                                                                                                                            Date: Thu, 25 Apr 2024 17:40:58 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: AWSALB=kFdsxzKMYm/+ne6+dEPwu3B7olYADaAPmE+m35d+CWWcPA2VQzM5836CY9CLqd+8fnKQYjN0oDMejWlocCORUUHmpGmWgSSAefDZXi8Wm+IHGoO6sGU5Y3cFoNUB; Expires=Thu, 02 May 2024 17:40:58 GMT; Path=/
                                                                                                                                                            Set-Cookie: AWSALBCORS=kFdsxzKMYm/+ne6+dEPwu3B7olYADaAPmE+m35d+CWWcPA2VQzM5836CY9CLqd+8fnKQYjN0oDMejWlocCORUUHmpGmWgSSAefDZXi8Wm+IHGoO6sGU5Y3cFoNUB; Expires=Thu, 02 May 2024 17:40:58 GMT; Path=/; SameSite=None
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1JYCbTetM0VVdGud9LNdw9tyqk0VjNCeO1t7kKYhvJ6vJh8Fv2N1lMKZWNve4AZlx0jwcf8rEHW83HHjdKZWNz2hxA%2Bk5q5aS6lolkSz5HNq4%2FlMz0hn6FcSJ99Jpg%2F8DN4jh3c%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 87a01f07fbce7b9c-ATL
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            2024-04-25 17:40:58 UTC378INData Raw: 33 35 62 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 75 6e 69 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 33 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 44 46 69 78 65 72 73 20 49 6e 73 74 61 6c 6c 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20
                                                                                                                                                            Data Ascii: 35bd<!DOCTYPE html><html><head> <meta http-equiv="X-UA-Compatible" content="IE=10" /> <link href="https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@300&display=swap" rel="stylesheet"> <title>PDFixers Installation</title>
                                                                                                                                                            2024-04-25 17:40:58 UTC1369INData Raw: 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 33 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 37 37 37 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20
                                                                                                                                                            Data Ascii: -family: Arial, sans-serif; margin: 20px; } .container { width: 632px; height: 777px; margin: auto; padding: 20px; border: 1px solid #ddd; }
                                                                                                                                                            2024-04-25 17:40:58 UTC1369INData Raw: 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 34 30 70 78 3b 0d 0a 20
                                                                                                                                                            Data Ascii: center; flex-direction: column; align-items: center; } .loader { border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%; width: 40px;
                                                                                                                                                            2024-04-25 17:40:58 UTC1369INData Raw: 2f 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 74 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 35 70 78 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73
                                                                                                                                                            Data Ascii: / text-align: center; } .button-container span { vertical-align: middle; font-size: 10px; } .btn { width: 100px; padding: 15px 10px; curs
                                                                                                                                                            2024-04-25 17:40:58 UTC1369INData Raw: 4e 6f 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 61 6c 6c 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 22 20 73 72 63 3d 27 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 4d 67 41 41 41 44 49 43 41 59 41 41 41 43 74 57 4b 36 65 41 41 41 41 42 48 4e 43 53 56 51 49 43 41 67 49 66 41 68 6b 69 41 41 41 41 41 6c 77 53 46 6c 7a 41 41 41
                                                                                                                                                            Data Ascii: No</button> </div> </div> <div id="all"> <div class="close-button"> <img width="10" src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAA
                                                                                                                                                            2024-04-25 17:40:58 UTC1369INData Raw: 43 42 76 31 4c 6c 59 6a 67 46 62 42 72 35 4a 2f 4f 4d 33 77 48 57 5a 73 38 37 43 63 6f 68 6c 34 42 76 45 4c 30 45 44 48 4d 79 63 64 52 71 57 51 36 2b 6f 71 53 51 31 66 4b 6d 4c 35 64 42 70 6c 6f 43 76 45 37 38 55 44 58 41 6f 63 39 59 7a 73 52 78 61 31 78 4c 77 4e 65 4b 58 6f 77 45 4f 5a 38 37 36 61 69 79 48 4e 72 51 45 50 45 62 38 6b 6a 54 41 6b 63 78 5a 54 32 59 35 4e 4c 45 6c 34 4b 76 45 4c 30 73 44 33 4a 41 35 4b 30 41 4b 79 6d 59 35 46 74 67 53 38 42 58 69 6c 36 59 42 62 73 79 59 4d 31 57 51 7a 33 49 73 71 43 58 67 79 38 51 76 54 77 50 63 6c 43 46 66 71 69 43 58 35 56 68 77 53 38 43 6a 78 43 39 52 41 39 7a 63 59 61 35 55 51 5a 36 47 6e 6e 32 4a 7a 56 41 74 41 59 38 51 76 30 77 4e 63 45 73 48 65 56 49 46 4f 53 78 48 7a 79 77 42 44 78 4f 2f 56 41 33 7a
                                                                                                                                                            Data Ascii: CBv1LlYjgFbBr5J/OM3wHWZs87Ccohl4BvEL0EDHMycdRqWQ6+oqSQ1fKmL5dBploCvE78UDXAoc9YzsRxa1xLwNeKXowEOZ876aiyHNrQEPEb8kjTAkcxZT2Y5NLEl4KvEL0sD3JA5K0AKymY5FtgS8BXil6YBbsyYM1WQz3IsqCXgy8QvTwPclCFfqiCX5VhwS8CjxC9RA9zcYa5UQZ6Gnn2JzVAtAY8Qv0wNcEsHeVIFOSxHzywBDxO/VA3z
                                                                                                                                                            2024-04-25 17:40:58 UTC1369INData Raw: 6a 75 6f 49 45 53 38 66 4f 31 4a 44 4f 34 44 4d 74 52 53 69 4a 2b 7a 71 76 41 4a 5a 6c 7a 39 73 5a 57 78 67 4f 4c 66 72 51 68 6c 4b 4f 56 69 4a 2f 33 4b 6e 42 78 35 70 77 4c 37 31 49 73 52 35 52 45 2f 4e 78 58 67 59 73 79 35 31 78 59 6c 69 4e 65 49 6e 37 2b 4b 38 43 46 6d 58 4d 75 6e 45 75 77 48 4c 56 49 78 4c 2f 44 43 6e 42 42 35 70 77 4c 77 33 4c 55 4a 78 48 2f 48 70 61 45 38 56 2f 4b 4c 45 65 64 45 76 48 76 73 67 4b 63 6e 7a 6c 6e 74 53 37 43 63 74 51 75 45 66 38 2b 4b 38 42 35 6d 58 4e 57 35 30 4c 47 77 61 4f 48 62 7a 6b 32 6c 6f 68 2f 70 35 65 42 54 32 54 4f 57 59 33 7a 73 42 79 4c 4a 68 48 2f 58 69 38 44 48 38 75 63 4d 39 77 48 67 42 50 45 44 39 74 79 54 43 38 52 2f 32 37 2f 42 64 36 62 4f 57 65 59 73 34 41 2f 45 7a 39 6b 79 7a 47 37 52 50 7a 37 2f
                                                                                                                                                            Data Ascii: juoIES8fO1JDO4DMtRSiJ+zqvAJZlz9sZWxgOLfrQhlKOViJ/3KnBx5pwL71IsR5RE/NxXgYsy51xYliNeIn7+K8CFmXMunEuwHLVIxL/DCnBB5pwLw3LUJxH/HpaE8V/KLEedEvHvsgKcnzlntS7CctQuEf8+K8B5mXNW50LGwaOHbzk2loh/p5eBT2TOWY3zsByLJhH/Xi8DH8ucM9wHgBPED9tyTC8R/27/Bd6bOWeYs4A/Ez9kyzG7RPz7/
                                                                                                                                                            2024-04-25 17:40:58 UTC1369INData Raw: 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 41 74 20 70 64 66 69 78 65 72 73 20 28 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 43 6f 6d 70 61 6e 79 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 32 22 3e 26 72 64 71 75 6f 3b 20 6f 72 20 26 6c 64 71 75 6f 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 31 22 3e 77 65 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 26 6c 64 71 75 6f 3b 29 2c 20 77 65 20 70 6c 61 63 65 20 67 72 65 61 74 20 69 6d 70 6f 72 74 61 6e 63 65 20 6f 6e 20 70 72 69 76 61 63 79 2c 20 73 65 63 75 72 69 74 79 2c 20 61 6e 64 20 6f 6e 6c 69 6e 65 20 73 61 66 65 74 79
                                                                                                                                                            Data Ascii: <p class="c4"><span class="c12">At pdfixers (&ldquo;</span><span class="c1">Company</span><span class="c12">&rdquo; or &ldquo;</span><span class="c1">we</span><span class="c0">&ldquo;), we place great importance on privacy, security, and online safety
                                                                                                                                                            2024-04-25 17:40:58 UTC1369INData Raw: 65 20 53 6f 66 74 77 61 72 65 2c 20 77 65 20 73 74 72 6f 6e 67 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 20 74 68 61 74 20 75 73 65 72 73 20 63 61 72 65 66 75 6c 6c 79 20 72 65 76 69 65 77 20 74 68 69 73 20 50 6f 6c 69 63 79 2e 20 46 6f 72 20 43 61 6c 69 66 6f 72 6e 69 61 20 72 65 73 69 64 65 6e 74 73 2c 20 77 65 20 61 6c 73 6f 20 61 64 76 69 73 65 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6f 6d 70 61 6e 79 26 72 73 71 75 6f 3b 73 20 73 70 65 63 69 66 69 63 26 6e 62 73 70 3b 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 37 22 3e 43 43 50 41 20 50 72 69 76 61 63 79 20 4e 6f 74 69 63 65 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61
                                                                                                                                                            Data Ascii: e Software, we strongly recommend that users carefully review this Policy. For California residents, we also advise reviewing the Company&rsquo;s specific&nbsp;</span><span class="c7">CCPA Privacy Notice</span></p> <p class="c4"><span cla
                                                                                                                                                            2024-04-25 17:40:58 UTC1369INData Raw: 20 3c 70 20 63 6c 61 73 73 3d 22 63 34 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 30 22 3e 41 6c 6c 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 6f 66 20 50 65 72 73 6f 6e 61 6c 20 44 61 74 61 20 77 69 6c 6c 20 61 64 68 65 72 65 20 74 6f 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6c 61 77 66 75 6c 20 70 72 69 6e 63 69 70 6c 65 73 20 75 6e 64 65 72 20 74 68 65 20 47 44 50 52 3a 20 28 31 29 20 70 72 6f 63 65 73 73 69 6e 67 20 6f 6e 6c 69 6e 65 20 69 64 65 6e 74 69 66 69 65 72 73 20 66 6f 72 20 6f 70 65 72 61 74 69 6f 6e 61 6c 20 61 6e 64 20 66 75 6e 63 74 69 6f 6e 61 6c 20 70 75 72 70 6f 73 65 73 2c 20 28 32 29 20 70 72 6f 63 65 73 73 69 6e 67 20 74 68 65 20 75 73 65 72 26 72 73 71 75 6f 3b 73 20 63 6f 6e 74 61 63 74 20 64 65 74 61 69 6c 73 20 69 66 20 74 68
                                                                                                                                                            Data Ascii: <p class="c4"><span class="c0">All collection of Personal Data will adhere to the following lawful principles under the GDPR: (1) processing online identifiers for operational and functional purposes, (2) processing the user&rsquo;s contact details if th


                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:19:39:34
                                                                                                                                                            Start date:25/04/2024
                                                                                                                                                            Path:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\PDFixers.exe"
                                                                                                                                                            Imagebase:0x1d9b91e0000
                                                                                                                                                            File size:8'507'584 bytes
                                                                                                                                                            MD5 hash:B4440EEA7367C3FB04A89225DF4022A6
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:19:39:43
                                                                                                                                                            Start date:25/04/2024
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
                                                                                                                                                            Imagebase:0x7ff771700000
                                                                                                                                                            File size:16'065'496 bytes
                                                                                                                                                            MD5 hash:C02DC2CA96FE9841963883C0FE177399
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                            • Detection: 0%, Virustotal, Browse
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:14
                                                                                                                                                            Start time:19:40:08
                                                                                                                                                            Start date:25/04/2024
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
                                                                                                                                                            Imagebase:0x7ff771700000
                                                                                                                                                            File size:16'065'496 bytes
                                                                                                                                                            MD5 hash:C02DC2CA96FE9841963883C0FE177399
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:15
                                                                                                                                                            Start time:19:40:15
                                                                                                                                                            Start date:25/04/2024
                                                                                                                                                            Path:C:\Windows\System32\notepad.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:notepad.exe "C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt"
                                                                                                                                                            Imagebase:0x7ff79f750000
                                                                                                                                                            File size:201'216 bytes
                                                                                                                                                            MD5 hash:27F71B12CB585541885A31BE22F61C83
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:21
                                                                                                                                                            Start time:19:40:51
                                                                                                                                                            Start date:25/04/2024
                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                            Imagebase:0x7ff7d6f10000
                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:22
                                                                                                                                                            Start time:19:40:51
                                                                                                                                                            Start date:25/04/2024
                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1992,i,2968757234271921919,11434174678257635975,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                            Imagebase:0x7ff7d6f10000
                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:25
                                                                                                                                                            Start time:19:40:55
                                                                                                                                                            Start date:25/04/2024
                                                                                                                                                            Path:C:\Users\user\Desktop\PDFixers.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\PDFixers.exe"
                                                                                                                                                            Imagebase:0x2a326af0000
                                                                                                                                                            File size:8'507'584 bytes
                                                                                                                                                            MD5 hash:B4440EEA7367C3FB04A89225DF4022A6
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00007FF9CD2892ED Relevance: 11.5, Strings: 9, Instructions: 255COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8PQ*$8PQ*$8PQ*$8PQ*$8PQ*$8PQ*$8PQ*$8PQ*$8PQ*
                                                                                                                                                              • API String ID: 0-3129811713
                                                                                                                                                              • Opcode ID: 8ef12745a06312851df8a1cc7992fcea62c4749af6021a0d591fd003537db7bc
                                                                                                                                                              • Instruction ID: 4edc1dbccb0a19df37fbd3089ffa9ae1572d29cd6570cce78da24eb7a77f291b
                                                                                                                                                              • Opcode Fuzzy Hash: 8ef12745a06312851df8a1cc7992fcea62c4749af6021a0d591fd003537db7bc
                                                                                                                                                              • Instruction Fuzzy Hash: CE71A221B18D1B4FEA94FB6C88457BDA3E2FF98710B4045B6D05DD32D6EE28BD468780
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD280798 Relevance: 3.9, Strings: 3, Instructions: 135COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: P ()$hQ()$0()
                                                                                                                                                              • API String ID: 0-2231162650
                                                                                                                                                              • Opcode ID: 0c7b758eb21115cdb9610459c854f011b6ce5ac0a153b17fe0b32468915db809
                                                                                                                                                              • Instruction ID: 0ec68affc20e2ab1918da1e2975d8cee92ba270e0b5e56000d7ea09ce28053ec
                                                                                                                                                              • Opcode Fuzzy Hash: 0c7b758eb21115cdb9610459c854f011b6ce5ac0a153b17fe0b32468915db809
                                                                                                                                                              • Instruction Fuzzy Hash: 7C41B563E0D3C69FE7029B785C556E57FA0AF62314B0840FBD098DA093E9686646CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD289614 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $8PQ*
                                                                                                                                                              • API String ID: 0-2736223852
                                                                                                                                                              • Opcode ID: 3a9cc6ed93a847c04f69811ff24e8ba1a8cf89f8f3aa3e7c562897e7438c1640
                                                                                                                                                              • Instruction ID: 92949d35c92216b43253042b6d96c552c2848beaa6be6ad2403526b8f62ddef9
                                                                                                                                                              • Opcode Fuzzy Hash: 3a9cc6ed93a847c04f69811ff24e8ba1a8cf89f8f3aa3e7c562897e7438c1640
                                                                                                                                                              • Instruction Fuzzy Hash: EB912631B0CA590FE764EB2C9C557B57BD1EF99320F1401BBE09DC71A3EA19AD828781
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2880D0 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$P*
                                                                                                                                                              • API String ID: 0-3416736597
                                                                                                                                                              • Opcode ID: 8900681d241849fcc68454240ab40f4a7dc2b73e1398b9f990f775fa13db44b0
                                                                                                                                                              • Instruction ID: e9de58b6a1b0323e4b3c8c41a4048aa15b00a595fe26623348e05ed0383c1511
                                                                                                                                                              • Opcode Fuzzy Hash: 8900681d241849fcc68454240ab40f4a7dc2b73e1398b9f990f775fa13db44b0
                                                                                                                                                              • Instruction Fuzzy Hash: 1E610C31B1CB854FE709AB2C98152BABBD1EF8A350F1444BFE44EC72D3DE2569024785
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2817F1 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 0jQ*
                                                                                                                                                              • API String ID: 0-3962883208
                                                                                                                                                              • Opcode ID: a63f1f8c6385ce93505599c237295927bd6708eb2950fc50f1bebbdce7175851
                                                                                                                                                              • Instruction ID: 2c1d3f3b794790589b3f0c75524adab6c052e43639f49aa000cab46602affcc8
                                                                                                                                                              • Opcode Fuzzy Hash: a63f1f8c6385ce93505599c237295927bd6708eb2950fc50f1bebbdce7175851
                                                                                                                                                              • Instruction Fuzzy Hash: 58D1A2317089498FEB99EF28C855BA977E2FF99301F0440BBD04DC72A6DE65ED418B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28C988 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8PQ*
                                                                                                                                                              • API String ID: 0-8160289
                                                                                                                                                              • Opcode ID: 5d006cb494117ecc42a84d60e31c187a10aaef06179557e3a93b9e39913e6250
                                                                                                                                                              • Instruction ID: aec35960646b9ae50dc23936323bb82918fbfe2c0f6f2c942d95c93cb47004a1
                                                                                                                                                              • Opcode Fuzzy Hash: 5d006cb494117ecc42a84d60e31c187a10aaef06179557e3a93b9e39913e6250
                                                                                                                                                              • Instruction Fuzzy Hash: 13913222B0CA0B4FEB94EB2C9C556B577D1EF99310B1400BBC05DC7297EE59BD428B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28AB45 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8PQ*
                                                                                                                                                              • API String ID: 0-8160289
                                                                                                                                                              • Opcode ID: d5270e33cf44f0358204bf4be58d1bfd41b169bd74df772c9bc3f0bef547ba6f
                                                                                                                                                              • Instruction ID: c2094de1b7238785a173efff00f1097709cff747a1298db2397d90aec8828954
                                                                                                                                                              • Opcode Fuzzy Hash: d5270e33cf44f0358204bf4be58d1bfd41b169bd74df772c9bc3f0bef547ba6f
                                                                                                                                                              • Instruction Fuzzy Hash: E4710732B0CA494FEB59EB2898957B977E1EF95310F0400BBD44DD7193EE68BD428B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD288C98 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8PQ*
                                                                                                                                                              • API String ID: 0-8160289
                                                                                                                                                              • Opcode ID: bf38c111480e2104857047f381a145bc5ab0696dd467da58b1c1c28aeca86cde
                                                                                                                                                              • Instruction ID: 96d0605b0929ba712324d0a88f216d4007f9a602536133be0d47fd4a4d555d01
                                                                                                                                                              • Opcode Fuzzy Hash: bf38c111480e2104857047f381a145bc5ab0696dd467da58b1c1c28aeca86cde
                                                                                                                                                              • Instruction Fuzzy Hash: 0E31C832B0C90A4FD794EB2CD854B7577D1EF99310F1441BAD06DC7192EE69BD829B40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2880C0 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @
                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                              • Opcode ID: 9c3258cce5baa4731af38539c675a5bf7b17d9a87000dee424dd86d1640d39cb
                                                                                                                                                              • Instruction ID: 447d78853ff67a54e7a32e603847060572ba80954994ccacc4fd839f4d0eadfc
                                                                                                                                                              • Opcode Fuzzy Hash: 9c3258cce5baa4731af38539c675a5bf7b17d9a87000dee424dd86d1640d39cb
                                                                                                                                                              • Instruction Fuzzy Hash: 1E31F532B1C7850FE705AB38AC162E6BFD0DF47364F0441BBE58DC71A3E96568068692
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD288912 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: L
                                                                                                                                                              • API String ID: 0-2909332022
                                                                                                                                                              • Opcode ID: ead02a5b68f172f2cc277cb5a9d551bce6e31aa8def64eaa4fbe03e74c6b8218
                                                                                                                                                              • Instruction ID: 81629b5f510eb00972fd77c2854f64b4d3420898511996a3cd3c595bdef27ef2
                                                                                                                                                              • Opcode Fuzzy Hash: ead02a5b68f172f2cc277cb5a9d551bce6e31aa8def64eaa4fbe03e74c6b8218
                                                                                                                                                              • Instruction Fuzzy Hash: 11018073F0C6094BE7589E4C78422B9B7D1EB88320F04113FE49FD3382EE25A813068A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD288926 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: L
                                                                                                                                                              • API String ID: 0-2909332022
                                                                                                                                                              • Opcode ID: 5ed1712c2295c0a3d443fa7c709a717e3ce08f58923a2961cadda82e493e7d2c
                                                                                                                                                              • Instruction ID: 6ca546bbc6d3adc26ba0606b198ee87e5a47acc8d020a2d4957e20e1df5e3a44
                                                                                                                                                              • Opcode Fuzzy Hash: 5ed1712c2295c0a3d443fa7c709a717e3ce08f58923a2961cadda82e493e7d2c
                                                                                                                                                              • Instruction Fuzzy Hash: D0015273F0C6094BE7589E5C78462B9B7D1EB89720F04123FE59FD3292EE25A8134686
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD288937 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: L
                                                                                                                                                              • API String ID: 0-2909332022
                                                                                                                                                              • Opcode ID: be077536ebec179a87a2eb98e0b854f107fe389e026cd1a13a1c0e839d8c110f
                                                                                                                                                              • Instruction ID: b279b6024a299e1bb91adef9b61fa841de2e255def9f03c676bb221749467514
                                                                                                                                                              • Opcode Fuzzy Hash: be077536ebec179a87a2eb98e0b854f107fe389e026cd1a13a1c0e839d8c110f
                                                                                                                                                              • Instruction Fuzzy Hash: 7A015672F0C6094BD7589E5C68422B9B7D1E789620B04113FE59FD3352EE2568134586
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2880E8 Relevance: .6, Instructions: 613COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a47fc88a3caa5d16b039b4c557c5efce27ca9bfaa18f84932ae96e9a9bc94148
                                                                                                                                                              • Instruction ID: d1e2f2e8fb58cf4185b662929fb67d6d2b3f8fba947b51ac1f78a9f5f5e41fda
                                                                                                                                                              • Opcode Fuzzy Hash: a47fc88a3caa5d16b039b4c557c5efce27ca9bfaa18f84932ae96e9a9bc94148
                                                                                                                                                              • Instruction Fuzzy Hash: 30221B3560894D8FDB98EF1CC898BA977E1FF69301B0501AAE85ED72A1DA75EC41CF40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28B64D Relevance: .4, Instructions: 350COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 032911214f0f7cc66c9292363cb9af73c64c26795037581ff474fb7fe6b16aa8
                                                                                                                                                              • Instruction ID: ddcbf6b35d98ba26a8632e9666f166adb7a6506923e58b063dde8c411e222edd
                                                                                                                                                              • Opcode Fuzzy Hash: 032911214f0f7cc66c9292363cb9af73c64c26795037581ff474fb7fe6b16aa8
                                                                                                                                                              • Instruction Fuzzy Hash: 64B1F732E0D68A4FE765DE289C153B83BD0EF46310F0411BFD4AEC7592E968794ACB41
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD281847 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: afcad72b0a1060cd277c16928b72290f6bf6043a66c66292aea4a0c08ecd90bc
                                                                                                                                                              • Instruction ID: 517e103ea847e76c1a98c29f5ec26072f0b5cccb1972182a3c97b1a7107ab9e0
                                                                                                                                                              • Opcode Fuzzy Hash: afcad72b0a1060cd277c16928b72290f6bf6043a66c66292aea4a0c08ecd90bc
                                                                                                                                                              • Instruction Fuzzy Hash: E9A1703170890A8FD799EF28C855B6977E2FF99301F1044BBE05EC72A6DE24ED418B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28C108 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b4d0df02269b45a13fe26bf4cf7f0417eb6316e3e1192d5481139fb36c3712e0
                                                                                                                                                              • Instruction ID: f7542f40a2a9a32030e74a841687088d8ba0ce3e5e9377e22bfffc4214020528
                                                                                                                                                              • Opcode Fuzzy Hash: b4d0df02269b45a13fe26bf4cf7f0417eb6316e3e1192d5481139fb36c3712e0
                                                                                                                                                              • Instruction Fuzzy Hash: 35912732A18E4A4FD759DF2888456B5BBE1FF94311F04427FD49AC35A2EF78B5028B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2813B5 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1a70ddad656ae3ef437e42bc8bee4a8a7e67b5b4e9f932bed9da45988d284298
                                                                                                                                                              • Instruction ID: a3d9d0ea3e7acac462e3c89eb94eb1a082db19b7e46fbc17295729925724e030
                                                                                                                                                              • Opcode Fuzzy Hash: 1a70ddad656ae3ef437e42bc8bee4a8a7e67b5b4e9f932bed9da45988d284298
                                                                                                                                                              • Instruction Fuzzy Hash: BB81D022B0DA8B4FEB96DF284C543B97BE1FF5A310B1801BBD45DD71D2EE58A9018B41
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28D57A Relevance: .2, Instructions: 240COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e75d881da36ec61bc49de766af5972d2e1c70a509b7b2fafbf1a32d87702fcfc
                                                                                                                                                              • Instruction ID: 72844c21f7c9c9a95197f7971cbe3e972646a45df6ef755fd7a36f49f5c25e86
                                                                                                                                                              • Opcode Fuzzy Hash: e75d881da36ec61bc49de766af5972d2e1c70a509b7b2fafbf1a32d87702fcfc
                                                                                                                                                              • Instruction Fuzzy Hash: F2716071A08A8D8FEBA8EF28D8457E937D1FF59310F00813BE85EC7251DA74A5458B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28D842 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8b22ea1a4c1affcf30d15e64295601f244cb0acdc87ae361fb8545afc5ea1096
                                                                                                                                                              • Instruction ID: 2887fe5ae0b34cbb01fde052f4368ca35d8eaec04446adbe542dbdaa246edf6b
                                                                                                                                                              • Opcode Fuzzy Hash: 8b22ea1a4c1affcf30d15e64295601f244cb0acdc87ae361fb8545afc5ea1096
                                                                                                                                                              • Instruction Fuzzy Hash: 8171A23160CA8E8FEB98DF28D8457E93BE1EF55310F04416BE85DC7292DA74A945CB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28C655 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ee80a847c42a54cefe10624120e8e50395a6c2cf6274972592602e91bf4bd077
                                                                                                                                                              • Instruction ID: 58b2d63e578917fab0d095c516e9d1fa19d6a494d4a3cafef862964379204285
                                                                                                                                                              • Opcode Fuzzy Hash: ee80a847c42a54cefe10624120e8e50395a6c2cf6274972592602e91bf4bd077
                                                                                                                                                              • Instruction Fuzzy Hash: 8C61E032B0C94A4FEB99DE2898553B93BE1EF99310F0411BBD01DD71D2EF6869429781
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD289895 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 652ec217b47eabff92a7ec8793ccdae7cb7c976cfd961552ddbeeb412de77e03
                                                                                                                                                              • Instruction ID: 8a5a8d0059566ec3a05fa4c8687a2d947c4ba97e39996260099c25d7edbc2973
                                                                                                                                                              • Opcode Fuzzy Hash: 652ec217b47eabff92a7ec8793ccdae7cb7c976cfd961552ddbeeb412de77e03
                                                                                                                                                              • Instruction Fuzzy Hash: 3E51B23170DA4A8FD794EF6CD854A657BE0FF4931170501BAD48DC7262EB64EC81CB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28CC60 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
                                                                                                                                                              • Instruction ID: 29b75c7502af085e8d59743eb80c1a2c204140248a365186122d16b1e498412f
                                                                                                                                                              • Opcode Fuzzy Hash: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
                                                                                                                                                              • Instruction Fuzzy Hash: E141E73131581C8FDAE4EB1CE898EA977E1FF6C31271505E6E44ACB271DA66EC81CB40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28DC51 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cd72584d52f093035a46c5ae55af88adac13fa3c16245d316266e5471776d9b8
                                                                                                                                                              • Instruction ID: 444768dd3899c05430e134589510ea42acaa8e4bc9d5159e6688dc86402883e3
                                                                                                                                                              • Opcode Fuzzy Hash: cd72584d52f093035a46c5ae55af88adac13fa3c16245d316266e5471776d9b8
                                                                                                                                                              • Instruction Fuzzy Hash: D0413831A0CB458FE71ADF2898166A5BBE1EF4B350B1501EFD048CB2D3DE75A846C792
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28DABE Relevance: .2, Instructions: 150COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 32ffc207a218532c02d59031a53fff710f73dd79cfc7296db1a00d3072d898ae
                                                                                                                                                              • Instruction ID: 6c5848a2fa5bc6a34d1ff140a112f784a5f312ee71cfcdba8efde97ab24e2c44
                                                                                                                                                              • Opcode Fuzzy Hash: 32ffc207a218532c02d59031a53fff710f73dd79cfc7296db1a00d3072d898ae
                                                                                                                                                              • Instruction Fuzzy Hash: B241D531A0CA4D8FEB55DFA898497EDBBF0EF56310F1041ABD00DD7292DA74A845CB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28D449 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9f2ceebe49130415d874aa8f871066d586ad42d8a7584c191e31dac0cad0891d
                                                                                                                                                              • Instruction ID: 5d433692fcd1f02b22c99655f325b5ace9684a58482133a6e95b2540d98f5fd7
                                                                                                                                                              • Opcode Fuzzy Hash: 9f2ceebe49130415d874aa8f871066d586ad42d8a7584c191e31dac0cad0891d
                                                                                                                                                              • Instruction Fuzzy Hash: 83413433F0D9860FE754DF285C1A2A43B91EF9A355B5501BBD489C72A2FD68780B8782
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD289FC7 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f830577d1cd5b0ae94661c5195d0110b6a8869dab0cdb94136829b8c19ea3426
                                                                                                                                                              • Instruction ID: c59ed46de64d54fcfd427738f7e7fa7601a0de6b00587f17fd240b95bc95e913
                                                                                                                                                              • Opcode Fuzzy Hash: f830577d1cd5b0ae94661c5195d0110b6a8869dab0cdb94136829b8c19ea3426
                                                                                                                                                              • Instruction Fuzzy Hash: 1E41A422F1CA4A4BEB98EF385C653B966D2FF99341F44447AD05ED32C3EE68B9014B41
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2888A5 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 00933d90b9781eb8c533e8ec017d571ad589386da6ebadcc5341c9f1759ac7cc
                                                                                                                                                              • Instruction ID: b2e3e537f32d981c5632075af5a66fcee9ab3a0b2e050bb1ba157736a244e5bb
                                                                                                                                                              • Opcode Fuzzy Hash: 00933d90b9781eb8c533e8ec017d571ad589386da6ebadcc5341c9f1759ac7cc
                                                                                                                                                              • Instruction Fuzzy Hash: A631FB73B0C6494FD355DF58AC566F57BE5EB8A32070402BFE08AC3293E9146D038792
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28C6D9 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 912a86e40b17c10fd43e14834a38a2b1d9f27fb4938fe91371269a05312ab5f8
                                                                                                                                                              • Instruction ID: 3083668c7085848873b8299503c2377c6ee5d73abc89a31dd4c927a15c657384
                                                                                                                                                              • Opcode Fuzzy Hash: 912a86e40b17c10fd43e14834a38a2b1d9f27fb4938fe91371269a05312ab5f8
                                                                                                                                                              • Instruction Fuzzy Hash: 9541AD32E0C64E4FEB95DF2898113A97BE1EF59310F44117BE06DD32D2EFA869058B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD281713 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: aefcf70b82fcf6077a93a37a894d8d7c8dec771eb14403b0fbf7297707605525
                                                                                                                                                              • Instruction ID: a6e05b5fa3be3487452ea96d0d9a8eeccf7efdd3396be46d487be0d37a6f264f
                                                                                                                                                              • Opcode Fuzzy Hash: aefcf70b82fcf6077a93a37a894d8d7c8dec771eb14403b0fbf7297707605525
                                                                                                                                                              • Instruction Fuzzy Hash: 4B31912264EBC60FD793D77898246953FE19F9B620B0A40EBD088CF1A3D94D5C4AC762
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28D235 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 86467eaea610e3950032038181daf000668d93255810c1384bdd9d3b29da7be8
                                                                                                                                                              • Instruction ID: 0647fb908344e8b36e4f67a148749291653a8b204095666047a6470b7313682a
                                                                                                                                                              • Opcode Fuzzy Hash: 86467eaea610e3950032038181daf000668d93255810c1384bdd9d3b29da7be8
                                                                                                                                                              • Instruction Fuzzy Hash: 20319262A1D6CA4FE756DF288C613A57FA1FF56300F1900FBD468CB193E964AD08CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28BB61 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 41cee7c43b0bc41d67f0ebfce6e6af522ff40f5a556eef0da20e806de66b0573
                                                                                                                                                              • Instruction ID: 7570415407b9fae4b45b847cc1cd9061108e4d4e7e3f6a8aafe494a24b26379f
                                                                                                                                                              • Opcode Fuzzy Hash: 41cee7c43b0bc41d67f0ebfce6e6af522ff40f5a556eef0da20e806de66b0573
                                                                                                                                                              • Instruction Fuzzy Hash: 3F21A231618D0D9FCB98EE2CC984A6677E1FF58311345157EE48AC7A61DA65FC42CB40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28A1C2 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: aca64f0b5c42b73f5d7d9638d16c58acb78bbbc4c936f0a92c48ae4621bfb181
                                                                                                                                                              • Instruction ID: 22aa1b684a30469927b90186db4f8576e88949bc66d4b310d7ed36fce6e1e4c9
                                                                                                                                                              • Opcode Fuzzy Hash: aca64f0b5c42b73f5d7d9638d16c58acb78bbbc4c936f0a92c48ae4621bfb181
                                                                                                                                                              • Instruction Fuzzy Hash: 1E21F36190D6CB4FE742DB7888652E97FF2EF47240B0401EBD098DA0A3DD692A49C711
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28CC41 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fb235ff4c4218d533599f4c004928dc1de5d61f26986ecca828d911b941954d8
                                                                                                                                                              • Instruction ID: f0f19916943286834d23af62c43a7d9a57da4f0a7af3732b2419f37e30d01f2f
                                                                                                                                                              • Opcode Fuzzy Hash: fb235ff4c4218d533599f4c004928dc1de5d61f26986ecca828d911b941954d8
                                                                                                                                                              • Instruction Fuzzy Hash: 0611513120D8894FD795EB2CDC58A647BE1FF6A31230605E7E489CB172EA55EC81CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28CDA2 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5eafe59e48b2988f5410fe3935804e0700216f99849eff142100fa4a91300d22
                                                                                                                                                              • Instruction ID: 4db6b56bb14d1861e2a7f394b4e229735278c9db15b7b32649ff315768d79f50
                                                                                                                                                              • Opcode Fuzzy Hash: 5eafe59e48b2988f5410fe3935804e0700216f99849eff142100fa4a91300d22
                                                                                                                                                              • Instruction Fuzzy Hash: 5821633160CA8A4FDB95EB28C854F617BE1EF56314F0951EAD05DCB2A2DA55FC82CB40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2887D1 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 10c21b82b889957174bf75c7a738243bd0fd54f90dc65a65814f91cfb231a0f8
                                                                                                                                                              • Instruction ID: 769707528f521e74f7ab84531a8fbe79698684acda10cc0898565ea18fca5d40
                                                                                                                                                              • Opcode Fuzzy Hash: 10c21b82b889957174bf75c7a738243bd0fd54f90dc65a65814f91cfb231a0f8
                                                                                                                                                              • Instruction Fuzzy Hash: 2001C463F0D94F4FEB95EA2868553BDBBA2EF58310F48407BD01DD7182EE696E014B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28C43D Relevance: .1, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0c2e24c22a15259dffa9a95bc9160445bb982ad6fa47c2fa08143ad73aa65a69
                                                                                                                                                              • Instruction ID: f04a12adc57c55df3f6a6ba8a10ba47608673c6c82aa9d426718ba78c5b3d547
                                                                                                                                                              • Opcode Fuzzy Hash: 0c2e24c22a15259dffa9a95bc9160445bb982ad6fa47c2fa08143ad73aa65a69
                                                                                                                                                              • Instruction Fuzzy Hash: 2511B632A0EA4B4FD795DB28482167877A1AF5535075640FBC01DCB193EE2DEC419751
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2808D5 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e1b34803edac8a4ce1de10c452ccea17250f6850d2e2a382914e31809d1cb638
                                                                                                                                                              • Instruction ID: 8c35ae1f0b6aa9fa012d2b6911fc4a479b4b0a92a968b9e6f7cdf6b23ed39eb6
                                                                                                                                                              • Opcode Fuzzy Hash: e1b34803edac8a4ce1de10c452ccea17250f6850d2e2a382914e31809d1cb638
                                                                                                                                                              • Instruction Fuzzy Hash: 95118F72E0C94E4FE785DF68C8656A97BB1FF89340F45017AC049EB1A3EE2869458B40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28A475 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8413b518d5113eface01ecb34eb5c5970b819e8db4e04105926a620ee5418289
                                                                                                                                                              • Instruction ID: 3681c5d89992e3fcfa122cf715d42ac410408be1695da364ef097540d0cb8532
                                                                                                                                                              • Opcode Fuzzy Hash: 8413b518d5113eface01ecb34eb5c5970b819e8db4e04105926a620ee5418289
                                                                                                                                                              • Instruction Fuzzy Hash: 2001F971B08A4A4FEB49EF2C58A56757B91EF9A30471501F7D00CCB297EE69AD028741
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28083D Relevance: .1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: aa4e1e611ceac290a330b6673ab90a141e11204e00f51752fb50dfbacb434553
                                                                                                                                                              • Instruction ID: a85b2aa854534a8df84bc451f486447e7cbcdb8604a86fb6e8f77a63307f8439
                                                                                                                                                              • Opcode Fuzzy Hash: aa4e1e611ceac290a330b6673ab90a141e11204e00f51752fb50dfbacb434553
                                                                                                                                                              • Instruction Fuzzy Hash: 7811C632A0D38A9FD711EF2C9C654EA7FA1EF52215B0500B7D46CD7093ED28A6498B91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28D28F Relevance: .1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5cd759f7c132674f25047d86c290af85d8dc43fc9fa8758b4ef82812191bc241
                                                                                                                                                              • Instruction ID: 4488769eb9069329cdf37bb108b85df70cf4f43f3df5ffcd4ebbfe89ddf7e731
                                                                                                                                                              • Opcode Fuzzy Hash: 5cd759f7c132674f25047d86c290af85d8dc43fc9fa8758b4ef82812191bc241
                                                                                                                                                              • Instruction Fuzzy Hash: B911D69390D7C28FD765DA684C553607FA0FF15710B0810EFE098CB49BE594AE0D8782
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2882D5 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d357311057abd827eb3b66944d658d080d2b307efac18527a274a1d680af0f7e
                                                                                                                                                              • Instruction ID: cb48e7106cc5658f2a0a8c6489027180a08be09e3e08dbc64e408f53f0e6feaf
                                                                                                                                                              • Opcode Fuzzy Hash: d357311057abd827eb3b66944d658d080d2b307efac18527a274a1d680af0f7e
                                                                                                                                                              • Instruction Fuzzy Hash: 3F112671A0D7C64FEB42DB2C9848A64BFD1EF5735074980FBD058CB2A3DA65AA02CB01
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD280858 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 12962367658112e9fbabc2e8c4e9730ebfac332b121aac49ecf6538fb1165235
                                                                                                                                                              • Instruction ID: 30134c05d3c6d228a6909cf49c43e66b897e4c264ba18128ab3e451369742258
                                                                                                                                                              • Opcode Fuzzy Hash: 12962367658112e9fbabc2e8c4e9730ebfac332b121aac49ecf6538fb1165235
                                                                                                                                                              • Instruction Fuzzy Hash: 2601843190D78A9FDB16EF285C654E97FA0EF16205F0440FBD46CDB093EA68A6489B41
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28A40D Relevance: .0, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d78a0096abf742971a488547a8050bed57606ed35e54dda1b3e3d96202749d72
                                                                                                                                                              • Instruction ID: 8935fd129e1b0aad3645a0a12888e71aaa27dbd992ef67d0d465e9e2646f1dfe
                                                                                                                                                              • Opcode Fuzzy Hash: d78a0096abf742971a488547a8050bed57606ed35e54dda1b3e3d96202749d72
                                                                                                                                                              • Instruction Fuzzy Hash: F1F0C23210C7855FD741DB24C891D97BBE0FF85310F485AAEF085C7192EAA4F6458B82
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD2809FD Relevance: .0, Instructions: 38COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 510984ff0750dcc5153575868a067d441d326376307fa6cd299822a73975474a
                                                                                                                                                              • Instruction ID: 5463e0e7f0e6d4c1e3c1622f7525d81af7a81d23eb027ef2378592aafb0ad0f3
                                                                                                                                                              • Opcode Fuzzy Hash: 510984ff0750dcc5153575868a067d441d326376307fa6cd299822a73975474a
                                                                                                                                                              • Instruction Fuzzy Hash: 12F0E52290C6960FE351CF189C51672FFE0EF96220B1E12EBD488D61A2D2DC6E428701
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD280AF1 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d6808a456319fef29e34345546e246e5e80fa73f6359d9577f4972d03e90f725
                                                                                                                                                              • Instruction ID: b181728aaa9b9c09188d7f111bac472510436b8a15afd8d8b05231d2d637db05
                                                                                                                                                              • Opcode Fuzzy Hash: d6808a456319fef29e34345546e246e5e80fa73f6359d9577f4972d03e90f725
                                                                                                                                                              • Instruction Fuzzy Hash: 33F0892160DBD54FD326CB3849587A27FD2EB56300F0D44DEC0DDD7193D99965448751
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD280508 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2e19ba9489073b1951b5aacf5b3c8302f0384f2e9624cb726a71530938a1b660
                                                                                                                                                              • Instruction ID: 1815e1daf256feee8573ee7bd317f15d6cb5c35171f6afa2c1c6ddf8fd31bd20
                                                                                                                                                              • Opcode Fuzzy Hash: 2e19ba9489073b1951b5aacf5b3c8302f0384f2e9624cb726a71530938a1b660
                                                                                                                                                              • Instruction Fuzzy Hash: AFF0E532A1880A0FEB54DF1CF8012B8FBA0EF89361F1114F7D45CE6155EAA52E458A81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28DE19 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fd8c75c8f7f689291a0b15b2063deb71badb27b4b56557c4bb6b5009dc1280e8
                                                                                                                                                              • Instruction ID: 43cae426bb1ffa13af1f0b3b657fd69e4543c32078d8f3d2cc4cbf585eb81edb
                                                                                                                                                              • Opcode Fuzzy Hash: fd8c75c8f7f689291a0b15b2063deb71badb27b4b56557c4bb6b5009dc1280e8
                                                                                                                                                              • Instruction Fuzzy Hash: 07F09A21A4F3C21FE307A7349C65A993FA26F83310F0990EBE0D5CA0B3D5AD1949CB12
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28A0A0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8f4e448a3a55b9e51f6ac16f137384ef5101b1ea6863f448d30b6722cec9e5a9
                                                                                                                                                              • Instruction ID: 2d3293d51070c3a278417a802193d4facd087292645194e41857a70330dd6c87
                                                                                                                                                              • Opcode Fuzzy Hash: 8f4e448a3a55b9e51f6ac16f137384ef5101b1ea6863f448d30b6722cec9e5a9
                                                                                                                                                              • Instruction Fuzzy Hash: 9EF03020B18E0A4BD654BB7848157BDA1E2FF89340F40847DD05FD3282DE7CB9015B50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD282450 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dedb4272f6f2118c263a09db323897121f28631a603ff475ca742d573a0f9e21
                                                                                                                                                              • Instruction ID: 59fc6a53c8e299ce607a691002ae15560aa7a3902cb29c670eb02c443422d21c
                                                                                                                                                              • Opcode Fuzzy Hash: dedb4272f6f2118c263a09db323897121f28631a603ff475ca742d573a0f9e21
                                                                                                                                                              • Instruction Fuzzy Hash: 75E0467060994E8FEF49EF2CC584E003BE1EF5E38031A01C2E408CF2A6E625EC90CB11
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD288A98 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dc3382e18a4bc0b9385eb03a3d724a5917052b2311489a3161b41221285ab267
                                                                                                                                                              • Instruction ID: 52f97c56b6d48ee05855b98e069ce241653f42db78b91a73c46c394a3a8420b3
                                                                                                                                                              • Opcode Fuzzy Hash: dc3382e18a4bc0b9385eb03a3d724a5917052b2311489a3161b41221285ab267
                                                                                                                                                              • Instruction Fuzzy Hash: 48E0C21371DA5D4F8150E91C6881278B3C1EB8CA2072055BBD099C3295C8106C0A42C1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD289142 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8a6b1e7bd9e8b28cd7b50fae832bfda118fd796e50c5840a344ae2b8bb82fbb4
                                                                                                                                                              • Instruction ID: 0e2ee44880fe3246dc1a3322906d4891f8aa63b8db680abd4fc1a04c532cde0d
                                                                                                                                                              • Opcode Fuzzy Hash: 8a6b1e7bd9e8b28cd7b50fae832bfda118fd796e50c5840a344ae2b8bb82fbb4
                                                                                                                                                              • Instruction Fuzzy Hash: 3CD0A73370C3250EA709A1057C431FC7740D6822707001177D6AAC5043B502352385C5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28DECD Relevance: .0, Instructions: 19COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 18e7c3c161af52c17bb25989a79c110480b4689204561efbd3ccdd3f36032b8f
                                                                                                                                                              • Instruction ID: d5775d2d39bdfa85d07359acf9bfe7c8e938f0078b1c530c2ab93d33345cf7ac
                                                                                                                                                              • Opcode Fuzzy Hash: 18e7c3c161af52c17bb25989a79c110480b4689204561efbd3ccdd3f36032b8f
                                                                                                                                                              • Instruction Fuzzy Hash: BFD0A734464A4D8FCB40EF54E8014A677A1FB88214F50065AFC6CC7281D739A6B5C792
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD280F9E Relevance: .0, Instructions: 18COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b149140e2026a439e5f36462977a8fbd8b806d96dea0cc2f812fd99f6d563522
                                                                                                                                                              • Instruction ID: b92e5adac6ca67e612d111659987bdb61839e530f828985aca14ab01c313e9a3
                                                                                                                                                              • Opcode Fuzzy Hash: b149140e2026a439e5f36462977a8fbd8b806d96dea0cc2f812fd99f6d563522
                                                                                                                                                              • Instruction Fuzzy Hash: 2AD0A72175CC4F5F8E44E75CD440A95B3D1EB683107409A23C01DC3145DD28F9914BC0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 00007FF9CD28A501 Relevance: .4, Instructions: 447COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8afb7a418ac6cf2195333d8b5a5ae36aa1aab08132e007bda1c33316078a6643
                                                                                                                                                              • Instruction ID: 1fd44d6d158c36ec14cce38fd2d31660d561eb3d7ecd5eee27ab295b785579fd
                                                                                                                                                              • Opcode Fuzzy Hash: 8afb7a418ac6cf2195333d8b5a5ae36aa1aab08132e007bda1c33316078a6643
                                                                                                                                                              • Instruction Fuzzy Hash: 76D1F131B0C64A4FE748DF2C98913757BE2EF8A344F2441BED49DC7293ED69A9828741
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD28942E Relevance: 10.2, Strings: 8, Instructions: 177COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8PQ*$8PQ*$8PQ*$8PQ*$8PQ*$8PQ*$8PQ*$8PQ*
                                                                                                                                                              • API String ID: 0-1508425280
                                                                                                                                                              • Opcode ID: de3631548c266ddc30d8e01fb165dad3ebc5bc3aa2e6b2d6818380809b849c32
                                                                                                                                                              • Instruction ID: aa813327078450aa6aeca2c905f78725165cde2a2c2960d02ec946ce0e6e2e2d
                                                                                                                                                              • Opcode Fuzzy Hash: de3631548c266ddc30d8e01fb165dad3ebc5bc3aa2e6b2d6818380809b849c32
                                                                                                                                                              • Instruction Fuzzy Hash: 84419C16F18D1B0FE684F7AC48593BD92D2EF98751B4004B6D01DD3297EE6C7E424780
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CD280D0B Relevance: 5.1, Strings: 4, Instructions: 140COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1493955740.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff9cd280000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8k/+$^$`j/+$xM/+
                                                                                                                                                              • API String ID: 0-1602920653
                                                                                                                                                              • Opcode ID: b12199dcf2f9f2ce54e05423ff3eaccc370a2fc4aff53374c971f520a81312d5
                                                                                                                                                              • Instruction ID: 284ee1a57cab055ebe3c4ee9d26e93093d3f671c14e2d50734e9e4a5f6638177
                                                                                                                                                              • Opcode Fuzzy Hash: b12199dcf2f9f2ce54e05423ff3eaccc370a2fc4aff53374c971f520a81312d5
                                                                                                                                                              • Instruction Fuzzy Hash: 1041D883A0EBC38FF75A9A681D55374EF91EF5134071850BBE068870DBA896BE1987C1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00007FF9CB3F17F1 Relevance: 1.7, Strings: 1, Instructions: 420COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 0j[(
                                                                                                                                                              • API String ID: 0-4174726446
                                                                                                                                                              • Opcode ID: 32598694de8e9fdeb7b9ca220c6ce9a1232c4c74c6436a49b622466e0d733a30
                                                                                                                                                              • Instruction ID: f193ce8397e92c0e7328e69d72d108d2c787f46449eda19bce8c0c069b5dc91c
                                                                                                                                                              • Opcode Fuzzy Hash: 32598694de8e9fdeb7b9ca220c6ce9a1232c4c74c6436a49b622466e0d733a30
                                                                                                                                                              • Instruction Fuzzy Hash: B4D1D430A0995A8FDB94EF28D855BA977E2FF99301F0041FAD14DC72A2DE75EC018B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F140C Relevance: .2, Instructions: 158COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5bc30d3f331a1819ba11611ce5c9165204663a4d3344dadec02bbf43b0556047
                                                                                                                                                              • Instruction ID: f4465964ffa87f2b05d55605dff2f0aec0adc771c730149adc1dd03940005342
                                                                                                                                                              • Opcode Fuzzy Hash: 5bc30d3f331a1819ba11611ce5c9165204663a4d3344dadec02bbf43b0556047
                                                                                                                                                              • Instruction Fuzzy Hash: 3D417F31E59D5F4FEBD8EF1898557B9B7E1FF98301B1400BAD50ED32A5DE64A8018B40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F1713 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d4d16cfbd591729a980242be1dbe89f1d5c2e507d6accff8d70a34b3e342743d
                                                                                                                                                              • Instruction ID: ba45ec817f9b752656e499aefab0b4a65602347f7a3d315da175accd8579bfeb
                                                                                                                                                              • Opcode Fuzzy Hash: d4d16cfbd591729a980242be1dbe89f1d5c2e507d6accff8d70a34b3e342743d
                                                                                                                                                              • Instruction Fuzzy Hash: A1319F2154EBD60FD7939B7898646913FE1AF8B26070940FBD188CB1A3C94D9C4AC762
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F08D5 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dcda96272760c610bb053187894bbba7a18a615945b075270b48aa942b5be48e
                                                                                                                                                              • Instruction ID: 240e6b12ddba8ceeabf3f89b4902c7e19b81cfc2821c6e3239aedaa7390000d3
                                                                                                                                                              • Opcode Fuzzy Hash: dcda96272760c610bb053187894bbba7a18a615945b075270b48aa942b5be48e
                                                                                                                                                              • Instruction Fuzzy Hash: D8118272D1994B5FE780DF5CDC666BA77B5FF54300F4041BAC109E71A6EE7868018B40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F0874 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2965ccfc618a92fd23ec5e8951a8dcb72b03bdc1345ca9f3b355d53108fcea31
                                                                                                                                                              • Instruction ID: dfb0214a5a9e6520c8b22d0780bbcc149f00baf0c20d2a574ad359118b28c232
                                                                                                                                                              • Opcode Fuzzy Hash: 2965ccfc618a92fd23ec5e8951a8dcb72b03bdc1345ca9f3b355d53108fcea31
                                                                                                                                                              • Instruction Fuzzy Hash: A0F09070D0978E8FEB50EF2848595AD7FE0FF15205F4004FAE419CA192DA79A1548B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F0508 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d11a1e4bcf2437f011622d5d1e46e64aa8a6707f6e2b6cab0aeb1e8a367acb55
                                                                                                                                                              • Instruction ID: ff4f6fcb1da6377ac6e3cbae7d2c80f79e3316a5f488735528269d1cc70a8779
                                                                                                                                                              • Opcode Fuzzy Hash: d11a1e4bcf2437f011622d5d1e46e64aa8a6707f6e2b6cab0aeb1e8a367acb55
                                                                                                                                                              • Instruction Fuzzy Hash: 02F0E531E2982A8EEB10DF0CF8021E9B7B5EF85315F1440FBE84CE2165E5A92C558BC0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F2450 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bfbe3833fad6c75c32cb2aa88c2f40413d31faeafb09d6ad3270e3173764f0a0
                                                                                                                                                              • Instruction ID: 9597971010e5e4bdf5a37ad0a5334efe96cb451503d36d24f5c67ad29756f040
                                                                                                                                                              • Opcode Fuzzy Hash: bfbe3833fad6c75c32cb2aa88c2f40413d31faeafb09d6ad3270e3173764f0a0
                                                                                                                                                              • Instruction Fuzzy Hash: 45E0EC70A54C09DFCA84FF2CD486F1233F4EB6D308B1481A5E00CDB366E674E8858B80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F0B0C Relevance: .0, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8dbaf6dacb77d8a7693daa98faef074ed68174394e9ac865d1fa51051e47c681
                                                                                                                                                              • Instruction ID: 32f9916b8aaa792b11587c4fbc547178492d76e01edecb70b23cef351ba45cac
                                                                                                                                                              • Opcode Fuzzy Hash: 8dbaf6dacb77d8a7693daa98faef074ed68174394e9ac865d1fa51051e47c681
                                                                                                                                                              • Instruction Fuzzy Hash: B4E08620B0CF994EE378DB3D45583E57ED2E7A8705F08099DC49FC2291DEE968448382
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F0A1C Relevance: .0, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 02e89a05de5326a59d878c59e1e3ca394291f6b5e5314cf3a6159fcbeab9e974
                                                                                                                                                              • Instruction ID: 25bc68c9b4842358c73ae5080fc84c8fd0124781bf35287154cefacd11c8df28
                                                                                                                                                              • Opcode Fuzzy Hash: 02e89a05de5326a59d878c59e1e3ca394291f6b5e5314cf3a6159fcbeab9e974
                                                                                                                                                              • Instruction Fuzzy Hash: FCD0C272E0D8AA0EFAA4CD1CA851221BBC0EB94161B1414BFC9C8E5270E4DE6C424B41
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F817D Relevance: .0, Instructions: 19COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 280fbf45daad58e6ba11837d5860ca6baf5c87455d0187630ab9a1aa0f664c81
                                                                                                                                                              • Instruction ID: 25ecb5a40bcb886e11711c2b7db62dbd8bfd71205a75da6816140aaf2308a79d
                                                                                                                                                              • Opcode Fuzzy Hash: 280fbf45daad58e6ba11837d5860ca6baf5c87455d0187630ab9a1aa0f664c81
                                                                                                                                                              • Instruction Fuzzy Hash: ADD0A734864A4D8FDB40EF55E8014A673A1FB88214F400656FC5CC7381D739A6B5C791
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F0F9E Relevance: .0, Instructions: 18COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 865d7ae6399988fe27911be723c2aed1d998b46b7f87d4725a72893160421006
                                                                                                                                                              • Instruction ID: cf32c0f2fbf4e08fb8a52751b3eee03829e25908ff36a959de5311486f194ab2
                                                                                                                                                              • Opcode Fuzzy Hash: 865d7ae6399988fe27911be723c2aed1d998b46b7f87d4725a72893160421006
                                                                                                                                                              • Instruction Fuzzy Hash: A4D09E21758C5A9E9B44EB5DD4419D5B391E7683107508AA6D00EC2145DD28F8914BC0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF9CB3F7CFC Relevance: .0, Instructions: 11COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 968d78da874151a4c428f76e3faabc042212dc81e892d0a31fb24a01dacb4de9
                                                                                                                                                              • Instruction ID: 33cabda375213e24a5f4bab150a320397604afe6b14245f4c09aa207100c566a
                                                                                                                                                              • Opcode Fuzzy Hash: 968d78da874151a4c428f76e3faabc042212dc81e892d0a31fb24a01dacb4de9
                                                                                                                                                              • Instruction Fuzzy Hash: 8DC02B21C0F1D30DDE016A3A1C0A0903FC08F1B514B8844FCC04C461C7D48D10010301
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 00007FF9CB3F0D15 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000019.00000002.2143110146.00007FF9CB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CB3F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_25_2_7ff9cb3f0000_PDFixers.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8k9)$^$`j9)$xM9)
                                                                                                                                                              • API String ID: 0-452378200
                                                                                                                                                              • Opcode ID: da505712d5648a8acddf086de57b57a588c05e2bef397b6948bffd4d82aa8031
                                                                                                                                                              • Instruction ID: 6b151a5e8c7305dafc8d25240127880a2423cdac5c0e15a7cd0f057817992f29
                                                                                                                                                              • Opcode Fuzzy Hash: da505712d5648a8acddf086de57b57a588c05e2bef397b6948bffd4d82aa8031
                                                                                                                                                              • Instruction Fuzzy Hash: 9B51C6AA90FBD24FF26A8E6C1C152747F99EF6131470840FBE188C60EB989D7D0A47C5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%